[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 31 09:13:43 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbd61fe9 by Salvatore Bonaccorso at 2025-03-31T10:13:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,25 +7,25 @@ CVE-2025-3013 (Insecure Direct Object References (IDOR) in access control in Cus
 CVE-2025-3011 (SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing un ...)
 	TODO: check
 CVE-2025-31417 (Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Ex ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31414 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31412 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31387 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31103 (Untrusted data deserialization vulnerability exists in a-blog cms. Pro ...)
 	TODO: check
 CVE-2025-31043 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31016 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30855 (Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30835 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-2983 (A vulnerability has been found in Legrand SMS PowerView 1.x and classi ...)
 	TODO: check
 CVE-2025-2982 (A vulnerability, which was classified as critical, was found in Legran ...)
@@ -47,7 +47,7 @@ CVE-2025-2975 (A vulnerability was found in GFI KerioConnect 10.0.6 and classifi
 CVE-2025-2974 (A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 an ...)
 	TODO: check
 CVE-2025-2973 (A vulnerability, which was classified as critical, was found in code-p ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-2972 (A vulnerability, which was classified as problematic, has been found i ...)
 	TODO: check
 CVE-2025-2971 (A vulnerability classified as problematic was found in ConcreteCMS up  ...)
@@ -71,9 +71,9 @@ CVE-2025-2963 (A vulnerability, which was classified as problematic, has been fo
 CVE-2025-2961 (A vulnerability classified as problematic was found in opensolon up to ...)
 	TODO: check
 CVE-2025-2960 (A vulnerability classified as problematic has been found in TRENDnet T ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2025-2959 (A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been  ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2025-2402 (A hard-coded, non-random password for the object store (minio) of KNIM ...)
 	TODO: check
 CVE-2025-26689 (Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER m ...)
@@ -87,9 +87,9 @@ CVE-2025-24517 (Use of client-side authentication issue exists in CHOCO TEI WATC
 CVE-2025-1268 (Out-of-bounds vulnerability in EMF Recode processing of Generic Plus P ...)
 	TODO: check
 CVE-2025-0613 (The Photo Gallery by 10Web  WordPress plugin before 1.8.34 does not sa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13804 (Vulnerability in Hewlett Packard Enterprise HPE Insight Cluster Manage ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2025-2958 (A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been ...)
 	NOT-FOR-US: TRENDnet
 CVE-2025-2957 (A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been cl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbd61fe967ae4cbc74cf2153e844b6f2115d172f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbd61fe967ae4cbc74cf2153e844b6f2115d172f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250331/f8cfb559/attachment.htm>

More information about the debian-security-tracker-commits mailing list