[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 2 09:35:19 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39e7fad3 by Salvatore Bonaccorso at 2025-05-02T10:34:52+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,19 +27,19 @@ CVE-2025-4180 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been
 CVE-2025-4179 (The Flynax Bridge plugin for WordPress is vulnerable to limited Privil ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4178 (A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4b ...)
-	TODO: check
+	NOT-FOR-US: xiaowei1118 java_server
 CVE-2025-4177 (The Flynax Bridge plugin for WordPress is vulnerable to unauthorized l ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4176 (A vulnerability has been found in PHPGurukul Blood Bank & Donor Manage ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-4175 (A vulnerability, which was classified as critical, was found in AlanBi ...)
-	TODO: check
+	NOT-FOR-US: AlanBinu007 Spring-Boot-Advanced-Projects
 CVE-2025-4131 (The GmapsMania plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-47201 (In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are  ...)
-	TODO: check
+	NOT-FOR-US: Intrexx Portal Server
 CVE-2025-43595 (An insecure file system permissions vulnerability in MSP360 Backup 4.3 ...)
-	TODO: check
+	NOT-FOR-US: MSP360
 CVE-2025-3858 (The Formality plugin for WordPress is vulnerable to Stored Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3748 (The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored C ...)
@@ -47,11 +47,11 @@ CVE-2025-3748 (The Taxonomy Chain Menu plugin for WordPress is vulnerable to Sto
 CVE-2025-3746 (The OTP-less one tap Sign in plugin for WordPress is vulnerable to pri ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3709 (Agentflow from Flowring Technology has an Account Lockout Bypass vulne ...)
-	TODO: check
+	NOT-FOR-US: Agentflow from Flowring Technology
 CVE-2025-3708 (Le-show medical practice management system from Le-yan has a SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Le-show medical practice management system
 CVE-2025-3707 (The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing  ...)
-	TODO: check
+	NOT-FOR-US: eHDR CTMS from Sunnet
 CVE-2025-3670 (The KiwiChat NextClient plugin for WordPress is vulnerable to Stored C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3514 (The SureForms  WordPress plugin before 1.4.4 does not sanitise and esc ...)
@@ -87,11 +87,11 @@ CVE-2024-55909 (IBM Concert Software 1.0.0 through 1.0.5 could allow an authenti
 CVE-2024-52903 (IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2024-48907 (Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.)
-	TODO: check
+	NOT-FOR-US: Sematell ReplyOne
 CVE-2024-48906 (Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment ...)
-	TODO: check
+	NOT-FOR-US: Sematell ReplyOne
 CVE-2024-48905 (Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessi ...)
-	TODO: check
+	NOT-FOR-US: Sematell ReplyOne
 CVE-2024-13860 (The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13859 (The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cr ...)
@@ -111,7 +111,7 @@ CVE-2024-13322 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager
 CVE-2024-12023 (The FULL \u2013 Cliente plugin for WordPress is vulnerable to SQL Inje ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11142 (Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Pro ...)
-	TODO: check
+	NOT-FOR-US: Gosoft Software Proticaret E-Commerce
 CVE-2025-4174 (A vulnerability, which was classified as critical, has been found in P ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-4173 (A vulnerability classified as critical was found in SourceCodester Onl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e7fad3c97e9139d446e6b5839fb4b5b4239894

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e7fad3c97e9139d446e6b5839fb4b5b4239894
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250502/6eb1ecda/attachment.htm>

More information about the debian-security-tracker-commits mailing list