[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 5 21:22:28 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c105e0cb by Salvatore Bonaccorso at 2025-05-05T22:21:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server 2025
 CVE-2025-4287 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as ...)
 	TODO: check
 CVE-2025-4286 (A vulnerability was found in Intelbras InControl up to 2.21.59. It has ...)
-	TODO: check
+	NOT-FOR-US: Intelbras InControl
 CVE-2025-4283 (A vulnerability was found in SourceCodester/oretnom23 Stock Management ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-4282 (A vulnerability has been found in SourceCodester/oretnom23 Stock Manag ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-4281 (A vulnerability, which was classified as problematic, was found in She ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Sixun Software Sixun Shanghui Group Business Management System
 CVE-2025-4279 (The External image replace plugin for WordPress is vulnerable to arbit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4272 (A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has ...)
@@ -19,29 +19,29 @@ CVE-2025-4272 (A vulnerability was found in Mechrevo Control Console 1.0.2.70. I
 CVE-2025-47240
 	REJECTED
 CVE-2025-46813 (Discourse is an open-source community platform. A data leak vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2025-46734 (league/commonmark is a PHP Markdown parser. A cross-site scripting (XS ...)
 	TODO: check
 CVE-2025-46731 (Craft is a content management system. Versions of Craft CMS on the 4.x ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2025-46730 (MobSF is a mobile application security testing tool used. Typically, M ...)
-	TODO: check
+	NOT-FOR-US: MobSF
 CVE-2025-46726 (Langroid is a framework for building large-language-model-powered appl ...)
 	TODO: check
 CVE-2025-46720 (Keystone is a content management system for Node.js. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Keystone CMS
 CVE-2025-46719 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2025-46571 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2025-46559 (Misskey is an open source, federated social media platform. Starting i ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2025-46553 (@misskey-dev/summaly is a tool for getting a summary of a web page. St ...)
-	TODO: check
+	NOT-FOR-US: misskey-dev/summaly
 CVE-2025-46340 (Misskey is an open source, federated social media platform. Starting i ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2025-46335 (Mobile Security Framework (MobSF) is a security research platform for  ...)
-	TODO: check
+	NOT-FOR-US: Mobile Security Framework (MobSF)
 CVE-2025-45751 (SourceCodester Web Based Pharmacy Product Management System 1.0 is vul ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-45618 (Incorrect access control in the component /admin/sys/datasource/ajaxLi ...)
@@ -69,19 +69,19 @@ CVE-2025-45608 (Incorrect access control in the /system/user/findUserList API of
 CVE-2025-45607 (An issue in the component /manage/ of itranswarp v2.19 allows attacker ...)
 	TODO: check
 CVE-2025-45322 (kashipara Online Service Management Portal V1.0 is vulnerable to SQL I ...)
-	TODO: check
+	NOT-FOR-US: kashipara Online Service Management Portal
 CVE-2025-45321 (kashipara Online Service Management Portal V1.0 is vulnerable to SQL I ...)
-	TODO: check
+	NOT-FOR-US: kashipara Online Service Management Portal
 CVE-2025-45320 (A Directory Listing Vulnerability was found in the /osms/Requester/ di ...)
-	TODO: check
+	NOT-FOR-US: kashipara Online Service Management Portal
 CVE-2025-45242 (Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vu ...)
 	TODO: check
 CVE-2025-45240 (foxcms v1.2.5 was discovered to contain a SQL injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: foxcms
 CVE-2025-45239 (An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allo ...)
-	TODO: check
+	NOT-FOR-US: foxcms
 CVE-2025-45238 (foxcms v1.2.5 was discovered to contain an arbitrary file deletion vul ...)
-	TODO: check
+	NOT-FOR-US: foxcms
 CVE-2025-45237 (Incorrect access control in the component /config/download of DBSyncer ...)
 	TODO: check
 CVE-2025-45236 (A stored cross-site scripting (XSS) vulnerability in the Edit Profile  ...)
@@ -89,7 +89,7 @@ CVE-2025-45236 (A stored cross-site scripting (XSS) vulnerability in the Edit Pr
 CVE-2025-45042 (Tenda AC9 v15.03.05.14 was discovered to contain a command injection v ...)
 	NOT-FOR-US: Tenda
 CVE-2025-43915 (In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd ...)
-	TODO: check
+	NOT-FOR-US: Buoyant Edge
 CVE-2025-43852 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
 	TODO: check
 CVE-2025-43851 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
@@ -115,7 +115,7 @@ CVE-2025-43842 (Retrieval-based-Voice-Conversion-WebUI is a voice changing frame
 CVE-2025-2905 (An XML External Entity (XXE) vulnerability exists in the gateway compo ...)
 	TODO: check
 CVE-2025-29573 (Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Mezzanine CMS
 CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestricted  ...)
 	TODO: check
 CVE-2025-28062 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ER ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c105e0cb70fcb39ac2eee2dd1ee1e16fe3a3edd4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c105e0cb70fcb39ac2eee2dd1ee1e16fe3a3edd4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250505/6dac6b45/attachment.htm>

More information about the debian-security-tracker-commits mailing list