[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 5 21:30:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82fed4c0 by Salvatore Bonaccorso at 2025-05-05T22:29:43+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2025-4281 (A vulnerability, which was classified as problematic, was found i
 CVE-2025-4279 (The External image replace plugin for WordPress is vulnerable to arbit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4272 (A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has ...)
-	TODO: check
+	NOT-FOR-US: Mechrevo Control Console
 CVE-2025-47240
 	REJECTED
 CVE-2025-46813 (Discourse is an open-source community platform. A data leak vulnerabil ...)
@@ -27,7 +27,7 @@ CVE-2025-46731 (Craft is a content management system. Versions of Craft CMS on t
 CVE-2025-46730 (MobSF is a mobile application security testing tool used. Typically, M ...)
 	NOT-FOR-US: MobSF
 CVE-2025-46726 (Langroid is a framework for building large-language-model-powered appl ...)
-	TODO: check
+	NOT-FOR-US: Langroid
 CVE-2025-46720 (Keystone is a content management system for Node.js. Prior to version  ...)
 	NOT-FOR-US: Keystone CMS
 CVE-2025-46719 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
@@ -51,23 +51,23 @@ CVE-2025-45617 (Incorrect access control in the component /user/list of producti
 CVE-2025-45616 (Incorrect access control in the /admin/** API of brcc v1.2.0 allows at ...)
 	TODO: check
 CVE-2025-45615 (Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSH ...)
-	TODO: check
+	NOT-FOR-US: yaoqishan
 CVE-2025-45614 (Incorrect access control in the component /api/user/manager of One v1. ...)
-	TODO: check
+	NOT-FOR-US: One
 CVE-2025-45613 (Incorrect access control in the component /user/list of Shiro-Action v ...)
-	TODO: check
+	NOT-FOR-US: Shiro-Action
 CVE-2025-45612 (Incorrect access control in xmall v1.1 allows attackers to bypass auth ...)
-	TODO: check
+	NOT-FOR-US: xmall
 CVE-2025-45611 (Incorrect access control in the /user/edit/ component of hope-boot v1. ...)
-	TODO: check
+	NOT-FOR-US: hope-boot
 CVE-2025-45610 (Incorrect access control in the component /scheduleLog/info/1 of PassJ ...)
-	TODO: check
+	NOT-FOR-US: PassJava-Platform
 CVE-2025-45609 (Incorrect access control in the doFilter function of kob latest v1.0.0 ...)
 	TODO: check
 CVE-2025-45608 (Incorrect access control in the /system/user/findUserList API of Xingu ...)
-	TODO: check
+	NOT-FOR-US: Xinguan
 CVE-2025-45607 (An issue in the component /manage/ of itranswarp v2.19 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: itranswarp
 CVE-2025-45322 (kashipara Online Service Management Portal V1.0 is vulnerable to SQL I ...)
 	NOT-FOR-US: kashipara Online Service Management Portal
 CVE-2025-45321 (kashipara Online Service Management Portal V1.0 is vulnerable to SQL I ...)
@@ -91,35 +91,35 @@ CVE-2025-45042 (Tenda AC9 v15.03.05.14 was discovered to contain a command injec
 CVE-2025-43915 (In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd ...)
 	NOT-FOR-US: Buoyant Edge
 CVE-2025-43852 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43851 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43850 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43849 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43848 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43847 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43846 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43845 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43844 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43843 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43842 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
-	TODO: check
+	NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-2905 (An XML External Entity (XXE) vulnerability exists in the gateway compo ...)
 	TODO: check
 CVE-2025-29573 (Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 ...)
 	NOT-FOR-US: Mezzanine CMS
 CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestricted  ...)
-	TODO: check
+	NOT-FOR-US: Outsystems Multiple File Upload
 CVE-2025-28062 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ER ...)
-	TODO: check
+	NOT-FOR-US: ERPNEXT
 CVE-2025-27921 (A reflected cross-site scripting (XSS) vulnerability was discovered in ...)
 	TODO: check
 CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory traversal ...)
@@ -157,7 +157,7 @@ CVE-2024-57230 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to co
 CVE-2024-57229 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain  ...)
 	NOT-FOR-US: Netgear
 CVE-2024-51991 (October is a Content Management System (CMS) and web platform. A vulne ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2024-42213 (HCL BigFix Compliance is affected by inclusion of temporary files left ...)
 	NOT-FOR-US: HCL
 CVE-2024-42212 (HCL BigFix Compliance is affected by an improper or missing SameSite a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82fed4c0194486954078f4ce5dda28b17816e577

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82fed4c0194486954078f4ce5dda28b17816e577
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250505/4165ae22/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list