[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1317a8f6 by Moritz Muehlenhoff at 2025-05-08T11:26:58+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-4127 (The WP SEO Structured Data Schema plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4043 (An admin user can gain unauthorized write access to the /etc/rc.local  ...)
-	TODO: check
+	NOT-FOR-US: Milesight UG65-868M-EA
 CVE-2025-46826 (insa-auth is an authentication server for INSA Rouen. A minor issue al ...)
-	TODO: check
+	NOT-FOR-US: insa-auth
 CVE-2025-46821 (Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1 ...)
-	TODO: check
+	- envoyproxy <itp> (bug #987544)
 CVE-2025-46727 (Rack is a modular Ruby web server interface. Prior to versions 2.2.14, ...)
 	TODO: check
 CVE-2025-46265 (On F5OS, an improper authorization vulnerability exists where remotely ...)
@@ -21,7 +21,7 @@ CVE-2025-41414 (When HTTP/2 client and server profile is configured on a virtual
 CVE-2025-41399 (When a Stream Control Transmission Protocol (SCTP) profile is configur ...)
 	TODO: check
 CVE-2025-3925 (BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 o ...)
-	TODO: check
+	NOT-FOR-US: BrightSign
 CVE-2025-3419 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-36557 (When an HTTP profile with the Enforce RFC Compliance option is configu ...)
@@ -35,7 +35,7 @@ CVE-2025-36504 (When a BIG-IP HTTP/2 httprouter profile is configured on a virtu
 CVE-2025-35995 (When a BIG-IP PEM system is licensed with URL categorization, and the  ...)
 	TODO: check
 CVE-2025-35939 (Craft CMS stores arbitrary content provided by unauthenticated users i ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2025-32441 (Rack is a modular Ruby web server interface. Prior to version 2.2.14,  ...)
 	TODO: check
 CVE-2025-31644 (When running in Appliance mode, a command injection vulnerability exis ...)
@@ -43,13 +43,13 @@ CVE-2025-31644 (When running in Appliance mode, a command injection vulnerabilit
 CVE-2025-0936 (On affected platforms running Arista EOS with a gNMI transport enabled ...)
 	NOT-FOR-US: Arista Networks
 CVE-2024-55651 (i-Educar is free, fully online school management software. Version 2.9 ...)
-	TODO: check
+	NOT-FOR-US: i-Educar
 CVE-2024-13793 (The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for Wor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11953
 	REJECTED
 CVE-2023-7303 (A vulnerability, which was classified as problematic, was found in q2a ...)
-	TODO: check
+	NOT-FOR-US: q2apro
 CVE-2025-37834 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.12.27-1
 	NOTE: https://git.kernel.org/linus/1b0449544c6482179ac84530b61fc192a6527bfd (6.15-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1317a8f618825f62653b2ea72631eacebcc64613

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1317a8f618825f62653b2ea72631eacebcc64613
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/e06fd75a/attachment.htm>