[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu May 8 22:11:49 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2dcdf470 by Salvatore Bonaccorso at 2025-05-08T23:11:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,13 +75,13 @@ CVE-2025-44021 (OpenStack Ironic before 29.0.1 can write unintended files to a t
 CVE-2025-41450 (Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This  ...)
 	NOT-FOR-US: Danfoss
 CVE-2025-40846 (Improper Input Validation, the returnUrl parameter in Account Security ...)
-	TODO: check
+	NOT-FOR-US: HaloITSM
 CVE-2025-3862 (Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3759 (Endpoint/cgi-bin-igd/netcore_set.cgiwhich is used for changing device  ...)
-	TODO: check
+	NOT-FOR-US: WF2220
 CVE-2025-3758 (WF2220 exposes endpoint/cgi-bin-igd/netcore_get.cgithat returns config ...)
-	TODO: check
+	NOT-FOR-US: WF2220
 CVE-2025-3506 (Files to be deployed with agents are accessible without authentication ...)
 	TODO: check
 CVE-2025-3468 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
@@ -99,11 +99,11 @@ CVE-2025-27695 (Dell Wyse Management Suite, versions prior to WMS 5.1 contain an
 CVE-2025-1948 (In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client ...)
 	TODO: check
 CVE-2025-1254 (Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext P ...)
-	TODO: check
+	NOT-FOR-US: RTI Connext Professional (Core Libraries)
 CVE-2025-1253 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
-	TODO: check
+	NOT-FOR-US: RTI Connext Professional (Core Libraries)
 CVE-2025-1252 (Heap-based Buffer Overflow vulnerability in RTI Connext Professional ( ...)
-	TODO: check
+	NOT-FOR-US: RTI Connext Professional (Core Libraries)
 CVE-2025-0505 (On Arista CloudVision systems (virtual or physical on-premise deployme ...)
 	NOT-FOR-US: Arista Networks
 CVE-2024-9448 (On affected platforms running Arista EOS with Traffic Policies configu ...)
@@ -111,7 +111,7 @@ CVE-2024-9448 (On affected platforms running Arista EOS with Traffic Policies co
 CVE-2024-8100 (On affected versions of the Arista CloudVision Portal (CVP on-prem), t ...)
 	NOT-FOR-US: Arista Networks
 CVE-2024-6648 (Absolute Path Traversal vulnerability in AP Page Builder versions prio ...)
-	TODO: check
+	NOT-FOR-US: AP Page Builder
 CVE-2024-13009 (In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly  ...)
 	TODO: check
 CVE-2024-12378 (On affected platforms running Arista EOS with secure Vxlan configured, ...)
@@ -119,9 +119,9 @@ CVE-2024-12378 (On affected platforms running Arista EOS with secure Vxlan confi
 CVE-2024-11186 (On affected versions of the CloudVision Portal, improper access contro ...)
 	NOT-FOR-US: Arista Networks
 CVE-2023-51328 (PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple S ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Cleaning Business Software
 CVE-2023-51295 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML  ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Event Booking Calendar
 CVE-2025-4127 (The WP SEO Structured Data Schema plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4043 (An admin user can gain unauthorized write access to the /etc/rc.local  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dcdf47041f60be6593020cf734786f95275f44a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dcdf47041f60be6593020cf734786f95275f44a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/b47a43e3/attachment-0001.htm>
