[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 9 21:47:13 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c0e5990 by Salvatore Bonaccorso at 2025-05-09T22:46:10+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,11 +37,11 @@ CVE-2025-4464 (A vulnerability has been found in itsourcecode Gym Management Sys
 CVE-2025-4463 (A vulnerability, which was classified as critical, was found in itsour ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-4462 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-4461 (A vulnerability classified as problematic was found in TOTOLINK N150RT ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-4460 (A vulnerability classified as problematic has been found in TOTOLINK N ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-4459 (A vulnerability was found in code-projects Patient Record Management S ...)
 	NOT-FOR-US: code-projects
 CVE-2025-4458 (A vulnerability was found in code-projects Patient Record Management S ...)
@@ -51,7 +51,7 @@ CVE-2025-4457 (A vulnerability classified as critical was found in Project World
 CVE-2025-4456 (A vulnerability classified as critical has been found in Project World ...)
 	TODO: check
 CVE-2025-4455 (A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. I ...)
-	TODO: check
+	NOT-FOR-US: Patch My PC Home Updater
 CVE-2025-4454 (A vulnerability was found in D-Link DIR-619L 2.04B04. It has been decl ...)
 	NOT-FOR-US: D-Link
 CVE-2025-4453 (A vulnerability was found in D-Link DIR-619L 2.04B04. It has been clas ...)
@@ -67,7 +67,7 @@ CVE-2025-4449 (A vulnerability, which was classified as critical, has been found
 CVE-2025-4448 (A vulnerability classified as critical was found in D-Link DIR-619L 2. ...)
 	NOT-FOR-US: D-Link
 CVE-2025-4446 (A vulnerability has been found in H3C GR-5400AX up to 100R008 and clas ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-4445 (A vulnerability classified as critical has been found in D-Link DIR-60 ...)
 	NOT-FOR-US: D-Link
 CVE-2025-4443 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rate ...)
@@ -77,7 +77,7 @@ CVE-2025-4442 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been
 CVE-2025-4441 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been clas ...)
 	NOT-FOR-US: D-Link
 CVE-2025-4440 (A vulnerability was found in H3C GR-1800AX up to 100R008 and classifie ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-4434 (The Remote Images Grabber plugin for WordPress is vulnerable to Reflec ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4403 (The Drag and Drop Multiple File Upload for WooCommerce plugin for Word ...)
@@ -85,11 +85,11 @@ CVE-2025-4403 (The Drag and Drop Multiple File Upload for WooCommerce plugin for
 CVE-2025-4382 (A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...)
 	TODO: check
 CVE-2025-4377 (Improper Limitation of a Pathname caused a Path Traversal vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Sparx Systems Pro Cloud Server
 CVE-2025-4376 (Improper Input Validation vulnerability in Sparx Systems Pro Cloud Ser ...)
-	TODO: check
+	NOT-FOR-US: Sparx Systems Pro Cloud Server
 CVE-2025-4375 (Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro C ...)
-	TODO: check
+	NOT-FOR-US: Sparx Systems Pro Cloud Server
 CVE-2025-4206 (The WordPress CRM, Email & Marketing Automation for WordPress | Award  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4107
@@ -101,7 +101,7 @@ CVE-2025-47736 (dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0
 CVE-2025-47735 (inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks  ...)
 	TODO: check
 CVE-2025-47733 (Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an u ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47732 (Microsoft Dataverse Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2025-46392 (Uncontrolled Resource Consumption vulnerability in Apache Commons Conf ...)
@@ -119,7 +119,7 @@ CVE-2025-46189 (SourceCodester Client Database Management System 1.0 is vulnerab
 CVE-2025-46188 (SourceCodester Client Database Management System 1.0 is vulnerable to  ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-45887 (Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF)  ...)
-	TODO: check
+	NOT-FOR-US: Yifang CMS
 CVE-2025-45885 (PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQ ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-45513 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the functio ...)
@@ -133,15 +133,15 @@ CVE-2025-3811 (The WPBookit plugin for WordPress is vulnerable to privilege esca
 CVE-2025-3810 (The WPBookit plugin for WordPress is vulnerable to privilege escalatio ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3714 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow  ...)
-	TODO: check
+	NOT-FOR-US: LCD KVM over IP Switch CL5708IM
 CVE-2025-3713 (The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow v ...)
-	TODO: check
+	NOT-FOR-US: LCD KVM over IP Switch CL5708IM
 CVE-2025-3712 (The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow v ...)
-	TODO: check
+	NOT-FOR-US: LCD KVM over IP Switch CL5708IM
 CVE-2025-3711 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow  ...)
-	TODO: check
+	NOT-FOR-US: LCD KVM over IP Switch CL5708IM
 CVE-2025-3710 (The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow  ...)
-	TODO: check
+	NOT-FOR-US: LCD KVM over IP Switch CL5708IM
 CVE-2025-3605 (The Frontend Login and Registration Blocks plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3463 ("This issue is limited to motherboards and does not affect laptops, de ...)
@@ -153,9 +153,9 @@ CVE-2025-3455 (The 1 Click WordPress Migration Plugin \u2013 100% FREE for a lim
 CVE-2025-37889 (In the Linux kernel, the following vulnerability has been resolved:  P ...)
 	TODO: check
 CVE-2025-33072 (Improper access control in Azure allows an unauthorized attacker to di ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-31946 (Pixmeo OsiriX MD  is vulnerable to a local use after free scenario, wh ...)
-	TODO: check
+	NOT-FOR-US: Pixmeo OsiriX MD
 CVE-2025-2253 (The IMITHEMES Listing plugin is vulnerable to privilege escalation via ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-29972 (Server-Side Request Forgery (SSRF) in Azure allows an authorized attac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c0e5990a08a64f793de2312520f81287be09377

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c0e5990a08a64f793de2312520f81287be09377
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/312fa264/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list