[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 9 22:25:27 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f7a4c81 by Salvatore Bonaccorso at 2025-05-09T23:25:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,9 +47,9 @@ CVE-2025-4459 (A vulnerability was found in code-projects Patient Record Managem
 CVE-2025-4458 (A vulnerability was found in code-projects Patient Record Management S ...)
 	NOT-FOR-US: code-projects
 CVE-2025-4457 (A vulnerability classified as critical was found in Project Worlds Car ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-4456 (A vulnerability classified as critical has been found in Project World ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-4455 (A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. I ...)
 	NOT-FOR-US: Patch My PC Home Updater
 CVE-2025-4454 (A vulnerability was found in D-Link DIR-619L 2.04B04. It has been decl ...)
@@ -95,11 +95,11 @@ CVE-2025-4206 (The WordPress CRM, Email & Marketing Automation for WordPress | A
 CVE-2025-4107
 	REJECTED
 CVE-2025-47737 (lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocati ...)
-	TODO: check
+	NOT-FOR-US: trailer Rust crate
 CVE-2025-47736 (dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 befor ...)
-	TODO: check
+	NOT-FOR-US: libsql-sqlite3-parser Rust crate
 CVE-2025-47735 (inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks  ...)
-	TODO: check
+	NOT-FOR-US: wgp Rust crate
 CVE-2025-47733 (Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an u ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-47732 (Microsoft Dataverse Remote Code Execution Vulnerability)
@@ -159,27 +159,27 @@ CVE-2025-31946 (Pixmeo OsiriX MD  is vulnerable to a local use after free scenar
 CVE-2025-2253 (The IMITHEMES Listing plugin is vulnerable to privilege escalation via ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-29972 (Server-Side Request Forgery (SSRF) in Azure allows an authorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29827 (Improper Authorization in Azure Automation allows an authorized attack ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29813 (An elevation of privilege vulnerability exists when Visual Studio impr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29509 (Jan v0.5.14 and before is vulnerable to remote code execution (RCE) wh ...)
-	TODO: check
+	NOT-FOR-US: Jan
 CVE-2025-28203 (Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: Victure RX1800
 CVE-2025-28202 (Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows ...)
-	TODO: check
+	NOT-FOR-US: Victure RX1800
 CVE-2025-28201 (An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically prox ...)
-	TODO: check
+	NOT-FOR-US: Victure RX1800
 CVE-2025-28200 (Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak d ...)
-	TODO: check
+	NOT-FOR-US: Victure RX1800
 CVE-2025-28074 (phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due ...)
-	TODO: check
+	- phplist <itp> (bug #612288)
 CVE-2025-27720 (The Pixmeo Osirix MD Web Portal sends credential information without e ...)
-	TODO: check
+	NOT-FOR-US: Pixmeo Osirix MD
 CVE-2025-27578 (Pixmeo OsiriX MD is vulnerable to a use after free scenario, which cou ...)
-	TODO: check
+	NOT-FOR-US: Pixmeo Osirix MD
 CVE-2025-1993 (IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2 ...)
 	NOT-FOR-US: IBM
 CVE-2025-1331 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1could  ...)
@@ -189,29 +189,29 @@ CVE-2025-1330 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1
 CVE-2025-1329 (IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could ...)
 	NOT-FOR-US: IBM
 CVE-2025-1087 (Kong Insomnia Desktop Application before 11.0.2 contains a template in ...)
-	TODO: check
+	NOT-FOR-US: Kong Insomnia Desktop Application
 CVE-2024-9524 (Link Following Local Privilege Escalation Vulnerability in System Spee ...)
-	TODO: check
+	NOT-FOR-US: Avira
 CVE-2024-13962 (Link Following Local Privilege Escalation Vulnerability in TuneupSvc i ...)
-	TODO: check
+	NOT-FOR-US: TuneupSvc in Gen Digital Inc. Avast Cleanup Premium
 CVE-2024-13961 (Link Following Local Privilege Escalation Vulnerability in TuneupSvc i ...)
-	TODO: check
+	NOT-FOR-US: TuneupSvc in Gen Digital Inc. Avast Cleanup Premium
 CVE-2024-13960 (Link Following Local Privilege Escalation Vulnerability in TuneUp Serv ...)
-	TODO: check
+	NOT-FOR-US: AVG TuneUp
 CVE-2024-13959 (Link Following Local Privilege Escalation Vulnerability in TuneupSvc.e ...)
-	TODO: check
+	NOT-FOR-US: AVG TuneUp
 CVE-2024-13944 (Link Following Local Privilege Escalation Vulnerability in NortonUtili ...)
-	TODO: check
+	NOT-FOR-US: Norton Utilities Ultimate
 CVE-2024-13759 (Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Pri ...)
-	TODO: check
+	NOT-FOR-US: Avira
 CVE-2024-12442 (EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: EnerSys AMPA
 CVE-2024-11861 (EnerSys AMPA 22.09 and prior versions are vulnerable to command inject ...)
-	TODO: check
+	NOT-FOR-US: EnerSys AMPA
 CVE-2024-11617 (The Envolve Plugin plugin for WordPress is vulnerable to arbitrary fil ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-31585 (Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /adm ...)
-	TODO: check
+	NOT-FOR-US: Grocery-CMS-PHP-Restful-API
 CVE-2025-37888 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.12.27-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f7a4c81816fcb3828dffed4588c8f5a75bc7024

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f7a4c81816fcb3828dffed4588c8f5a75bc7024
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/00e73794/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list