[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu May 15 22:07:30 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd677859 by Moritz Muehlenhoff at 2025-05-15T23:06:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-4762 (Insecure Direct Object Reference (IDOR) vulnerability in the eSignaVie ...)
-	TODO: check
+	NOT-FOR-US: eSigna
 CVE-2025-4717 (A vulnerability, which was classified as critical, was found in PHPGur ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-4716 (A vulnerability was found in Campcodes Sales and Inventory System 1.0. ...)
@@ -33,7 +33,7 @@ CVE-2025-4703 (A vulnerability has been found in PHPGurukul Vehicle Parking Mana
 CVE-2025-4702 (A vulnerability, which was classified as critical, was found in PHPGur ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-4701 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: VITA-MLLM Freeze-Omni
 CVE-2025-4699 (A vulnerability classified as critical was found in PHPGurukul Apartme ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-4698 (A vulnerability classified as critical has been found in PHPGurukul Di ...)
@@ -49,7 +49,7 @@ CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin for WordPress is v
 CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_escape" ...)
 	TODO: check
 CVE-2025-48051 (powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some ap ...)
-	TODO: check
+	NOT-FOR-US: Lichess Lila
 CVE-2025-48050 (In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not  ...)
 	TODO: check
 CVE-2025-47789 (Horilla is a free and open source Human Resource Management System (HR ...)
@@ -73,13 +73,13 @@ CVE-2025-47285 (Vyper is the Pythonic Programming Language for the Ethereum Virt
 CVE-2025-47279 (Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6. ...)
 	TODO: check
 CVE-2025-47161 (Microsoft Defender for Endpoint Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Lichess Lila
 CVE-2025-46834 (Alchemy's Modular Account is a smart contract account that is compatib ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-46053 (A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to ex ...)
 	TODO: check
 CVE-2025-46052 (An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 al ...)
-	TODO: check
+	NOT-FOR-US: WebERP
 CVE-2025-44185 (SourceCodester Best Employee Management System V1.0 is vulnerable to C ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-44183 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cros ...)
@@ -91,11 +91,11 @@ CVE-2025-44181 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable t
 CVE-2025-44180 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cros ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-44110 (FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the F ...)
-	TODO: check
+	NOT-FOR-US: FluxBB
 CVE-2025-43853 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable ...)
 	TODO: check
 CVE-2025-3446 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2025-3440 (IBM Security Guardium 11.5 is vulnerable to stored cross-site scriptin ...)
 	NOT-FOR-US: IBM
 CVE-2025-32922 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias WP2LEADS all ...)
@@ -105,7 +105,7 @@ CVE-2025-32738 (Missing authentication for critical function issue exists in I-O
 CVE-2025-32002 (Improper neutralization of special elements used in an OS command ('OS ...)
 	TODO: check
 CVE-2025-31947 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2025-30476 (Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resou ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-30475 (Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an impro ...)
@@ -121,9 +121,9 @@ CVE-2025-30418 (There is a memory corruption vulnerability due to an out of boun
 CVE-2025-30417 (There is a memory corruption vulnerability due to an out of bounds wri ...)
 	TODO: check
 CVE-2025-2570 (Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check  ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2025-2527 (Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to prop ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an u ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -131,13 +131,13 @@ CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-56006 (Missing Authorization vulnerability in Automattic Jetpack Debug Tools. ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2024-52880 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version  ...)
-	TODO: check
+	NOT-FOR-US: Insyde InsydeH2O
 CVE-2024-52879 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version  ...)
-	TODO: check
+	NOT-FOR-US: Insyde InsydeH2O
 CVE-2024-52878 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version  ...)
-	TODO: check
+	NOT-FOR-US: Insyde InsydeH2O
 CVE-2024-52877 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version  ...)
-	TODO: check
+	NOT-FOR-US: Insyde InsydeH2O
 CVE-2024-51666 (Missing Authorization vulnerability in Automattic Tours.This issue aff ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-4737 (Insufficient encryption vulnerability in the mobile application (com.t ...)
@@ -151,7 +151,7 @@ CVE-2025-4579 (The WP Content Security Plugin plugin for WordPress is vulnerable
 CVE-2025-4126 (The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-48027 (The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authenticati ...)
-	TODO: check
+	NOT-FOR-US: pGina.Fork
 CVE-2025-48024 (In BlueWave Checkmate before 2.1, an authenticated regular user can ac ...)
 	TODO: check
 CVE-2025-47889 (In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims ar ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd677859c193dd3e5f8ee6025afe9805173fdca8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd677859c193dd3e5f8ee6025afe9805173fdca8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250515/6cbf9310/attachment.htm>

More information about the debian-security-tracker-commits mailing list