[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f2621fb by Moritz Muehlenhoff at 2025-05-15T23:40:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,7 +153,7 @@ CVE-2025-4126 (The EG-Series plugin for WordPress is vulnerable to Stored Cross-
 CVE-2025-48027 (The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authenticati ...)
 	NOT-FOR-US: pGina.Fork
 CVE-2025-48024 (In BlueWave Checkmate before 2.1, an authenticated regular user can ac ...)
-	TODO: check
+	NOT-FOR-US: BlueWave Checkmate
 CVE-2025-47889 (In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims ar ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47888 (Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL ...)
@@ -950,11 +950,11 @@ CVE-2025-22462 (An authentication bypass in Ivanti Neurons for ITSM (on-prem onl
 CVE-2025-22460 (Default credentials in Ivanti Cloud Services Application before versio ...)
 	NOT-FOR-US: Ivanti
 CVE-2025-22248 (The bitnami/pgpoolDocker image, and the bitnami/postgres-hak8s chart,  ...)
-	TODO: check
+	NOT-FOR-US: bitnami/pgpoolDocker image
 CVE-2025-21264 (Files or directories accessible to external parties in Visual Studio C ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-0035 (Unquoted search path within AMD Cloud Manageability Service can allow  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-6364 (A vulnerability in Absolute Persistence\xae versions before 2.8 exists ...)
 	NOT-FOR-US: Absolute Software
 CVE-2024-56526 (An issue was discovered in OXID eShop before 7. CMS pages in combinati ...)
@@ -968,15 +968,15 @@ CVE-2024-51445 (A vulnerability has been identified in Polarion V2310 (All versi
 CVE-2024-51444 (A vulnerability has been identified in Polarion V2310 (All versions),  ...)
 	NOT-FOR-US: Siemens
 CVE-2024-48766 (NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading  ...)
-	TODO: check
+	NOT-FOR-US: NetAlertX
 CVE-2024-46506 (NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: NetAlertX
 CVE-2024-42446 (APTIOV contains a vulnerability in BIOS where an attacker may cause a  ...)
 	NOT-FOR-US: AMI
 CVE-2024-36340 (A  junction point vulnerability within AMD uProf can allow a local low ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-36339 (A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries coul ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-36321 (Unquoted search path within AIM-T Manageability Service can allow a lo ...)
 	TODO: check
 CVE-2024-35281 (An improper isolation or compartmentalization vulnerability [CWE-653]  ...)
@@ -988,9 +988,9 @@ CVE-2024-21960 (Incorrect default permissions in the AMD Optimizing CPU Librarie
 CVE-2024-12533 (Improper Check for Unusual or Exceptional Conditions vulnerability in  ...)
 	TODO: check
 CVE-2023-31359 (Incorrect default permissions in the AMD Manageability API could allow ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31358 (A DLL hijacking vulnerability in the AMD Manageability API could allow ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-4632 (Improper limitation of a pathname to a restricted directory vulnerabil ...)
 	NOT-FOR-US: Samsung
 CVE-2025-4474 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2621fbfc0af854e4af04841bbe8f2fb240d35e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2621fbfc0af854e4af04841bbe8f2fb240d35e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250515/d7bdc1ff/attachment-0001.htm>