[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 20 10:38:23 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c84b920f by Moritz Muehlenhoff at 2025-05-20T11:38:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -159,13 +159,13 @@ CVE-2025-48233 (Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affil
 CVE-2025-48232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-47949 (samlify is a Node.js library for SAML single sign-on. A Signature Wrap ...)
-	TODO: check
+	NOT-FOR-US: Node samlify
 CVE-2025-47946 (Symfony UX is an initiative and set of libraries to integrate JavaScri ...)
-	TODO: check
+	NOT-FOR-US: symfony/ux
 CVE-2025-47944 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...)
-	TODO: check
+	NOT-FOR-US: Node multer
 CVE-2025-47935 (Multer is a node.js middleware for handling `multipart/form-data`. Ver ...)
-	TODO: check
+	NOT-FOR-US: Node multer
 CVE-2025-47934 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Sta ...)
 	- node-openpgp <itp> (bug #787774)
 CVE-2025-47583 (Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking sys ...)
@@ -179,11 +179,11 @@ CVE-2025-47577 (Unrestricted Upload of File with Dangerous Type vulnerability in
 CVE-2025-47576 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47284 (Gardener implements the automated management and operation of Kubernet ...)
-	TODO: check
+	NOT-FOR-US: Gardener
 CVE-2025-47283 (Gardener implements the automated management and operation of Kubernet ...)
-	TODO: check
+	NOT-FOR-US: Gardener
 CVE-2025-47282 (Gardener External DNS Management is an environment to manage external  ...)
-	TODO: check
+	NOT-FOR-US: Gardener
 CVE-2025-46543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46441 (Path Traversal: '.../...//' vulnerability in ctltwp Section Widget all ...)
@@ -215,7 +215,7 @@ CVE-2025-43833 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-43832 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-43714 (The ChatGPT system through 2025-03-30 performs inline rendering of SVG ...)
-	TODO: check
+	NOT-FOR-US: ChatGPT
 CVE-2025-41429 (a-blog cms multiple versions neutralize logs improperly. If this vulne ...)
 	NOT-FOR-US: a-blog cms
 CVE-2025-3908 (The configuration initialization tool in OpenVPN 3 Linux v20 through v ...)
@@ -349,15 +349,15 @@ CVE-2025-31185 (A logic issue was addressed with improved checks. This issue is
 CVE-2025-31027 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30072 (Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Captu ...)
-	TODO: check
+	NOT-FOR-US: Tiiwee X1 Alarm System
 CVE-2025-2099 (A vulnerability in the `preprocess_string()` function of the `transfor ...)
-	TODO: check
+	NOT-FOR-US: huggingface/transformers
 CVE-2025-28371 (EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Acces ...)
-	TODO: check
+	NOT-FOR-US: EnGenius
 CVE-2025-27566 (Path traversal vulnerability exists in a-blog cms versions prior to Ve ...)
-	TODO: check
+	NOT-FOR-US: a-blog cms
 CVE-2025-27010 (Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows P ...)
-	TODO: check
+	NOT-FOR-US: bslthemes Tastyc
 CVE-2025-26997 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26920 (Missing Authorization vulnerability in PressMaximum Customify allows E ...)
@@ -371,7 +371,7 @@ CVE-2025-26867 (Missing Authorization vulnerability in Themes4WP Bulk allows Acc
 CVE-2025-26735 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26621 (OpenCTI is an open source platform for managing cyber threat intellige ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2025-24189 (The issue was addressed with improved checks. This issue is fixed in S ...)
 	NOT-FOR-US: Apple
 CVE-2025-24184 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -403,7 +403,7 @@ CVE-2025-22678 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-22287 (Missing Authorization vulnerability in Eniture Technology LTL Freight  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2024-55063 (Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7 ...)
-	TODO: check
+	NOT-FOR-US: EasyVirt DC NetScope
 CVE-2024-51106 (A cross-site scripting (XSS) vulnerability in the component mcgs/admin ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2024-4878



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84b920f1d42ee66fe1988edfdf966f79f4a90ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84b920f1d42ee66fe1988edfdf966f79f4a90ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/4465cece/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list