[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bdb146af by Moritz Muehlenhoff at 2025-05-22T15:23:43+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -101,7 +101,7 @@ CVE-2025-48414 (There are several scripts in the web interface that are accessib
 CVE-2025-48413 (The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password h ...)
 	TODO: check
 CVE-2025-48207 (The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Ins ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2025-48206 (The ns_backup extension through 13.0.0 for TYPO3 allows XSS.)
 	NOT-FOR-US: TYPO3 extension
 CVE-2025-48205 (The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insec ...)
@@ -119,7 +119,7 @@ CVE-2025-48200 (The sr_feuser_register extension through 12.4.8 for TYPO3 allows
 CVE-2025-48069 (ejson2env allows users to decrypt EJSON secrets and export them as env ...)
 	TODO: check
 CVE-2025-48064 (GitHub Desktop is an open-source, Electron-based GitHub app designed f ...)
-	TODO: check
+	NOT-FOR-US: GitHub Desktop
 CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required rights we ...)
 	NOT-FOR-US: XWiki
 CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and including 1 ...)
@@ -139,21 +139,21 @@ CVE-2025-46822 (OsamaTaher/Java-springboot-codebase is a collection of Java and
 CVE-2025-46412 (Affected Vertiv products do not properly protect webserver functions t ...)
 	TODO: check
 CVE-2025-45755 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM ...)
-	TODO: check
+	NOT-FOR-US: Vtiger CRM
 CVE-2025-45754 (A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6. ...)
-	TODO: check
+	NOT-FOR-US: SeedDMS
 CVE-2025-45752 (A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privil ...)
-	TODO: check
+	NOT-FOR-US: SeedDMS
 CVE-2025-44895 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
-	TODO: check
+	NOT-FOR-US: FW-WGS-804HPT
 CVE-2025-44892 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
-	TODO: check
+	NOT-FOR-US: FW-WGS-804HPT
 CVE-2025-44083 (An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypa ...)
 	NOT-FOR-US: D-Link
 CVE-2025-41426 (Affected Vertiv products contain a stack based buffer overflow vulnera ...)
 	TODO: check
 CVE-2025-41232 (Spring Security Aspects may not correctly locate method security annot ...)
-	TODO: check
+	- libspring-security-2.0-java <removed>
 CVE-2025-3781 (The Raisely Donation Form plugin for WordPress is vulnerable to Stored ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3751 (The component listed above contains a vulnerability that can be exploi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdb146af36cfb1dc4e5af2e80a5faf6a76aebd87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdb146af36cfb1dc4e5af2e80a5faf6a76aebd87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250522/416d3d08/attachment.htm>