[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 29 21:34:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aefe71a4 by Salvatore Bonaccorso at 2025-05-29T22:33:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
 CVE-2025-5334 (Exposure of private personal information to an unauthorized actor in t ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-5326 (A vulnerability was found in zhilink \u667a\u4e92\u8054(\u6df1\u5733)\ ...)
-	TODO: check
+	NOT-FOR-US: zhilink ADP Application Developer Platform
 CVE-2025-5325 (A vulnerability has been found in zhilink \u667a\u4e92\u8054(\u6df1\u5 ...)
-	TODO: check
+	NOT-FOR-US: zhilink ADP Application Developer Platform
 CVE-2025-5324 (A vulnerability, which was classified as problematic, was found in Tec ...)
-	TODO: check
+	NOT-FOR-US: TechPowerUp GPU-Z
 CVE-2025-5323 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: fossasia open-event-server
 CVE-2025-5321 (A vulnerability classified as critical was found in aimhubio aim up to ...)
-	TODO: check
+	NOT-FOR-US: aimhubio aim
 CVE-2025-5320 (A vulnerability classified as problematic has been found in gradio-app ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2025-5286 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5122 (The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cro ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4967 (Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2025-4687 (In Teltonika Networks Remote Management System (RMS), it is possible t ...)
-	TODO: check
+	NOT-FOR-US: Teltonika Networks Remote Management System (RMS)
 CVE-2025-4670 (The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4081 (Use of entitlement "com.apple.security.cs.disable-library-validation"  ...)
 	TODO: check
 CVE-2025-48748 (Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.77 ...)
-	TODO: check
+	NOT-FOR-US: Netwrix
 CVE-2025-48475 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-48474 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-48473 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-48472 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-48471 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-48390 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-48389 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-48388 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-48336 (Deserialization of Untrusted Data vulnerability in ThimPress Course Bu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-48047 (An authenticated user can perform command injection via unsanitized in ...)
-	TODO: check
+	NOT-FOR-US: NetFax Server
 CVE-2025-48046 (An authenticated user can disclose the cleartext password of a configu ...)
-	TODO: check
+	NOT-FOR-US: NetFax Server
 CVE-2025-48045 (An unauthenticated HTTP GET request to the /client.php endpoint will d ...)
-	TODO: check
+	NOT-FOR-US: NetFax Server
 CVE-2025-47933 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
-	TODO: check
+	NOT-FOR-US: Argo CD
 CVE-2025-47288 (Discourse Policy plugin gives the ability to confirm users have seen o ...)
-	TODO: check
+	NOT-FOR-US: Discourse Policy plugin
 CVE-2025-46823 (openmrs-module-fhir2 provides the FHIR REST API and related services f ...)
-	TODO: check
+	NOT-FOR-US: openmrs-module-fhir2
 CVE-2025-46722 (vLLM is an inference and serving engine for large language models (LLM ...)
 	TODO: check
 CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's ...)
@@ -63,11 +63,11 @@ CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache To
 CVE-2025-46570 (vLLM is an inference and serving engine for large language models (LLM ...)
 	TODO: check
 CVE-2025-46080 (HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit ...)
-	TODO: check
+	NOT-FOR-US: HuoCMS
 CVE-2025-46078 (HuoCMS V3.5.1 and before is vulnerable to file upload, which allows at ...)
-	TODO: check
+	NOT-FOR-US: HuoCMS
 CVE-2025-45474 (maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery  ...)
-	TODO: check
+	NOT-FOR-US: maccms10
 CVE-2025-3913 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5 ...)
 	TODO: check
 CVE-2025-3050 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
@@ -83,13 +83,13 @@ CVE-2025-29632 (Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote
 CVE-2025-27151 (Redis is an open source, in-memory database that persists on disk. In  ...)
 	TODO: check
 CVE-2024-54952 (MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption ...)
-	TODO: check
+	NOT-FOR-US: MikroTik RouterOS
 CVE-2024-53423 (An issue in Open Network Foundation ONOS v2.7.0 allows attackers to ca ...)
-	TODO: check
+	NOT-FOR-US: Open Network Foundation ONOS
 CVE-2024-52588 (Strapi is an open-source content management system. Prior to version 4 ...)
-	TODO: check
+	NOT-FOR-US: Strapi
 CVE-2024-51392 (An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: OpenKnowledgeMaps Headstart
 CVE-2024-49350 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
 	NOT-FOR-US: IBM
 CVE-2024-22654 (tcpreplay v4.4.4 was discovered to contain an infinite loop via the tc ...)
@@ -97,7 +97,7 @@ CVE-2024-22654 (tcpreplay v4.4.4 was discovered to contain an infinite loop via
 CVE-2024-22653 (yasm commit 9defefae was discovered to contain a NULL pointer derefere ...)
 	TODO: check
 CVE-2023-41591 (An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cr ...)
-	TODO: check
+	NOT-FOR-US: Open Network Foundation ONOS
 CVE-2025-37999 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.12.29-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aefe71a42bc424904b4f839c197d2f38c2765cd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aefe71a42bc424904b4f839c197d2f38c2765cd3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250529/093a022e/attachment.htm>

More information about the debian-security-tracker-commits mailing list