[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 30 10:29:02 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c74d0644 by Moritz Muehlenhoff at 2025-05-30T11:28:38+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,15 +33,15 @@ CVE-2025-48880 (FreeScout is a free self-hosted help desk and shared mailbox. Pr
 CVE-2025-48875 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
 	NOT-FOR-US: FreeScout
 CVE-2025-48865 (Fabio is an HTTP(S) and TCP router for deploying applications managed  ...)
-	TODO: check
+	NOT-FOR-US: Fabio
 CVE-2025-48757 (An insufficient database Row-Level Security policy in Lovable through  ...)
-	TODO: check
+	NOT-FOR-US: Lovable
 CVE-2025-48492 (GetSimple CMS is a content management system. In versions starting fro ...)
 	NOT-FOR-US: GetSimple CMS
 CVE-2025-48491 (Project AI is a platform designed to create AI agents. Prior to the pr ...)
-	TODO: check
+	NOT-FOR-US: Project AI
 CVE-2025-48490 (Laravel Rest Api is an API generator. Prior to version 2.13.0, a valid ...)
-	TODO: check
+	NOT-FOR-US: Laravel Rest Api
 CVE-2025-48489 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
 	NOT-FOR-US: FreeScout
 CVE-2025-48488 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
@@ -99,7 +99,7 @@ CVE-2025-41406 (Cross-site scripting vulnerability exists in wivia 5 all version
 CVE-2025-41385 (An OS Command Injection issue exists in wivia 5 all versions. If this  ...)
 	NOT-FOR-US: wivia
 CVE-2025-41235 (Spring Cloud Gateway Server forwards the X-Forwarded-Forand Forwardedh ...)
-	TODO: check
+	NOT-FOR-US: Spring Cloud Gateway Server
 CVE-2025-31264 (An authentication issue was addressed with improved state management.  ...)
 	NOT-FOR-US: Apple
 CVE-2025-31263 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -150,7 +150,7 @@ CVE-2025-4687 (In Teltonika Networks Remote Management System (RMS), it is possi
 CVE-2025-4670 (The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4081 (Use of entitlement "com.apple.security.cs.disable-library-validation"  ...)
-	TODO: check
+	NOT-FOR-US: DaVinci Resolve
 CVE-2025-48748 (Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.77 ...)
 	NOT-FOR-US: Netwrix
 CVE-2025-48475 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
@@ -217,7 +217,7 @@ CVE-2025-32752 (Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensit
 CVE-2025-2518 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
 	NOT-FOR-US: IBM
 CVE-2025-29632 (Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: Free5gc
 CVE-2025-27151 (Redis is an open source, in-memory database that persists on disk. In  ...)
 	- redis <unfixed> (bug #1106822)
 	[bullseye] - redis <not-affected> (Vulnerable code not present)
@@ -602,7 +602,7 @@ CVE-2025-48383 (Django-Select2 is a Django integration for Select2. Prior to ver
 	NOTE: https://github.com/codingjoe/django-select2/security/advisories/GHSA-wjrh-hj83-3wh7
 	NOTE: Fixed by: https://github.com/codingjoe/django-select2/commit/e5f41e6edba004d35f94915ff5e2559f44853412 (8.4.1)
 CVE-2025-48370 (auth-js is an isomorphic Javascript library for Supabase Auth. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Supabase auth-js
 CVE-2025-48057 (Icinga 2 is a monitoring system which checks the availability of netwo ...)
 	- icinga2 2.14.6-1
 	NOTE: Fixed by: https://github.com/Icinga/icinga2/security/advisories/GHSA-7vcf-f5v9-3wr6



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c74d064405bed64a9cc1e7e41e22f80989002af1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c74d064405bed64a9cc1e7e41e22f80989002af1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250530/a6c518b0/attachment.htm>

More information about the debian-security-tracker-commits mailing list