[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 30 21:26:37 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1f45adf by Salvatore Bonaccorso at 2025-05-30T22:26:08+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,9 +7,9 @@ CVE-2025-5359 (A vulnerability classified as critical has been found in Campcode
 CVE-2025-5358 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Managemen ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-5357 (A vulnerability was found in FreeFloat FTP Server 1.0. It has been dec ...)
-	TODO: check
+	NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-5356 (A vulnerability was found in FreeFloat FTP Server 1.0. It has been cla ...)
-	TODO: check
+	NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-5235 (The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5190 (The Browse As plugin for WordPress is vulnerable to authentication byp ...)
@@ -49,9 +49,9 @@ CVE-2025-4597 (The Woo Slider Pro \u2013 Drag Drop Slider Builder For WooCommerc
 CVE-2025-4433 (Improper access control in user group management in Devolutions Server ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-48949 (Navidrome is an open source web-based music collection server and stre ...)
-	TODO: check
+	NOT-FOR-US: Navidrome
 CVE-2025-48948 (Navidrome is an open source web-based music collection server and stre ...)
-	TODO: check
+	NOT-FOR-US: Navidrome
 CVE-2025-48946 (liboqs is a C-language cryptographic library that provides implementat ...)
 	TODO: check
 CVE-2025-48944 (vLLM is an inference and serving engine for large language models (LLM ...)
@@ -63,11 +63,11 @@ CVE-2025-48942 (vLLM is an inference and serving engine for large language model
 CVE-2025-48938 (go-gh is a collection of Go modules to make authoring GitHub CLI exten ...)
 	TODO: check
 CVE-2025-48912 (An authenticated malicious actor using specially crafted requests coul ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2025-48887 (vLLM, an inference and serving engine for large language models (LLMs) ...)
 	TODO: check
 CVE-2025-48885 (application-urlshortener create shortened URLs for XWiki pages. Versio ...)
-	TODO: check
+	NOT-FOR-US: application-urlshortener
 CVE-2025-48883 (Chrome PHP allows users to start playing with chrome/chromium in headl ...)
 	TODO: check
 CVE-2025-48882 (PHPOffice Math is a library that provides a set of classes to manipula ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1f45adfbf01bc1ee7e517c6649b384ea4dc1eac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1f45adfbf01bc1ee7e517c6649b384ea4dc1eac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250530/64df2be2/attachment.htm>

More information about the debian-security-tracker-commits mailing list