[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 30 21:47:41 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b48737b3 by Salvatore Bonaccorso at 2025-05-30T22:47:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,13 +37,13 @@ CVE-2025-4983 (A stored Cross-site Scripting (XSS) vulnerability affecting City
 CVE-2025-4944 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4636 (Due to excessive privileges granted to the web user running the airpoi ...)
-	TODO: check
+	NOT-FOR-US: airpointer web platform
 CVE-2025-4635 (A malicious user with administrative privileges in the web portal woul ...)
-	TODO: check
+	NOT-FOR-US: airpointer web platform
 CVE-2025-4634 (The web portal on airpointer 2.4.107-2 was vulnerable local file inclu ...)
-	TODO: check
+	NOT-FOR-US: web portal on airpointer
 CVE-2025-4633 (Default credentials were present in the web portal for Airpointer 2.4. ...)
-	TODO: check
+	NOT-FOR-US: Airpointer
 CVE-2025-4597 (The Woo Slider Pro \u2013 Drag Drop Slider Builder For WooCommerce plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4433 (Improper access control in user group management in Devolutions Server ...)
@@ -69,9 +69,9 @@ CVE-2025-48887 (vLLM, an inference and serving engine for large language models
 CVE-2025-48885 (application-urlshortener create shortened URLs for XWiki pages. Versio ...)
 	NOT-FOR-US: application-urlshortener
 CVE-2025-48883 (Chrome PHP allows users to start playing with chrome/chromium in headl ...)
-	TODO: check
+	NOT-FOR-US: Chrome PHP
 CVE-2025-48882 (PHPOffice Math is a library that provides a set of classes to manipula ...)
-	TODO: check
+	NOT-FOR-US: PHPOffice
 CVE-2025-48874
 	REJECTED
 CVE-2025-48873
@@ -83,9 +83,9 @@ CVE-2025-48871
 CVE-2025-48870
 	REJECTED
 CVE-2025-48334 (Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-48331 (Insertion of Sensitive Information Into Sent Data vulnerability in Van ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3611 (Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11 ...)
 	TODO: check
 CVE-2025-3230 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5 ...)
@@ -93,11 +93,11 @@ CVE-2025-3230 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <=
 CVE-2025-2571 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5 ...)
 	TODO: check
 CVE-2025-2503 (An improper permission handling vulnerability was reported in Lenovo P ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2025-2502 (An improper default permissions vulnerability was reported in Lenovo P ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2025-2501 (An untrusted search path vulnerability was reported in Lenovo PC Manag ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2025-2500 (A vulnerability exists in the SOAP Web services of the Asset  Suite ve ...)
 	NOT-FOR-US: Hitachi Energy
 CVE-2025-1792 (Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11 ...)
@@ -107,7 +107,7 @@ CVE-2025-1763 (An issue has been discovered in GitLab EE that allows for cross-s
 CVE-2025-1484 (A vulnerability exists in the media upload component of the Asset  Sui ...)
 	NOT-FOR-US: Hitachi Energy
 CVE-2025-1479 (An open debug interface was reported in the Legion Space software incl ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2025-0602 (A stored Cross-site Scripting (XSS) vulnerability affecting Compare in ...)
 	NOT-FOR-US: Dassault Systemes
 CVE-2024-7097 (An incorrect authorization vulnerability exists in multiple WSO2 produ ...)
@@ -121,11 +121,11 @@ CVE-2024-42190 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DL
 CVE-2024-23589 (Due to outdated Hash algorithm, HCL Glovius Cloud could allow attacker ...)
 	NOT-FOR-US: HCL
 CVE-2024-13917 (Anapplication "com.pri.applock", which is pre-loaded onKruger&Matz sma ...)
-	TODO: check
+	NOT-FOR-US: Kruger&Matz smartphones
 CVE-2024-13916 (Anapplication "com.pri.applock", which is pre-loaded onKruger&Matz sma ...)
-	TODO: check
+	NOT-FOR-US: Kruger&Matz smartphones
 CVE-2024-13915 (Android based smartphones from vendors such as Ulefone andKr\xfcger&Ma ...)
-	TODO: check
+	NOT-FOR-US: Ulefone and Kruger&Matz smartphones
 CVE-2025-5332 (A vulnerability was found in 1000 Projects Online Notice Board 1.0 and ...)
 	NOT-FOR-US: 1000 Projects Online Notice Board
 CVE-2025-5331 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...)
@@ -201695,7 +201695,7 @@ CVE-2023-26228
 CVE-2023-26227
 	RESERVED
 CVE-2023-26226 (A use after free memory corruption issue exists in Yandex Browser for  ...)
-	TODO: check
+	NOT-FOR-US: Yandex Browser
 CVE-2023-26225
 	RESERVED
 CVE-2023-26224



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48737b321f62097109d75815a8b98eafedaf071

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48737b321f62097109d75815a8b98eafedaf071
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250530/91b6acec/attachment.htm>

More information about the debian-security-tracker-commits mailing list