[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 22 Mar 2025 20:01:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a6bdf8b1 by Salvatore Bonaccorso at 2025-03-20T21:13:35+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-30160 (Redlib is an alternative private front-end to Reddit. A 
vulnerability  ...)
        TODO: check
 CVE-2025-2565 (The data exposure vulnerability in Liferay Portal 7.4.0 through 
7.4.3. ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-2557 (A vulnerability, which was classified as critical, has been 
found in A ...)
        TODO: check
 CVE-2025-2556 (A vulnerability classified as problematic was found in Audi UTR 
Dashca ...)
@@ -9,23 +9,23 @@ CVE-2025-2556 (A vulnerability classified as problematic was 
found in Audi UTR D
 CVE-2025-2555 (A vulnerability classified as problematic has been found in 
Audi Unive ...)
        TODO: check
 CVE-2025-2553 (A vulnerability was found in D-Link DIR-618 and DIR-605L 
2.02/3.02. It ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-2552 (A vulnerability was found in D-Link DIR-618 and DIR-605L 
2.02/3.02. It ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-2551 (A vulnerability was found in D-Link DIR-618 and DIR-605L 
2.02/3.02. It ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-2550 (A vulnerability was found in D-Link DIR-618 and DIR-605L 
2.02/3.02 and ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-2549 (A vulnerability has been found in D-Link DIR-618 and DIR-605L 
2.02/3.0 ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-2548 (A vulnerability, which was classified as problematic, was found 
in D-L ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-2547 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-2546 (A vulnerability classified as problematic was found in D-Link 
DIR-618  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-2539 (The File Away plugin for WordPress is vulnerable to 
unauthorized acces ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2480 (Santesoft Sante DICOM Viewer Pro is vulnerable to an 
out-of-bounds wri ...)
        TODO: check
 CVE-2025-2311 (Incorrect Use of Privileged APIs, Cleartext Transmission of 
Sensitive  ...)
@@ -45,19 +45,19 @@ CVE-2025-29411 (An arbitrary file upload vulnerability in 
the Client Profile Upd
 CVE-2025-29410 (A cross-site scripting (XSS) vulnerability in the component 
/contact.p ...)
        TODO: check
 CVE-2025-29218 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack 
overflow ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-29217 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack 
overflow ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-29215 (Tenda AX12 v22.03.01.46_CN was discovered to contain a stack 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-29214 (Tenda AX12 v22.03.01.46_CN was discovered to contain a stack 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-29149 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-29121 (A vulnerability was found in Tenda AC6 V15.03.05.16. The 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-29101 (Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-26853 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a 
broken au ...)
        TODO: check
 CVE-2025-26852 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows 
SQL Inje ...)
@@ -65,7 +65,7 @@ CVE-2025-26852 (DESCOR INFOCAD 3.5.1 and before and fixed in 
v.3.5.2.0 allows SQ
 CVE-2025-23120 (A vulnerability allowing remote code execution (RCE) for 
domain users.)
        TODO: check
 CVE-2025-1802 (The HT Mega \u2013 Absolute Addons For Elementor plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-1796 (A vulnerability in langgenius/dify v0.10.1 allows an attacker 
to take  ...)
        TODO: check
 CVE-2025-1496 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
@@ -103,7 +103,7 @@ CVE-2025-0312 (A vulnerability in ollama/ollama versions 
<=0.3.14 allows a malic
 CVE-2025-0281 (A stored cross-site scripting (XSS) vulnerability exists in 
lunary-ai/ ...)
        TODO: check
 CVE-2025-0254 (HCL Digital Experience components Ring API and dxclient may be 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2025-0192 (A stored Cross-site Scripting (XSS) vulnerability exists in the 
latest ...)
        TODO: check
 CVE-2025-0191 (A Denial of Service (DoS) vulnerability exists in the file 
upload feat ...)
@@ -419,7 +419,7 @@ CVE-2024-6483 (A vulnerability in the `runs/delete-batch` 
endpoint of aimhubio/a
 CVE-2024-5752 (A path traversal vulnerability exists in stitionai/devika, 
specificall ...)
        TODO: check
 CVE-2024-57440 (D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer 
Overflo ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base Component class 
contains a vu ...)
        TODO: check
 CVE-2024-4023 (A stored cross-site scripting (XSS) vulnerability exists in 
flatpressb ...)
@@ -431,15 +431,15 @@ CVE-2024-48590 (Inflectra SpiraTeam 7.2.00 is vulnerable 
to Server-Side Request
 CVE-2024-2292 (Due to a lack of access control, unauthorized users are able to 
view a ...)
        TODO: check
 CVE-2024-13923 (The Order Export & Order Import for WooCommerce plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13922 (The Order Export & Order Import for WooCommerce plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13921 (The Order Export & Order Import for WooCommerce plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13920 (The Order Export & Order Import for WooCommerce plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13558 (The NP Quote Request for WooCommerce plugin for WordPress is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13060 (A vulnerability in AnythingLLM Docker version 1.3.1 allows 
users with  ...)
        TODO: check
 CVE-2024-12911 (A vulnerability in the `default_jsonalyzer` function of the 
`JSONalyze ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6bdf8b1f9ed39349df1bf0be7e7c96bc67b979c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6bdf8b1f9ed39349df1bf0be7e7c96bc67b979c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to