[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 24 Mar 2025 13:48:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
63bb1916 by Salvatore Bonaccorso at 2025-03-24T21:47:39+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -163,7 +163,7 @@ CVE-2025-30521 (Cross-Site Request Forgery (CSRF) 
vulnerability in giangmd93 GP
 CVE-2025-30208 (Vite, a provider of frontend development tooling, has a 
vulnerability  ...)
        - node-vite <itp> (bug #1053782)
 CVE-2025-30205 (kanidim-provision is a helper utility that uses kanidm's API 
to provis ...)
-       TODO: check
+       NOT-FOR-US: kanidim-provision
 CVE-2025-30163 (Cilium is a networking, observability, and security solution 
with an e ...)
        - cilium <itp> (bug #858303)
 CVE-2025-30162 (Cilium is a networking, observability, and security solution 
with an e ...)
@@ -171,43 +171,43 @@ CVE-2025-30162 (Cilium is a networking, observability, 
and security solution wit
 CVE-2025-30112 (On 70mai Dash Cam 1S devices, by connecting directly to the 
dashcam's  ...)
        NOT-FOR-US: 70mai Dash Cam 1S devices
 CVE-2025-2749 (An authenticated remote code execution in Kentico Xperience 
allows aut ...)
-       TODO: check
+       NOT-FOR-US: Kentico
 CVE-2025-2748 (TheKentico Xperience application does not fully validate or 
filter fil ...)
-       TODO: check
+       NOT-FOR-US: Kentico
 CVE-2025-2747 (An authentication bypass vulnerability in Kentico Xperience 
allows aut ...)
-       TODO: check
+       NOT-FOR-US: Kentico
 CVE-2025-2746 (An authentication bypass vulnerability in Kentico Xperience 
allows aut ...)
-       TODO: check
+       NOT-FOR-US: Kentico
 CVE-2025-2709 (A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and 
classifi ...)
-       TODO: check
+       NOT-FOR-US: Yonyou UFIDA ERP-NC
 CVE-2025-2708 (A vulnerability, which was classified as critical, was found in 
zhijia ...)
-       TODO: check
+       NOT-FOR-US: zhijiantianya ruoyi-vue-pro
 CVE-2025-2707 (A vulnerability, which was classified as critical, has been 
found in z ...)
-       TODO: check
+       NOT-FOR-US: zhijiantianya ruoyi-vue-pro
 CVE-2025-2706 (A vulnerability classified as critical was found in Digiwin ERP 
5.0.1. ...)
-       TODO: check
+       NOT-FOR-US: Digiwin ERP
 CVE-2025-2705 (A vulnerability classified as critical has been found in 
Digiwin ERP 5 ...)
-       TODO: check
+       NOT-FOR-US: Digiwin ERP
 CVE-2025-2702 (A vulnerability, which was classified as critical, has been 
found in S ...)
-       TODO: check
+       NOT-FOR-US: Softwin WMX3
 CVE-2025-2701 (A vulnerability classified as critical was found in AMTT Hotel 
Broadba ...)
-       TODO: check
+       NOT-FOR-US: AMTT Hotel Broadband Operation System
 CVE-2025-2700 (A vulnerability classified as problematic has been found in 
michelson  ...)
        TODO: check
 CVE-2025-2326
        REJECTED
 CVE-2025-2231 (PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote 
Code Exe ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-29778 (Kyverno is a policy engine designed for cloud native platform 
engineer ...)
-       TODO: check
+       NOT-FOR-US: Kyverno
 CVE-2025-29294
        REJECTED
 CVE-2025-23204 (API Platform Core is a system to create hypermedia-driven REST 
and Gra ...)
-       TODO: check
+       NOT-FOR-US: API Platform Core
 CVE-2025-22223 (Spring Security 6.4.0 - 6.4.3 may not correctly locate method 
security ...)
        TODO: check
 CVE-2025-1558 (Mattermost Mobile Apps versions <=2.25.0 fail to properly 
validate GIF ...)
-       TODO: check
+       NOT-FOR-US: Mattermost Mobile Apps
 CVE-2025-0835 (Software installed and run as a non-privileged user may conduct 
improp ...)
        NOT-FOR-US: Imagination Technologies
 CVE-2025-0478 (Software installed and run as a non-privileged user may conduct 
improp ...)
@@ -217,11 +217,11 @@ CVE-2025-0256 (HCL DevOps Deploy / HCL Launch could allow 
an authenticated user
 CVE-2025-0255 (HCL DevOps Deploy / HCL Launch could allow a remote privileged 
authent ...)
        NOT-FOR-US: HCL
 CVE-2024-9103 (Improper Neutralization of Script in Attributes in a Web Page 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Forcepoint Email Security (Blocked Messages module)
 CVE-2024-8774 (The SIMPLE.ERP client stores superuser password in a 
recoverable forma ...)
-       TODO: check
+       NOT-FOR-US: SIMPLE.ERP
 CVE-2024-8773 (SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade 
request f ...)
-       TODO: check
+       NOT-FOR-US: SIMPLE.ERP
 CVE-2024-55279 (Uguu through 1.8.9 allows Cross Site Scripting (XSS) via 
JavaScript in ...)
        TODO: check
 CVE-2025-2699 (A vulnerability was found in GetmeUK ContentTools up to 1.6.16. 
It has ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bb1916efb69b8aefd0d50d28859da8286051a3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bb1916efb69b8aefd0d50d28859da8286051a3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to