[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue, 08 Apr 2025 01:44:03 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0290bd44 by Salvatore Bonaccorso at 2025-04-08T10:43:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2025-3431 (The ZoomSounds - WordPress Wave Audio Player with Playlist 
plugin for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3430 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3429 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3428 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3427 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3413 (A vulnerability has been found in opplus springboot-admin up to 
a2d531 ...)
        TODO: check
 CVE-2025-3412 (A vulnerability, which was classified as critical, was found in 
mymagi ...)
@@ -31,11 +31,11 @@ CVE-2025-3403 (A vulnerability was found in Vivotek NVR 
ND8422P, NVR ND9525P and
 CVE-2025-3402 (A vulnerability was found in Seeyon Zhiyuan Interconnect FE 
Collaborat ...)
        TODO: check
 CVE-2025-3401 (A vulnerability has been found in ESAFENET CDG 
5.6.3.154.205_20250114  ...)
-       TODO: check
+       NOT-FOR-US: ESAFENET
 CVE-2025-3400 (A vulnerability, which was classified as critical, was found in 
ESAFEN ...)
-       TODO: check
+       NOT-FOR-US: ESAFENET
 CVE-2025-3399 (A vulnerability, which was classified as critical, has been 
found in E ...)
-       TODO: check
+       NOT-FOR-US: ESAFENET
 CVE-2025-3398 (A vulnerability classified as critical was found in lenve VBlog 
up to  ...)
        TODO: check
 CVE-2025-3397 (A vulnerability classified as problematic has been found in 
YzmCMS 7.1 ...)
@@ -61,7 +61,7 @@ CVE-2025-3385 (A vulnerability was found in LinZhaoguan 
pb-cms 2.0. It has been
 CVE-2025-3384 (A vulnerability was found in 1000 Projects Human Resource 
Management S ...)
        TODO: check
 CVE-2025-3383 (A vulnerability was found in SourceCodester Web-based Pharmacy 
Product ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2025-3364 (The SSH service of PowerStation from HGiga has a Chroot Escape 
vulnera ...)
        TODO: check
 CVE-2025-3363 (The web service of iSherlock from HGiga has an OS Command 
Injection vu ...)
@@ -91,91 +91,91 @@ CVE-2025-32029 (ts-asn1-der is a collection of utility 
classes to encode ASN.1 d
 CVE-2025-31496 (apollo-compiler is a query-based compiler for the GraphQL 
query langua ...)
        TODO: check
 CVE-2025-31333 (SAP S4CORE OData meta-data property is vulnerable to data 
tampering, d ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-31332 (Due to insecure file permissions in SAP BusinessObjects 
Business Intel ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-31331 (SAP NetWeaver allows an attacker to bypass authorization 
checks, enabl ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-31330 (SAP Landscape Transformation (SLT) allows an attacker with 
user privil ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-30017 (Due to a missing authorization check, an authenticated 
attacker could  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-30016 (SAP Financial Consolidation allows an unauthenticated attacker 
to gain ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-30015 (Due to incorrect memory address handling in ABAP SQL of SAP 
NetWeaver  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-30014 (SAP Capital Yield Tax Management has directory traversal 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-30013 (SAP ERP BW Business Content is vulnerable to OS Command 
Injection thro ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-2882 (The GreenPay(tm) by Green.Money plugin for WordPress is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2526 (The Streamit theme for WordPress is vulnerable to privilege 
escalation ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2525 (The Streamit theme for WordPress is vulnerable to arbitrary 
file uploa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2519 (The Sreamit theme for WordPress is vulnerable to arbitrary file 
downlo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2004 (The Simple WP Events plugin for WordPress is vulnerable to 
arbitrary f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-27437 (A Missing Authorization Check vulnerability exists in the 
Virus Scanne ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-27435 (Under specific conditions and prerequisites, an 
unauthenticated attack ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-27429 (SAP S/4HANA allows an attacker with user privileges to exploit 
a vulne ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-27428 (Due to directory traversal vulnerability, an authorized 
attacker could ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-26657 (SAP KMC WPC allows an unauthenticated attacker to remotely 
retrieve us ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-26654 (SAP Commerce Cloud (Public Cloud) does not allow to disable 
unencrypte ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-26653 (SAP NetWeaver Application Server ABAP does not sufficiently 
encode use ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-23186 (In certain conditions, SAP NetWeaver Application Server ABAP 
allows an ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-20951 (Improper verification of intent by broadcast receiver 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20950 (Use of implicit intent for sensitive communication in 
SamsungNotes pri ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20948 (Out-of-bounds read in enrollment with cdsp frame secfr 
trustlet prior  ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20947 (Improper handling of insufficient permission or privileges in 
Clipboar ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20946 (Improper handling of exceptional conditions in pairing 
specific blueto ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20945 (Improper access control in Galaxy Watch prior to SMR Apr-2025 
Release  ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20944 (Out-of-bounds read in parsing audio data in libsavsac.so prior 
to SMR  ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20943 (Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 
Release 1  ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20942 (Improper Verification of Intent by Broadcast Receiver in 
DeviceIdServi ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20941 (Improper access control in InputManager to SMR Apr-2025 
Release 1 allo ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20940 (Improper handling of insufficient permission in Samsung Device 
Health  ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20939 (Improper authorization in wireless download protocol in Galaxy 
Watch p ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20938 (Improper access control in SamsungContacts prior to SMR 
Apr-2025 Relea ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20936 (Improper access control in HDCP trustlet prior to SMR Apr-2025 
Release ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20935 (Improper handling of insufficient permission or privileges in 
Clipboar ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-20934 (Improper access control in Sticker Center prior to SMR 
Apr-2025 Releas ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2025-0942 (The DB chooser functionality inJalios JPlatform 10 SP6 before 
10.0.6 i ...)
        TODO: check
 CVE-2025-0361 (During an annual penetration test conducted on behalf of Axis 
Communic ...)
-       TODO: check
+       NOT-FOR-US: Axis Communication
 CVE-2024-47261 (51l3nc3, a member of the AXIS OS Bug Bounty Program, has found 
that th ...)
-       TODO: check
+       NOT-FOR-US: Axis Communication
 CVE-2024-13820 (The Melhor Envio plugin for WordPress is vulnerable to 
Sensitive Infor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2019-25223 (The Team Circle Image Slider With Lightbox plugin for 
WordPress is vul ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3426 (We observed that Intellispace Portal binaries doesn\u2019t have 
any pr ...)
        NOT-FOR-US: Intellispace Portal
 CVE-2025-3425 (The IntelliSpace portal application utilizes .NET Remoting for 
its fun ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0290bd44eaaf2230f4bd970017ad7bdd3393ccce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0290bd44eaaf2230f4bd970017ad7bdd3393ccce
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to