[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Mon, 05 May 2025 13:30:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
82fed4c0 by Salvatore Bonaccorso at 2025-05-05T22:29:43+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2025-4281 (A vulnerability, which was classified as 
problematic, was found i
 CVE-2025-4279 (The External image replace plugin for WordPress is vulnerable 
to arbit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4272 (A vulnerability was found in Mechrevo Control Console 1.0.2.70. 
It has ...)
-       TODO: check
+       NOT-FOR-US: Mechrevo Control Console
 CVE-2025-47240
        REJECTED
 CVE-2025-46813 (Discourse is an open-source community platform. A data leak 
vulnerabil ...)
@@ -27,7 +27,7 @@ CVE-2025-46731 (Craft is a content management system. 
Versions of Craft CMS on t
 CVE-2025-46730 (MobSF is a mobile application security testing tool used. 
Typically, M ...)
        NOT-FOR-US: MobSF
 CVE-2025-46726 (Langroid is a framework for building 
large-language-model-powered appl ...)
-       TODO: check
+       NOT-FOR-US: Langroid
 CVE-2025-46720 (Keystone is a content management system for Node.js. Prior to 
version  ...)
        NOT-FOR-US: Keystone CMS
 CVE-2025-46719 (Open WebUI is a self-hosted artificial intelligence platform 
designed  ...)
@@ -51,23 +51,23 @@ CVE-2025-45617 (Incorrect access control in the component 
/user/list of producti
 CVE-2025-45616 (Incorrect access control in the /admin/** API of brcc v1.2.0 
allows at ...)
        TODO: check
 CVE-2025-45615 (Incorrect access control in the /admin/ API of yaoqishan 
v0.0.1-SNAPSH ...)
-       TODO: check
+       NOT-FOR-US: yaoqishan
 CVE-2025-45614 (Incorrect access control in the component /api/user/manager of 
One v1. ...)
-       TODO: check
+       NOT-FOR-US: One
 CVE-2025-45613 (Incorrect access control in the component /user/list of 
Shiro-Action v ...)
-       TODO: check
+       NOT-FOR-US: Shiro-Action
 CVE-2025-45612 (Incorrect access control in xmall v1.1 allows attackers to 
bypass auth ...)
-       TODO: check
+       NOT-FOR-US: xmall
 CVE-2025-45611 (Incorrect access control in the /user/edit/ component of 
hope-boot v1. ...)
-       TODO: check
+       NOT-FOR-US: hope-boot
 CVE-2025-45610 (Incorrect access control in the component /scheduleLog/info/1 
of PassJ ...)
-       TODO: check
+       NOT-FOR-US: PassJava-Platform
 CVE-2025-45609 (Incorrect access control in the doFilter function of kob 
latest v1.0.0 ...)
        TODO: check
 CVE-2025-45608 (Incorrect access control in the /system/user/findUserList API 
of Xingu ...)
-       TODO: check
+       NOT-FOR-US: Xinguan
 CVE-2025-45607 (An issue in the component /manage/ of itranswarp v2.19 allows 
attacker ...)
-       TODO: check
+       NOT-FOR-US: itranswarp
 CVE-2025-45322 (kashipara Online Service Management Portal V1.0 is vulnerable 
to SQL I ...)
        NOT-FOR-US: kashipara Online Service Management Portal
 CVE-2025-45321 (kashipara Online Service Management Portal V1.0 is vulnerable 
to SQL I ...)
@@ -91,35 +91,35 @@ CVE-2025-45042 (Tenda AC9 v15.03.05.14 was discovered to 
contain a command injec
 CVE-2025-43915 (In Buoyant Edge releases before edge-25.2.1 and Enterprise for 
Linkerd ...)
        NOT-FOR-US: Buoyant Edge
 CVE-2025-43852 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43851 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43850 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43849 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43848 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43847 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43846 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43845 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43844 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43843 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-43842 (Retrieval-based-Voice-Conversion-WebUI is a voice changing 
framework b ...)
-       TODO: check
+       NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
 CVE-2025-2905 (An XML External Entity (XXE) vulnerability exists in the 
gateway compo ...)
        TODO: check
 CVE-2025-29573 (Cross-Site Scripting (XSS) vulnerability exists in Mezzanine 
CMS 6.0.0 ...)
        NOT-FOR-US: Mezzanine CMS
 CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0 is vulnerable to 
Unrestricted  ...)
-       TODO: check
+       NOT-FOR-US: Outsystems Multiple File Upload
 CVE-2025-28062 (A Cross-Site Request Forgery (CSRF) vulnerability was 
discovered in ER ...)
-       TODO: check
+       NOT-FOR-US: ERPNEXT
 CVE-2025-27921 (A reflected cross-site scripting (XSS) vulnerability was 
discovered in ...)
        TODO: check
 CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory 
traversal ...)
@@ -157,7 +157,7 @@ CVE-2024-57230 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 
was discovered to co
 CVE-2024-57229 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to 
contain  ...)
        NOT-FOR-US: Netgear
 CVE-2024-51991 (October is a Content Management System (CMS) and web platform. 
A vulne ...)
-       TODO: check
+       NOT-FOR-US: October CMS
 CVE-2024-42213 (HCL BigFix Compliance is affected by inclusion of temporary 
files left ...)
        NOT-FOR-US: HCL
 CVE-2024-42212 (HCL BigFix Compliance is affected by an improper or missing 
SameSite a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82fed4c0194486954078f4ce5dda28b17816e577

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82fed4c0194486954078f4ce5dda28b17816e577
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to