[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 18 Jun 2025 13:22:14 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ae44266a by Salvatore Bonaccorso at 2025-06-18T22:20:34+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-6240 (Improper Input Validation vulnerability in Profisee on Windows 
(filesy ...)
-       TODO: check
+       NOT-FOR-US: Profisee
 CVE-2025-6220 (The Ultra Addons for Contact Form 7 plugin for WordPress is 
vulnerable ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-6086 (The CSV Me plugin for WordPress is vulnerable to arbitrary file 
upload ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-5981 (Arbitrary file write as the OSV-SCALIBR user on the host system 
via a  ...)
-       TODO: check
+       NOT-FOR-US: OSV-SCALIBR
 CVE-2025-5237 (The Target Video Easy Publish plugin for WordPress is 
vulnerable to St ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4821 (Impact  Cloudflare quiche was discovered to be vulnerable to 
incorrect ...)
@@ -1570,7 +1570,7 @@ CVE-2025-5349 (Improper access control on the NetScaler 
Management Interface in
 CVE-2025-5291 (The Master Slider \u2013 Responsive Touch Slider plugin for 
WordPress  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-5141 (A binary in the BoKS Server Agent component of Fortra's Core 
Privilege ...)
-       TODO: check
+       NOT-FOR-US: BoKS
 CVE-2025-4879 (Local Privilege escalation allows a low-privileged user to gain 
SYSTEM ...)
        NOT-FOR-US: Citrix
 CVE-2025-4754 (Insufficient Session Expiration vulnerability in ash-project 
ash_authe ...)
@@ -1586,7 +1586,7 @@ CVE-2025-49881 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2025-49880 (Missing Authorization vulnerability in Emraan Cheema CubeWP 
Forms allo ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49879 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: themezaa Litho
 CVE-2025-49878 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49877 (Server-Side Request Forgery (SSRF) vulnerability in Metagauss 
ProfileG ...)
@@ -1624,33 +1624,33 @@ CVE-2025-49855 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2025-49854 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49850 (A Heap-based Buffer Overflow vulnerability exists within the 
parsing o ...)
-       TODO: check
+       NOT-FOR-US: LS Electric
 CVE-2025-49849 (An Out-of-bounds Read vulnerability exists within the parsing 
of PRJ f ...)
-       TODO: check
+       NOT-FOR-US: LS Electric
 CVE-2025-49848 (An Out-of-bounds Write vulnerability exists within the parsing 
of PRJ  ...)
-       TODO: check
+       NOT-FOR-US: LS Electric
 CVE-2025-49847 (llama.cpp is an inference of several LLM models in C/C++. 
Prior to ver ...)
        TODO: check
 CVE-2025-49842 (conda-forge-webservices is the web app deployed to run 
conda-forge adm ...)
-       TODO: check
+       NOT-FOR-US: conda-forge-webservices
 CVE-2025-49508 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49487 (An uncontrolled search path vulnerability in the Trend Micro 
Worry-Fre ...)
        NOT-FOR-US: Trend Micro
 CVE-2025-49452 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49451 (Path Traversal vulnerability in yannisraft Aeroscroll Gallery 
\u2013 I ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49447 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Fastw ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49444 (Unrestricted Upload of File with Dangerous Type vulnerability 
in merku ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49415 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49331 (Deserialization of Untrusted Data vulnerability in impleCode 
eCommerce ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49330 (Deserialization of Untrusted Data vulnerability in CRM Perks 
Integrati ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49316 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49312 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae44266a8751a6c788a9a198ff427f49565bf5ce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae44266a8751a6c788a9a198ff427f49565bf5ce
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to