[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) Tue, 01 Apr 2025 13:30:44 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
88e4a8aa by Salvatore Bonaccorso at 2025-04-01T22:30:09+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-3096 (Clinic\u2019s Patient Management System versions 2.0 suffers 
from a SQ ...)
-       TODO: check
+       NOT-FOR-US: Clinics Patient Management System
 CVE-2025-3085 (A MongoDB server under specific conditions running on Linux 
with TLS a ...)
        TODO: check
 CVE-2025-3084 (When run on commands with certain arguments set, explain may 
fail to v ...)
@@ -317,23 +317,23 @@ CVE-2025-31730 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2025-31408 (Missing Authorization vulnerability in Zoho Flow allows 
Exploiting Inc ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31137 (React Router is a multi-strategy router for React bridging the 
gap fro ...)
-       TODO: check
+       NOT-FOR-US: React Router
 CVE-2025-31132 (Raven is an open-source messaging platform. A vulnerability 
allowed an ...)
-       TODO: check
+       NOT-FOR-US: Raven (not the same as src:raven)
 CVE-2025-31131 (YesWiki is a wiki system written in PHP. The squelette 
parameter is vu ...)
-       TODO: check
+       NOT-FOR-US: YesWiki
 CVE-2025-31121 (OpenEMR is a free and open source electronic health records 
and medica ...)
        NOT-FOR-US: OpenEMR
 CVE-2025-30676 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
-       TODO: check
+       NOT-FOR-US: Apache OFBiz
 CVE-2025-30354 (Bruno is an open source IDE for exploring and testing APIs. A 
bug in t ...)
-       TODO: check
+       NOT-FOR-US: Bruno
 CVE-2025-30224 (MyDumper is a MySQL Logical Backup Tool. The MySQL C client 
library (l ...)
        TODO: check
 CVE-2025-30210 (Bruno is an open source IDE for exploring and testing APIs. 
Prior to 1 ...)
-       TODO: check
+       NOT-FOR-US: Bruno
 CVE-2025-30177 (Bypass/Injection vulnerability in Apache Camel in 
Camel-Undertow compo ...)
-       TODO: check
+       NOT-FOR-US: Apache Camel
 CVE-2025-2906 (The Contempo Real Estate Core plugin for WordPress is 
vulnerable to St ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-2237 (The WP RealEstate plugin for WordPress, used by the Homeo 
theme, is vu ...)
@@ -347,23 +347,23 @@ CVE-2025-28398 (D-LINK DI-8100 16.07.26A1 is vulnerable 
to Buffer Overflow in th
 CVE-2025-28395 (D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in 
the ipse ...)
        NOT-FOR-US: D-Link
 CVE-2025-28132 (A session management flaw in Nagios Network Analyzer 
2024R1.0.3 allows ...)
-       TODO: check
+       NOT-FOR-US: Nagios Network Analyzer
 CVE-2025-28131 (A Broken Access Control vulnerability in Nagios Network 
Analyzer 2024R ...)
-       TODO: check
+       NOT-FOR-US: Nagios Network Analyzer
 CVE-2025-27829 (An issue was discovered in Stormshield Network Security (SNS) 
4.3.x be ...)
-       TODO: check
+       NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2025-27130 (Welcart e-Commerce 2.11.6 and earlier versions contains an 
untrusted d ...)
-       TODO: check
+       NOT-FOR-US: Welcart e-Commerce
 CVE-2025-26056 (A command injection vulnerability exists in the Infinxt iEdge 
100 2.1. ...)
-       TODO: check
+       NOT-FOR-US: Infinxt iEdge 100
 CVE-2025-26055 (An OS Command Injection vulnerability exists in the Infinxt 
iEdge 100  ...)
-       TODO: check
+       NOT-FOR-US: Infinxt iEdge 100
 CVE-2025-26054 (Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting 
(XSS) v ...)
-       TODO: check
+       NOT-FOR-US: Infinxt iEdge 100
 CVE-2025-25041 (A vulnerability in the HPE Aruba Networking Virtual Intranet 
Access (V ...)
        NOT-FOR-US: HPE
 CVE-2025-22231 (VMware Aria Operations contains a local privilege escalation 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: VMware Aria Operations
 CVE-2025-1660 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
        NOT-FOR-US: Autodesk
 CVE-2025-1659 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88e4a8aa0cb1f0d3fda27eac05f0094632150a03

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88e4a8aa0cb1f0d3fda27eac05f0094632150a03
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Reply via email to