[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sun, 06 Jul 2025 12:16:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bd4120c7 by Salvatore Bonaccorso at 2025-07-06T21:15:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,7 +38,7 @@ CVE-2025-2504
 CVE-2025-2422
        REJECTED
 CVE-2025-27446 (Incorrect Permission Assignment for Critical Resource 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Apache APISIX
 CVE-2025-1990
        REJECTED
 CVE-2025-1772
@@ -141,31 +141,31 @@ CVE-2025-53605 (The protobuf crate before 3.7.2 for Rust 
allows uncontrolled rec
        NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0437.html
        NOTE: https://github.com/stepancheg/rust-protobuf/issues/749
 CVE-2025-53604 (The web-push crate before 0.10.3 for Rust allows a denial of 
service ( ...)
-       TODO: check
+       NOT-FOR-US: web-push Rust crate
 CVE-2025-53603 (In Alinto SOPE SOGo 2.0.2 through 5.12.2, 
sope-core/NGExtensions/NGHas ...)
        - sogo <unfixed> (bug #1108798)
        NOTE: https://www.openwall.com/lists/oss-security/2025/07/02/3
        NOTE: https://github.com/Alinto/sope/pull/69
 CVE-2025-53602 (Zipkin through 3.5.1 has a /heapdump endpoint (associated with 
the use ...)
-       TODO: check
+       NOT-FOR-US: Zipkin
 CVE-2025-53366 (The MCP Python SDK, called `mcp` on PyPI, is a Python 
implementation o ...)
-       TODO: check
+       NOT-FOR-US: MCP Python SDK
 CVE-2025-53365 (The MCP Python SDK, called `mcp` on PyPI, is a Python 
implementation o ...)
-       TODO: check
+       NOT-FOR-US: MCP Python SDK
 CVE-2025-48952 (NetAlertX is a network, presence scanner, and alert framework. 
Prior t ...)
-       TODO: check
+       NOT-FOR-US: NetAlertX
 CVE-2025-47228 (In the Production Environment extension in Netmake ScriptCase 
through  ...)
-       TODO: check
+       NOT-FOR-US: Netmake ScriptCase
 CVE-2025-47227 (In the Production Environment extension in Netmake ScriptCase 
through  ...)
-       TODO: check
+       NOT-FOR-US: Netmake ScriptCase
 CVE-2025-43711 (Tunnelblick 3.5beta06 before 7.0, when incompletely 
uninstalled, allow ...)
-       TODO: check
+       NOT-FOR-US: Tunnelblick
 CVE-2025-26850 (The agent in Quest KACE Systems Management Appliance (SMA) 
before 14.0 ...)
-       TODO: check
+       NOT-FOR-US: Quest KACE Systems Management Appliance (SMA)
 CVE-2024-58254
        REJECTED
 CVE-2023-50786 (Dradis through 4.16.0 allows referencing external images 
(resources) o ...)
-       TODO: check
+       NOT-FOR-US: Dradis
 CVE-2025-47917
        - mbedtls <unfixed> (bug #1108791)
        NOTE: 
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md
@@ -261,7 +261,7 @@ CVE-2025-50039 (Missing Authorization vulnerability in 
vgwort VG WORT METIS allo
 CVE-2025-50032 (Missing Authorization vulnerability in Paytiko - Payment 
Orchestration ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4414 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49870 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-49867 (Incorrect Privilege Assignment vulnerability in InspiryThemes 
RealHome ...)
@@ -336,7 +336,7 @@ CVE-2025-30947 (Improper Neutralization of Special Elements 
used in an SQL Comma
 CVE-2025-30943 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30933 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Liqui ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-30929 (Missing Authorization vulnerability in amazewp fluXtore allows 
Exploit ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-29012 (Missing Authorization vulnerability in kamleshyadav CF7 7 
Mailchimp Ad ...)
@@ -348,11 +348,11 @@ CVE-2025-29001 (Missing Authorization vulnerability in 
ZoomIt WooCommerce Shop P
 CVE-2025-28983 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28980 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-28978 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28976 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-28971 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28969 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
@@ -374,7 +374,7 @@ CVE-2025-27326 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-26591 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24780 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-24771 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24764 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -388,9 +388,9 @@ CVE-2025-24735 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-23972 (Cross-Site Request Forgery (CSRF) vulnerability in Brian S. 
Reed Conta ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme 
Service Find ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The 
bearer tok ...)
-       TODO: check
+       NOT-FOR-US: Red Hat OpenShift Jenkins
 CVE-2025-27465 [x86: Incorrect stubs exception handling for flags recovery]
        - xen <unfixed>
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4120c761a36de982f40313c56cdfce384b737f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4120c761a36de982f40313c56cdfce384b737f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to