[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 24 Jul 2025 13:25:17 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
57ef7724 by Salvatore Bonaccorso at 2025-07-24T22:24:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,13 +41,13 @@ CVE-2025-6380 (The ONLYOFFICE Docs plugin for WordPress is 
vulnerable to Privile
 CVE-2025-6262 (The muse.ai video embedding plugin for WordPress is vulnerable 
to Stor ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-5243 (Unrestricted Upload of File with Dangerous Type, Improper 
Neutralizati ...)
-       TODO: check
+       NOT-FOR-US: Information Portal
 CVE-2025-5084 (The Post Grid Master plugin for WordPress is vulnerable to 
Reflected C ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-5039 (A maliciously crafted binary file, when present while loading 
files in ...)
        NOT-FOR-US: Autodesk
 CVE-2025-53084 (A cross-site scripting (xss) vulnerability exists in the 
videosList pa ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2025-51089 (Tenda AC8V4 V16.03.34.06` was discovered to contain heap 
overflow at / ...)
        NOT-FOR-US: Tenda
 CVE-2025-51088 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack 
overflow at  ...)
@@ -59,15 +59,15 @@ CVE-2025-51085 (Tenda AC8V4 V16.03.34.06` was discovered to 
contain stack overfl
 CVE-2025-51082 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack 
overflow at  ...)
        NOT-FOR-US: Tenda
 CVE-2025-50128 (A cross-site scripting (xss) vulnerability exists in the 
videoNotFound ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2025-4822 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Bayraktar Solar Energies ScadaWatt Otopilot
 CVE-2025-4784 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Moderec Tourtella
 CVE-2025-4608 (The Structured Content plugin for WordPress is vulnerable to 
Stored Cr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-48732 (An incomplete blacklist exists in the .htaccess sample of WWBN 
AVideo  ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2025-47061 (Adobe Experience Manager versions 6.5.22 and earlier are 
affected by a ...)
        NOT-FOR-US: Adobe
 CVE-2025-46996 (Adobe Experience Manager versions 6.5.22 and earlier are 
affected by a ...)
@@ -75,19 +75,19 @@ CVE-2025-46996 (Adobe Experience Manager versions 6.5.22 
and earlier are affecte
 CVE-2025-46993 (Adobe Experience Manager versions 6.5.22 and earlier are 
affected by a ...)
        NOT-FOR-US: Adobe
 CVE-2025-46410 (A cross-site scripting (xss) vulnerability exists in the 
managerPlayli ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2025-45731 (A group deletion race condition in 2FAuth v5.5.0 causes data 
inconsist ...)
        TODO: check
 CVE-2025-45702 (SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was 
discovered to  ...)
-       TODO: check
+       NOT-FOR-US: SoftPerfect Pty Ltd Connection Quality Monitor
 CVE-2025-41420 (A cross-site scripting (xss) vulnerability exists in the 
userLogin can ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2025-40680 (Lack of sensitive data encryption in CapillaryScope v2.5.0 of 
Capillar ...)
-       TODO: check
+       NOT-FOR-US: CapillaryScope
 CVE-2025-3669 (The Supreme Addons for Beaver Builder plugin for WordPress is 
vulnerab ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-36548 (A cross-site scripting (xss) vulnerability exists in the 
LoginWordPres ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2025-36005 (IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 
3.0.0, 3.0.1, ...)
        NOT-FOR-US: IBM
 CVE-2025-33109 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege 
escalat ...)
@@ -95,7 +95,7 @@ CVE-2025-33109 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is 
vulnerable to a privilege e
 CVE-2025-33013 (IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 
3.0.0, 3.0.1, ...)
        NOT-FOR-US: IBM
 CVE-2025-25214 (A race condition vulnerability exists in the 
aVideoEncoder.json.php un ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2025-8107 (In OceanBase's Oracle tenant mode, a malicious user with 
specific priv ...)
        NOT-FOR-US: OceanBase
 CVE-2025-8009 (The Security Ninja \u2013 WordPress Security Plugin & Firewall 
plugin  ...)
@@ -376,7 +376,7 @@ CVE-2016-15045 (A local privilege escalation vulnerability 
exists in lastore-dae
 CVE-2015-10141 (An unauthenticated OS command injection vulnerability exists 
within Xd ...)
        TODO: check
 CVE-2010-10012 (A path traversal vulnerability exists in httpdasm version 
0.92, a ligh ...)
-       TODO: check
+       NOT-FOR-US: httpdasm
 CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond 
expr .. ...)
        - apache2 2.4.65-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57ef772489374c683c4985168c04e3f835945faf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57ef772489374c683c4985168c04e3f835945faf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to