[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 29 Jul 2025 09:07:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a91cd7ad by Salvatore Bonaccorso at 2025-07-29T18:06:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-8264 (Versions of the package z-push/z-push-dev before 2.7.6 are 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: z-push/z-push-dev
 CVE-2025-7811 (The StreamWeasels YouTube Integration plugin for WordPress is 
vulnerab ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-7810 (The StreamWeasels Kick Integration plugin for WordPress is 
vulnerable  ...)
@@ -9,15 +9,15 @@ CVE-2025-7809 (The StreamWeasels Twitch Integration plugin 
for WordPress is vuln
 CVE-2025-6495 (The Bricks theme for WordPress is vulnerable to blind SQL 
Injection vi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-54769 (An authenticated, read-only user can upload a file and perform 
a direc ...)
-       TODO: check
+       NOT-FOR-US: LPAR2RRD
 CVE-2025-54768 (An API endpoint that should be limited to web application 
administrato ...)
-       TODO: check
+       NOT-FOR-US: LPAR2RRD
 CVE-2025-54767 (An authenticated, read-only user can kill any processes 
running on the ...)
-       TODO: check
+       NOT-FOR-US: LPAR2RRD
 CVE-2025-54766 (An API endpoint that should be limited to web application 
administrato ...)
-       TODO: check
+       NOT-FOR-US: XorMon-NG
 CVE-2025-54765 (An API endpoint that should be limited to web application 
administrato ...)
-       TODO: check
+       NOT-FOR-US: XorMon-NG
 CVE-2025-54666
        REJECTED
 CVE-2025-54665
@@ -31,27 +31,27 @@ CVE-2025-54662
 CVE-2025-54661
        REJECTED
 CVE-2025-54429 (Polkadot Frontier is an Ethereum and EVM compatibility layer 
for Polka ...)
-       TODO: check
+       NOT-FOR-US: Polkadot Frontier
 CVE-2025-54428 (RevelaCode is an AI-powered faith-tech project that decodes 
biblical v ...)
-       TODO: check
+       NOT-FOR-US: RevelaCode
 CVE-2025-54427 (Polkadot Frontier is an Ethereum and EVM compatibility layer 
for Polka ...)
-       TODO: check
+       NOT-FOR-US: Polkadot Frontier
 CVE-2025-54426 (Polkadot Frontier is an Ethereum and EVM compatibility layer 
for Polka ...)
-       TODO: check
+       NOT-FOR-US: Polkadot Frontier
 CVE-2025-53649 ("SwitchBot" App for iOS/Android contains an insertion of 
sensitive inf ...)
-       TODO: check
+       NOT-FOR-US: "SwitchBot" App for iOS/Android
 CVE-2025-53082 (An 'Arbitrary File Deletion' in Samsung DMS(Data Management 
Server) al ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-53081 (An 'Arbitrary File Creation' in Samsung DMS(Data Management 
Server) al ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-53080 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-53079 (Absolute Path Traversal in Samsung DMS(Data Management Server) 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-53078 (Deserialization of Untrusted Data in Samsung DMS(Data 
Management Serve ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-53077 (An execution after redirect in Samsung DMS(Data Management 
Server) all ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-4566 (The Elementor Website Builder \u2013 More Than Just a Page 
Builder plu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4370 (The Brizy \u2013 Page Builder plugin for WordPress is 
vulnerable to li ...)
@@ -64,7 +64,7 @@ CVE-2025-8283 (A vulnerability was found in the netavark 
package, a network stac
        NOTE: Introduced with: 
https://github.com/containers/netavark/commit/9035c677338a62a21ab58698527e9756ce1de842
 (v1.15.0)
        NOTE: Fixed by: 
https://github.com/containers/netavark/commit/03f12695a696c7fe407eefebd7d5ad3cf2e934fe
 CVE-2025-8279 (Insufficient input validation within GitLab Language Server 
7.6.0 and  ...)
-       TODO: check
+       NOT-FOR-US: GitLab Language Server
 CVE-2025-8275 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: bsc Peru Cocktails App
 CVE-2025-8274 (A vulnerability classified as critical was found in Campcodes 
Online R ...)
@@ -131,7 +131,7 @@ CVE-2025-54528 (In JetBrains TeamCity before 2025.07 a CSRF 
was possible in GitH
 CVE-2025-54527 (In JetBrains YouTrack before 2025.2.86935,  2025.2.87167,  
2025.3.8734 ...)
        NOT-FOR-US: JetBrains
 CVE-2025-54423 (copyparty is a portable file server. In versions up to and 
including v ...)
-       TODO: check
+       NOT-FOR-US: copyparty
 CVE-2025-54419 (A SAML library not dependent on any frameworks that runs in 
Node. In v ...)
        NOT-FOR-US: Node saml
 CVE-2025-54418 (CodeIgniter is a PHP full-stack web framework. A command 
injection vul ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a91cd7ad11e84ed02d236773050e0b269035199e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a91cd7ad11e84ed02d236773050e0b269035199e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to