[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 31 Jan 2025 00:43:57 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
972f8377 by Salvatore Bonaccorso at 2025-01-31T09:43:10+01:00
Process some NFUs

Some Boradcom issues are straight marked as NFUs as there is no real
trackable information available on those CVEs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,15 +3,15 @@ CVE-2025-24886 (pwn.college is an education platform to learn 
about, and practic
 CVE-2025-24885 (pwn.college is an education platform to learn about, and 
practice, cor ...)
        NOT-FOR-US: pwn.college
 CVE-2025-24336 (SXF Common Library handles input data improperly. If a product 
using t ...)
-       TODO: check
+       NOT-FOR-US: SXF Common Library
 CVE-2025-22216 (A UAA configured with multiple identity zones, does not 
properly valid ...)
-       TODO: check
+       NOT-FOR-US: CloudFoundry
 CVE-2025-0882 (A vulnerability was found in code-projects Chat System up to 
1.0. It h ...)
-       TODO: check
+       NOT-FOR-US: code-projects Chat System
 CVE-2025-0881 (A vulnerability was found in Codezips Gym Management System 
1.0. It ha ...)
-       TODO: check
+       NOT-FOR-US: Codezips Gym Management System
 CVE-2025-0880 (A vulnerability was found in Codezips Gym Management System 1.0 
and cl ...)
-       TODO: check
+       NOT-FOR-US: Codezips Gym Management System
 CVE-2025-0809 (The Link Fixer plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-0574 (Sante PACS Server URL path Memory Corruption Denial-of-Service 
Vulnera ...)
@@ -35,9 +35,9 @@ CVE-2025-0493 (The MultiVendorX \u2013 The Ultimate 
WooCommerce Multivendor Mark
 CVE-2025-0470 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom 
Form B ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-53007 (Bentley Systems ProjectWise Integration Server before 
10.00.03.288 all ...)
-       TODO: check
+       NOT-FOR-US: Bentley Systems ProjectWise Integration Server
 CVE-2024-52875 (An issue was discovered in GFI Kerio Control 9.2.5 through 
9.4.5. The  ...)
-       TODO: check
+       NOT-FOR-US: GFI Kerio Control
 CVE-2024-47900 (Software installed and run as a non-privileged user may 
conduct improp ...)
        NOT-FOR-US: Imagination Technologies
 CVE-2024-47899 (Software installed and run as a non-privileged user may 
conduct improp ...)
@@ -143,7 +143,7 @@ CVE-2024-11610 (AutomationDirect C-More EA9 EAP9 File 
Parsing Memory Corruption
 CVE-2024-11609 (AutomationDirect C-More EA9 EAP9 File Parsing Stack-based 
Buffer Overf ...)
        NOT-FOR-US: AutomationDirect
 CVE-2024-10867 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit 
for Ele ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6195 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        TODO: check
 CVE-2025-24883 (go-ethereum (geth) is a golang execution layer implementation 
of the E ...)
@@ -153,21 +153,21 @@ CVE-2025-24802 (Plonky2 is a SNARK implementation based 
on techniques from PLONK
 CVE-2025-24784 (kubewarden-controller is a Kubernetes controller that allows 
you to dy ...)
        NOT-FOR-US: kubewarden-controller
 CVE-2025-24507 (This vulnerability allows appliance compromise at boot time.)
-       TODO: check
+       NOT-FOR-US: Boradcom
 CVE-2025-24506 (A specific authentication strategy allows to learn ids of PAM 
users as ...)
-       TODO: check
+       NOT-FOR-US: Boradcom
 CVE-2025-24505 (This vulnerability allows a high-privileged authenticated PAM 
user to  ...)
-       TODO: check
+       NOT-FOR-US: Boradcom
 CVE-2025-24504 (An improper input validation the CSRF filter results in 
unsanitized us ...)
-       TODO: check
+       NOT-FOR-US: Boradcom
 CVE-2025-24503 (A malicious actor can fix the session of a PAM user by 
tricking the us ...)
-       TODO: check
+       NOT-FOR-US: Boradcom
 CVE-2025-24502 (An improper session validation allows an unauthenticated 
attacker to c ...)
-       TODO: check
+       NOT-FOR-US: Boradcom
 CVE-2025-24501 (An improper input validation allows an unauthenticated 
attacker to alt ...)
-       TODO: check
+       NOT-FOR-US: Boradcom
 CVE-2025-24500 (The vulnerability allows an unauthenticated attacker to access 
informa ...)
-       TODO: check
+       NOT-FOR-US: Boradcom
 CVE-2025-24376 (kubewarden-controller is a Kubernetes controller that allows 
you to dy ...)
        NOT-FOR-US: kubewarden-controller
 CVE-2025-24099 (The issue was addressed with improved checks. This issue is 
fixed in m ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972f8377fb510c4d05935dfd066e98ea333f165e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972f8377fb510c4d05935dfd066e98ea333f165e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to