[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 05 Feb 2025 00:48:36 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b82f68a9 by Salvatore Bonaccorso at 2025-02-05T09:48:00+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,17 +19,17 @@ CVE-2025-0725 [gzip integer overflow]
        NOTE: Patch only drops officially support for zlib before 1.2.0.4
        NOTE: Can only be triggered when using ancient runtime zlib of version 
1.2.0.3 or older
 CVE-2025-25246 (NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and 
XR500 be ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2025-25039 (A vulnerability in the web-based management interface of HPE 
Aruba Net ...)
-       TODO: check
+       NOT-FOR-US: HPE Aruba Networking
 CVE-2025-24971 (DumpDrop is a stupid simple file upload application that 
provides an i ...)
-       TODO: check
+       NOT-FOR-US: DumpDrop
 CVE-2025-24968 (reNgine is an automated reconnaissance framework for web 
applications. ...)
-       TODO: check
+       NOT-FOR-US: reNgine
 CVE-2025-24967 (reNgine is an automated reconnaissance framework for web 
applications. ...)
-       TODO: check
+       NOT-FOR-US: reNgine
 CVE-2025-24966 (reNgine is an automated reconnaissance framework for web 
applications. ...)
-       TODO: check
+       NOT-FOR-US: reNgine
 CVE-2025-24964 (Vitest is a testing framework powered by Vite. Affected 
versions are s ...)
        TODO: check
 CVE-2025-24963 (Vitest is a testing framework powered by Vite. The 
`__screenshot-error ...)
@@ -37,67 +37,67 @@ CVE-2025-24963 (Vitest is a testing framework powered by 
Vite. The `__screenshot
 CVE-2025-24860 (Incorrect Authorization vulnerability in Apache Cassandra 
allowing use ...)
        - cassandra <itp> (bug #585905)
 CVE-2025-24677 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-24648 (Incorrect Privilege Assignment vulnerability in wpase.com 
Admin and Si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-24602 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-24599 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-24598 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-24373 (woocommerce-pdf-invoices-packing-slips is an extension which 
allows us ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-23645 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-23114 (A vulnerability in Veeam Updater component allows 
Man-in-the-Middle at ...)
-       TODO: check
+       NOT-FOR-US: Veeam
 CVE-2025-23060 (A vulnerability in HPE Aruba Networking ClearPass Policy 
Manager may,  ...)
-       TODO: check
+       NOT-FOR-US: HPE Aruba Networking
 CVE-2025-23059 (A vulnerability in the web-based management interface of HPE 
Aruba Net ...)
-       TODO: check
+       NOT-FOR-US: HPE Aruba Networking
 CVE-2025-23058 (A vulnerability in the ClearPass Policy Manager web-based 
management i ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2025-23023 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2025-23015 (Privilege Defined With Unsafe Actions vulnerability in Apache 
Cassandr ...)
        - cassandra <itp> (bug #585905)
 CVE-2025-22794 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22730 (Missing Authorization vulnerability in Ksher Ksher allows 
Exploiting I ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22700 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22699 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22697 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22696 (Missing Authorization vulnerability in EmbedPress Document 
Block \u201 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22675 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22674 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22664 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22662 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22653 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22643 (Missing Authorization vulnerability in FameThemes OnePress 
allows Expl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22642 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22641 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22602 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2025-22601 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2025-22206 (A SQL injection vulnerability in the JS Jobs plugin versions 
1.1.5-1.4 ...)
-       TODO: check
+       NOT-FOR-US: Joomla plugin
 CVE-2025-1028 (The Contact Manager plugin for WordPress is vulnerable to 
arbitrary fi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-1026 (Versions of the package spatie/browsershot before 5.0.5 are 
vulnerable ...)
        TODO: check
 CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are 
vulnerable ...)
@@ -107,53 +107,53 @@ CVE-2025-1022 (Versions of the package spatie/browsershot 
before 5.0.5 are vulne
 CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds 
checks ...)
        TODO: check
 CVE-2025-0890 (**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for 
the Tel ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2025-0825 (cpp-httplib version v0.17.3 through v0.18.3 fails to filter 
CRLF chara ...)
        TODO: check
 CVE-2025-0630 (Multiple Western Telematic (WTI) products contain a web 
interface that ...)
        TODO: check
 CVE-2025-0413 (Parallels Desktop Technical Data Reporter Link Following Local 
Privile ...)
-       TODO: check
+       NOT-FOR-US: Parallels Desktop
 CVE-2025-0364 (BigAntSoft BigAnt Server, up to and including version 5.6.06, 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: BigAntSoft BigAnt Server
 CVE-2024-9644 (The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable 
to an  ...)
-       TODO: check
+       NOT-FOR-US: Four-Faith F3x36 router
 CVE-2024-9643 (The Four-FaithF3x36 router using firmware v2.0.0 is vulnerable 
to auth ...)
-       TODO: check
+       NOT-FOR-US: Four-Faith F3x36 router
 CVE-2024-8125 (Improper Validation of Specified Type of Input vulnerability in 
OpenTe ...)
-       TODO: check
+       NOT-FOR-US: OpenText
 CVE-2024-56328 (Discourse is an open source platform for community discussion. 
An atta ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-56197 (Discourse is an open source platform for community discussion. 
PM titl ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-55948 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-53994 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-53966 (Adobe Experience Manager versions 6.5.21 and earlier are 
affected by a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-53965 (Adobe Experience Manager versions 6.5.21 and earlier are 
affected by a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-53964 (Adobe Experience Manager versions 6.5.21 and earlier are 
affected by a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-53963 (Adobe Experience Manager versions 6.5.21 and earlier are 
affected by a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-53962 (Adobe Experience Manager versions 6.5.21 and earlier are 
affected by a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-53851 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-53266 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-48445 (An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote 
attacker to  ...)
-       TODO: check
+       NOT-FOR-US: compop.ca ONLINE MALL
 CVE-2024-48019 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Apache Doris
 CVE-2024-45659 (IBM Security Verify Access Appliance and Container 10.0.0 
through 10.0 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-45658 (IBM Security Verify Access Appliance and Container 10.0.0 
through 10.0 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-45657 (IBM Security Verify Access Appliance and Container 10.0.0 
through 10.0 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-43187 (IBM Security Verify Access Appliance and Container 10.0.0 
through 10.0 ...)
        TODO: check
 CVE-2024-40891 (**UNSUPPORTED WHEN ASSIGNED** A post-authentication command 
injection  ...)
@@ -301,7 +301,7 @@ CVE-2025-24901 (WeGIA is a Web Manager for Charitable 
Institutions. A SQL Inject
 CVE-2025-24899 (reNgine is an automated reconnaissance framework for web 
applications. ...)
        NOT-FOR-US: reNgine
 CVE-2025-24371 (CometBFT is a distributed, Byzantine fault-tolerant, 
deterministic sta ...)
-       TODO: check
+       NOT-FOR-US: CometBFT
 CVE-2025-24370 (Django-Unicorn adds modern reactive component functionality to 
Django  ...)
        TODO: check
 CVE-2025-24029 (Tuleap is an Open Source Suite to improve management of 
software devel ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b82f68a9d3b520474a8f33b647d71e81137b3cac

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b82f68a9d3b520474a8f33b647d71e81137b3cac
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to