[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) Tue, 18 Feb 2025 12:29:44 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4fb422f2 by Salvatore Bonaccorso at 2025-02-18T21:29:04+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
 CVE-2025-27016 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-27013 (Missing Authorization vulnerability in EPC MediCenter - Health 
Medical ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-26623 (Exiv2 is a C++ library and a command-line utility to read, 
write, dele ...)
        TODO: check
 CVE-2025-26620 (Duende.AccessTokenManagement is a set of .NET libraries that 
manage OA ...)
-       TODO: check
+       NOT-FOR-US: Duende.AccessTokenManagement
 CVE-2025-26604 (Discord-Bot-Framework-Kernel is a Discord bot framework built 
with int ...)
-       TODO: check
+       NOT-FOR-US: Discord-Bot-Framework-Kernel Discord bot framework
 CVE-2025-26603 (Vim is a greatly improved version of the good old UNIX editor 
Vi. Vim  ...)
        TODO: check
 CVE-2025-26058 (Webkul QloApps v1.6.1 exposes authentication tokens in URLs 
during red ...)
-       TODO: check
+       NOT-FOR-US: Webkul QloApps
 CVE-2025-25305 (Home Assistant Core is an open source home automation that 
puts local  ...)
-       TODO: check
+       NOT-FOR-US: Home Assistant Core
 CVE-2025-25300 (smartbanner.js is a customizable smart app banner for iOS and 
Android. ...)
        TODO: check
 CVE-2025-25284 (The ZOO-Project is an open source processing platform, 
released under  ...)
-       TODO: check
+       NOT-FOR-US: ZOO-Project
 CVE-2025-24895 (CIE.AspNetCore.Authentication is an AspNetCore Remote 
Authenticator fo ...)
-       TODO: check
+       NOT-FOR-US: CIE.AspNetCore.Authentication AspNetCore Remote 
Authenticator for CIE
 CVE-2025-24894 (SPID.AspNetCore.Authentication is an AspNetCore Remote 
Authenticator f ...)
-       TODO: check
+       NOT-FOR-US: SPID.AspNetCore.Authentication AspNetCore Remote 
Authenticator for SPID
 CVE-2025-22663 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22657 (Missing Authorization vulnerability in Vito Peleg Atarim 
allows Exploi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22656 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22654 (Unrestricted Upload of File with Dangerous Type vulnerability 
in kodes ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22650 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22645 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22639 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22207 (Improperly built order clauses lead to a SQL injection 
vulnerability i ...)
        TODO: check
 CVE-2025-21608 (Meshtastic is an open source mesh networking solution. In 
affected fir ...)
@@ -43,37 +43,37 @@ CVE-2025-21608 (Meshtastic is an open source mesh 
networking solution. In affect
 CVE-2025-1414 (Memory safety bugs present in Firefox 135. Some of these bugs 
showed e ...)
        TODO: check
 CVE-2025-1269 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in H ...)
-       TODO: check
+       NOT-FOR-US: HAVELSAN Liman MYS
 CVE-2025-1035 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Komtera Technolgies KLog Server
 CVE-2025-1023 (A vulnerability exists in ChurchCRM5.13.0 and priorthat allows 
an atta ...)
-       TODO: check
+       NOT-FOR-US: ChurchCRM
 CVE-2025-0981 (A vulnerability exists in ChurchCRM5.13.0 and prior that allows 
an att ...)
-       TODO: check
+       NOT-FOR-US: ChurchCRM
 CVE-2025-0817 (The FormCraft plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-0521 (The Post SMTP plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-57056 (Incorrect cookie session handling in WombatDialer before 25.02 
results ...)
-       TODO: check
+       NOT-FOR-US: WombatDialer
 CVE-2024-57055 (Server-Side Access Control Bypass vulnerability in 
WombatDialer before ...)
-       TODO: check
+       NOT-FOR-US: WombatDialer
 CVE-2024-57050 (A vulnerability in the TP-Link WR840N v6 router with firmware 
version  ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2024-57049 (A vulnerability in the TP-Link Archer c20 router with firmware 
version ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2024-57046 (A vulnerability in the Netgear DGN2200 router with firmware 
version v1 ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2024-57045 (A vulnerability in the D-Link DIR-859 router with firmware 
version A3  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-56883 (Sage DPW before 2024_12_001 is vulnerable to Incorrect Access 
Control. ...)
        TODO: check
 CVE-2024-56882 (Sage DPW before 2024_12_000 is vulnerable to Cross Site 
Scripting (XSS ...)
        TODO: check
 CVE-2024-56000 (Incorrect Privilege Assignment vulnerability in NotFound K 
Elements al ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-55460 (A time-based SQL injection vulnerability in the login page of 
BoardRoo ...)
-       TODO: check
+       NOT-FOR-US: BoardRoom Limited Dividend Distribution Tax Election System
 CVE-2024-51505 (An issue was discovered in Atos Eviden IDRA before 2.7.1. A 
highly tru ...)
        TODO: check
 CVE-2024-50609 (An issue was discovered in Fluent Bit 3.1.9. When the 
OpenTelemetry in ...)
@@ -202490,7 +202490,7 @@ CVE-2022-41547 (Mobile Security Framework (MobSF) 
v0.9.2 and below was discovere
 CVE-2022-41546
        RESERVED
 CVE-2022-41545 (The administrative web interface of a Netgear C7800 Router 
running fir ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code 
executio ...)
        NOT-FOR-US: GetSimple CMS
 CVE-2022-41543



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fb422f23452033f1770432b4d54dff9bbdf5216

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fb422f23452033f1770432b4d54dff9bbdf5216
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Reply via email to