[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 27 Feb 2025 13:12:08 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
48ad8bf1 by Salvatore Bonaccorso at 2025-02-27T22:11:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,37 +5,37 @@ CVE-2025-27157 (Mastodon is a self-hosted, federated 
microblogging platform. Sta
 CVE-2025-27154 (Spotipy is a lightweight Python library for the Spotify Web 
API. The ` ...)
        TODO: check
 CVE-2025-25761 (HkCms v2.3.2.240702 was discovered to contain an arbitrary 
file write  ...)
-       TODO: check
+       NOT-FOR-US: HkCms
 CVE-2025-25760 (A Server-Side Request Forgery (SSRF) in the component 
admin_webgather. ...)
-       TODO: check
+       NOT-FOR-US: SUCMS
 CVE-2025-25759 (An issue in the component admin_template.php of SUCMS v1.0 
allows atta ...)
-       TODO: check
+       NOT-FOR-US: SUCMS
 CVE-2025-25334 (An issue in Suning Commerce Group Suning EMall iOS 9.5.198 
allows atta ...)
-       TODO: check
+       NOT-FOR-US: Suning Commerce Group Suning EMall
 CVE-2025-25333 (An issue in IKEA CN iOS 4.13.0 allows attackers to access 
sensitive us ...)
-       TODO: check
+       NOT-FOR-US: IKEA CN iOS
 CVE-2025-25331 (An issue in Beitatong Technology LianJia iOS 9.83.50 allows 
attackers  ...)
-       TODO: check
+       NOT-FOR-US: Beitatong Technology LianJia iOS
 CVE-2025-25330 (An issue in Boohee Technology Boohee Health iOS 13.0.13 allows 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Boohee Technology Boohee Health iOS
 CVE-2025-25329 (An issue in Tencent Technology (Beijing) Company Limited 
Tencent Micro ...)
-       TODO: check
+       NOT-FOR-US: Tencent Technology (Beijing) Company Limited Tencent 
MicroVision iOS
 CVE-2025-25326 (An issue in Merchants Union Consumer Finance Company Limited 
Merchants ...)
-       TODO: check
+       NOT-FOR-US: Merchants Union Consumer Finance Company Limited Merchants 
Union Finance iOS
 CVE-2025-25325 (An issue in Yibin Fengguan Network Technology Co., Ltd YuPao 
DirectHir ...)
-       TODO: check
+       NOT-FOR-US: Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire 
iOS
 CVE-2025-25324 (An issue in Shandong Provincial Big Data Center AiShanDong iOS 
5.0.0 a ...)
-       TODO: check
+       NOT-FOR-US: Shandong Provincial Big Data Center AiShanDong iOS
 CVE-2025-25323 (An issue in Qianjin Network Information Technology (Shanghai) 
Co., Ltd ...)
-       TODO: check
+       NOT-FOR-US: Qianjin Network Information Technology (Shanghai) Co., Ltd 
51Job iOS
 CVE-2025-23687 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22952 (elestio memos v0.23.0 is vulnerable to Server-Side Request 
Forgery (SS ...)
-       TODO: check
+       NOT-FOR-US: elestio memos
 CVE-2025-22624 (FooGallery \u2013 Responsive Photo Gallery, Image Viewer, 
Justified, M ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22280 (Missing Authorization vulnerability in revmakx DefendWP 
Firewall allow ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-21824 [gpu: host1x: Fix a use of uninitialized mutex]
        - linux 6.12.16-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -157,19 +157,19 @@ CVE-2025-1756 (mongosh may be susceptible to local 
privilege escalation under ce
 CVE-2025-1755 (MongoDB Compass may be susceptible to local privilege 
escalation under ...)
        TODO: check
 CVE-2025-1751 (A SQL Injection vulnerability has been found in Ciges 2.15.5 
from ATIS ...)
-       TODO: check
+       NOT-FOR-US: Ciges
 CVE-2025-1745 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and 
classifie ...)
-       TODO: check
+       NOT-FOR-US: LinZhaoguan pb-cms
 CVE-2025-1743 (A vulnerability, which was classified as critical, was found in 
zyx081 ...)
-       TODO: check
+       NOT-FOR-US: zyx0814 Pichome
 CVE-2025-1742 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: pihome-shc PiHome
 CVE-2025-1741 (A vulnerability classified as problematic was found in b1gMail 
up to 7 ...)
-       TODO: check
+       NOT-FOR-US: b1gMail
 CVE-2025-1739 (An Authentication Bypass vulnerability has been found in 
Trivision Cam ...)
-       TODO: check
+       NOT-FOR-US: Trivision Camera NC227WF
 CVE-2025-1738 (A Password Transmitted over Query String vulnerability has been 
found  ...)
-       TODO: check
+       NOT-FOR-US: Trivision Camera NC227WF
 CVE-2025-1693 (The MongoDB Shell may be susceptible to control character 
injection wh ...)
        TODO: check
 CVE-2025-1692 (The MongoDB Shell may be susceptible to control character 
injection wh ...)
@@ -183,15 +183,15 @@ CVE-2025-1450 (The Floating Chat Widget: Contact Chat 
Icons, Telegram Chat, Line
 CVE-2025-1282 (The Car Dealer Automotive WordPress Theme \u2013 Responsive 
theme for  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-0914 (An improper access control issue in the VQL shell feature in 
Velocirap ...)
-       TODO: check
+       NOT-FOR-US: Velociraptor
 CVE-2025-0767 (WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated 
user inp ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-0759 (IBM EntireX 11.1 could allow a local user to unintentionally 
modify da ...)
        NOT-FOR-US: IBM
 CVE-2024-9334 (Use of Hard-coded Credentials, Storage of Sensitive Data in a 
Mechanis ...)
-       TODO: check
+       NOT-FOR-US: E-Kent Pallium Vehicle Tracking
 CVE-2024-9285 (A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 
on Andr ...)
-       TODO: check
+       NOT-FOR-US: Tu Yafeng Via Browser
 CVE-2024-56812 (IBM EntireX 11.1 could allow a local user to obtain sensitive 
informat ...)
        NOT-FOR-US: IBM
 CVE-2024-56811 (IBM EntireX 11.1 could allow a local user to obtain sensitive 
informat ...)
@@ -207,15 +207,15 @@ CVE-2024-56494 (IBM EntireX 11.1 could allow a local user 
to obtain sensitive in
 CVE-2024-56493 (IBM EntireX 11.1 could allow a local user to obtain sensitive 
informat ...)
        NOT-FOR-US: IBM
 CVE-2024-54957 (Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on 
the Too ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2024-54170 (IBM EntireX 11.1could allow a local user to cause a denial of 
service  ...)
        NOT-FOR-US: IBM
 CVE-2024-54169 (IBM EntireX 11.1could allow an authenticated attacker to 
traverse dire ...)
        NOT-FOR-US: IBM
 CVE-2024-53944 (An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi 
devices thro ...)
-       TODO: check
+       NOT-FOR-US: Tuoshi/Dionlink LT15D 4G Wi-Fi devices
 CVE-2024-53408 (AVE System Web Client v2.1.131.13992 was discovered to contain 
a cross ...)
-       TODO: check
+       NOT-FOR-US: AVE System Web Client
 CVE-2024-13734 (The Card Elements for Elementor plugin for WordPress is 
vulnerable to  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-13402 (The Buddyboss Platform plugin for WordPress is vulnerable to 
Stored Cr ...)
@@ -223,7 +223,7 @@ CVE-2024-13402 (The Buddyboss Platform plugin for WordPress 
is vulnerable to Sto
 CVE-2024-13217 (The Jeg Elementor Kit plugin for WordPress is vulnerable to 
Sensitive  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-13148 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Yukseloglu Filter B2B Login Platform
 CVE-2024-10918 (Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 
allows  ...)
        TODO: check
 CVE-2025-1728
@@ -916,11 +916,11 @@ CVE-2024-6810 (The Quiz Organizer plugin for WordPress is 
vulnerable to Stored C
 CVE-2024-53427 (jq v1.7.1 contains a stack-buffer-overflow in the 
decNumberCopy functi ...)
        TODO: check
 CVE-2024-52925 (In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code 
execution ca ...)
-       TODO: check
+       NOT-FOR-US: OPSWAT MetaDefender Kiosk
 CVE-2024-47053 (This advisory addresses an authorization vulnerability in 
Mautic's HTT ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2024-47051 (This advisory addresses two critical security vulnerabilities 
present  ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2024-46226 (A stored cross site scripting (XSS) vulnerability in HelpDeskZ 
< v2.0. ...)
        NOT-FOR-US: HelpDeskZ
 CVE-2024-13560 (The Subscriptions & Memberships for PayPal plugin for 
WordPress is vul ...)
@@ -252344,7 +252344,7 @@ CVE-2022-25775 (Prior to the patched version, logged 
in users of Mautic are vuln
 CVE-2022-25774 (Prior to the patched version, logged in users of Mautic are 
vulnerable ...)
        NOT-FOR-US: Mautic
 CVE-2022-25773 (This advisory addresses a file placement vulnerability that 
could allo ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking 
compone ...)
        NOT-FOR-US: Mautic
 CVE-2022-25771



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48ad8bf1a8aee9e83ec93fd0d8727dc2b4af81a1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48ad8bf1a8aee9e83ec93fd0d8727dc2b4af81a1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to