[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 5 08:48:28 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b82f68a9 by Salvatore Bonaccorso at 2025-02-05T09:48:00+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,17 +19,17 @@ CVE-2025-0725 [gzip integer overflow]
 	NOTE: Patch only drops officially support for zlib before 1.2.0.4
 	NOTE: Can only be triggered when using ancient runtime zlib of version 1.2.0.3 or older
 CVE-2025-25246 (NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 be ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2025-25039 (A vulnerability in the web-based management interface of HPE Aruba Net ...)
-	TODO: check
+	NOT-FOR-US: HPE Aruba Networking
 CVE-2025-24971 (DumpDrop is a stupid simple file upload application that provides an i ...)
-	TODO: check
+	NOT-FOR-US: DumpDrop
 CVE-2025-24968 (reNgine is an automated reconnaissance framework for web applications. ...)
-	TODO: check
+	NOT-FOR-US: reNgine
 CVE-2025-24967 (reNgine is an automated reconnaissance framework for web applications. ...)
-	TODO: check
+	NOT-FOR-US: reNgine
 CVE-2025-24966 (reNgine is an automated reconnaissance framework for web applications. ...)
-	TODO: check
+	NOT-FOR-US: reNgine
 CVE-2025-24964 (Vitest is a testing framework powered by Vite. Affected versions are s ...)
 	TODO: check
 CVE-2025-24963 (Vitest is a testing framework powered by Vite. The `__screenshot-error ...)
@@ -37,67 +37,67 @@ CVE-2025-24963 (Vitest is a testing framework powered by Vite. The `__screenshot
 CVE-2025-24860 (Incorrect Authorization vulnerability in Apache Cassandra allowing use ...)
 	- cassandra <itp> (bug #585905)
 CVE-2025-24677 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-24648 (Incorrect Privilege Assignment vulnerability in wpase.com Admin and Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-24602 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-24599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-24598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-24373 (woocommerce-pdf-invoices-packing-slips is an extension which allows us ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23645 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23114 (A vulnerability in Veeam Updater component allows Man-in-the-Middle at ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2025-23060 (A vulnerability in HPE Aruba Networking ClearPass Policy Manager may,  ...)
-	TODO: check
+	NOT-FOR-US: HPE Aruba Networking
 CVE-2025-23059 (A vulnerability in the web-based management interface of HPE Aruba Net ...)
-	TODO: check
+	NOT-FOR-US: HPE Aruba Networking
 CVE-2025-23058 (A vulnerability in the ClearPass Policy Manager web-based management i ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2025-23023 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2025-23015 (Privilege Defined With Unsafe Actions vulnerability in Apache Cassandr ...)
 	- cassandra <itp> (bug #585905)
 CVE-2025-22794 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22730 (Missing Authorization vulnerability in Ksher Ksher allows Exploiting I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22700 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22699 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22696 (Missing Authorization vulnerability in EmbedPress Document Block \u201 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22675 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22664 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22662 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22643 (Missing Authorization vulnerability in FameThemes OnePress allows Expl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22641 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22602 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2025-22601 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2025-22206 (A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4 ...)
-	TODO: check
+	NOT-FOR-US: Joomla plugin
 CVE-2025-1028 (The Contact Manager plugin for WordPress is vulnerable to arbitrary fi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1026 (Versions of the package spatie/browsershot before 5.0.5 are vulnerable ...)
 	TODO: check
 CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable ...)
@@ -107,53 +107,53 @@ CVE-2025-1022 (Versions of the package spatie/browsershot before 5.0.5 are vulne
 CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds checks ...)
 	TODO: check
 CVE-2025-0890 (**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Tel ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2025-0825 (cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF chara ...)
 	TODO: check
 CVE-2025-0630 (Multiple Western Telematic (WTI) products contain a web interface that ...)
 	TODO: check
 CVE-2025-0413 (Parallels Desktop Technical Data Reporter Link Following Local Privile ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2025-0364 (BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulne ...)
-	TODO: check
+	NOT-FOR-US: BigAntSoft BigAnt Server
 CVE-2024-9644 (The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an  ...)
-	TODO: check
+	NOT-FOR-US: Four-Faith F3x36 router
 CVE-2024-9643 (The Four-FaithF3x36 router using firmware v2.0.0 is vulnerable to auth ...)
-	TODO: check
+	NOT-FOR-US: Four-Faith F3x36 router
 CVE-2024-8125 (Improper Validation of Specified Type of Input vulnerability in OpenTe ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-56328 (Discourse is an open source platform for community discussion. An atta ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-56197 (Discourse is an open source platform for community discussion. PM titl ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-55948 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-53994 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-53966 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-53965 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-53964 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-53963 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-53962 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-53851 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-53266 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-48445 (An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to  ...)
-	TODO: check
+	NOT-FOR-US: compop.ca ONLINE MALL
 CVE-2024-48019 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Apache Doris
 CVE-2024-45659 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-45658 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-45657 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-43187 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
 	TODO: check
 CVE-2024-40891 (**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection  ...)
@@ -301,7 +301,7 @@ CVE-2025-24901 (WeGIA is a Web Manager for Charitable Institutions. A SQL Inject
 CVE-2025-24899 (reNgine is an automated reconnaissance framework for web applications. ...)
 	NOT-FOR-US: reNgine
 CVE-2025-24371 (CometBFT is a distributed, Byzantine fault-tolerant, deterministic sta ...)
-	TODO: check
+	NOT-FOR-US: CometBFT
 CVE-2025-24370 (Django-Unicorn adds modern reactive component functionality to Django  ...)
 	TODO: check
 CVE-2025-24029 (Tuleap is an Open Source Suite to improve management of software devel ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b82f68a9d3b520474a8f33b647d71e81137b3cac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b82f68a9d3b520474a8f33b647d71e81137b3cac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250205/5ffdc18f/attachment.htm>

More information about the debian-security-tracker-commits mailing list