[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 6 09:04:55 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b95424c2 by Moritz Muehlenhoff at 2025-02-06T10:04:39+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,21 +19,21 @@ CVE-2025-0522 (The LikeBot  WordPress plugin through 0.85 does not have CSRF che
 CVE-2024-57699 (A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1.  ...)
 	TODO: check
 CVE-2024-57598 (A floating point exception (divide-by-zero) vulnerability was discover ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2024-57520 (Insecure Permissions vulnerability in asterisk v22 allows a remote att ...)
 	TODO: check
 CVE-2024-57086 (A prototype pollution in the function fieldsToJson of node-opcua-alarm ...)
-	TODO: check
+	NOT-FOR-US: Node node-opcua-alarm-condition
 CVE-2024-57085 (A prototype pollution in the function deepMerge of @stryker-mutator/ut ...)
-	TODO: check
+	NOT-FOR-US: Node @stryker-mutator/util
 CVE-2024-57084 (A prototype pollution in the function lib.parse of dot-properties v1.0 ...)
-	TODO: check
+	NOT-FOR-US: Node dot-properties
 CVE-2024-57082 (A prototype pollution in the lib.createUploader function of @rpldy/upl ...)
-	TODO: check
+	NOT-FOR-US: Node @rpldy/uploader
 CVE-2024-57081 (A prototype pollution in the lib.fromQuery function of underscore-cont ...)
-	TODO: check
+	NOT-FOR-US: Node underscore-contrib
 CVE-2024-57080 (A prototype pollution in the lib.install function of vxe-table v4.8.10 ...)
-	TODO: check
+	NOT-FOR-US: Node vxe-table
 CVE-2024-57079 (A prototype pollution in the lib.deepMerge function of @zag-js/core v0 ...)
 	TODO: check
 CVE-2024-57078 (A prototype pollution in the lib.merge function of cli-util v1.1.27 al ...)
@@ -73,7 +73,7 @@ CVE-2024-56471 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to serv
 CVE-2024-56470 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to server-sid ...)
 	NOT-FOR-US: IBM
 CVE-2024-54853 (A Stored Cross-Site Scripting (XSS) vulnerability was identified affec ...)
-	TODO: check
+	NOT-FOR-US: Skybox Change Manager
 CVE-2024-51547 (Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise,  ...)
 	NOT-FOR-US: ABB
 CVE-2024-51450 (IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remo ...)
@@ -119,13 +119,13 @@ CVE-2025-24497 (When URL categorization is configured on a virtual server, undis
 CVE-2025-24372 (CKAN is an open-source DMS (data management system) for powering data  ...)
 	TODO: check
 CVE-2025-24326 (When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures fea ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-24320 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...)
 	TODO: check
 CVE-2025-24319 (When BIG-IP Next Central Manager is running, undisclosed requests to t ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-24312 (When BIG-IP AFM is provisioned with IPS module enabled and protocol in ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-23419 (When multiple server blocks are configured to share the same IP addres ...)
 	TODO: check
 CVE-2025-23415 (An insufficient verification of data authenticity vulnerability exists ...)
@@ -133,61 +133,61 @@ CVE-2025-23415 (An insufficient verification of data authenticity vulnerability
 CVE-2025-23413 (When users log in through the webUI or API using local authentication, ...)
 	TODO: check
 CVE-2025-23412 (When BIG-IP APM Access Profile is configured on a virtual server, undi ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-23239 (When running in Appliance mode, an authenticated remote command inject ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-22891 (When BIG-IP PEM Control Plane listener Virtual Server is configured wi ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-22846 (When SIP Session and Router ALG profiles are configured on a Message R ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-21117 (Dell Avamar, version 19.4 or later, contains an access token reuse vul ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2025-21091 (When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests c ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-21087 (When Client or Server SSL profiles are configured on a Virtual Server, ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-20207 (A vulnerability in Simple Network Management Protocol (SNMP) polling f ...)
 	TODO: check
 CVE-2025-20205 (A vulnerability in the web-based management interface of Cisco Identit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20204 (A vulnerability in the web-based management interface of Cisco Identit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20185 (A vulnerability in the implementation of the remote access functionali ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20184 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20183 (A vulnerability in a policy-based Cisco Application Visibility and Con ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20180 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20179 (A vulnerability in the web-based management interface of Cisco Express ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20176 (A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20175 (A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20174 (A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20173 (A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20172 (A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20171 (A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20170 (A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20169 (A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20125 (A vulnerability in an API of Cisco ISE could allow an authenticated, r ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20124 (A vulnerability in an API of Cisco ISE could allow an authenticated, r ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20058 (When a BIG-IP message routing profile is configured on a virtual serve ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-20045 (When SIP session Application Level Gateway mode (ALG) profile with Pas ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-20029 (Command injection vulnerability exists in iControl REST and BIG-IP TMO ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-0858 (A vulnerability was discovered in the firmware builds up to 8.2.1.0820 ...)
 	TODO: check
 CVE-2024-9631 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b95424c2b653d16460d7dace41f6ed4580a46f73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b95424c2b653d16460d7dace41f6ed4580a46f73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250206/71ea1378/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list