[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 7 07:56:16 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9db89417 by Salvatore Bonaccorso at 2025-02-07T08:55:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,113 +11,113 @@ CVE-2025-24531 [Possible Authentication Bypass in Error Situations]
 CVE-2025-24981 (MDC is a tool to take regular Markdown and write documents interacting ...)
 	TODO: check
 CVE-2025-24787 (WhoDB is an open source database management tool. In affected versions ...)
-	TODO: check
+	NOT-FOR-US: WhoDB
 CVE-2025-24786 (WhoDB is an open source database management tool. While the applicatio ...)
-	TODO: check
+	NOT-FOR-US: WhoDB
 CVE-2025-23217 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy for pen ...)
 	TODO: check
 CVE-2025-22992 (A SQL Injection vulnerability exists in the /feed/insert.json endpoint ...)
-	TODO: check
+	NOT-FOR-US: Emoncms
 CVE-2025-22936 (An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4 ...)
-	TODO: check
+	NOT-FOR-US: Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router
 CVE-2025-22867 (On Darwin, building a Go module which contains CGO can trigger arbitra ...)
 	TODO: check
 CVE-2025-22866 (Due to the usage of a variable time instruction in the assembly implem ...)
 	TODO: check
 CVE-2025-1078 (A vulnerability has been found in AppHouseKitchen AlDente Charge Limit ...)
-	TODO: check
+	NOT-FOR-US: AppHouseKitchen AlDente Charge
 CVE-2025-1076 (A Stored Cross-Site Scripting (Stored XSS) vulnerability has been foun ...)
-	TODO: check
+	NOT-FOR-US: Holded application
 CVE-2025-1074 (A vulnerability, which was classified as problematic, was found in Web ...)
-	TODO: check
+	NOT-FOR-US: Webkul QloApps
 CVE-2025-0994 (Trimble Cityworks versions prior to 15.8.9 and Cityworks with office c ...)
-	TODO: check
+	NOT-FOR-US: Trimble Cityworks
 CVE-2025-0982 (Sandbox escape in the JavaScript Task feature of Google Cloud Applicat ...)
 	TODO: check
 CVE-2025-0859 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Edit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-57962 (Vulnerability of incomplete verification information in the VPN servic ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57961 (Out-of-bounds write vulnerability in the emcom module Impact: Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57960 (Input verification vulnerability in the ExternalStorageProvider module ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57959 (Use-After-Free (UAF) vulnerability in the display module Impact: Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57958 (Out-of-bounds array read vulnerability in the FFRT module Impact: Succ ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57957 (Vulnerability of improper log information control in the UI framework  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57956 (Out-of-bounds read vulnerability in the interpreter string module Impa ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57955 (Arbitrary write vulnerability in the Gallery module  Impact: Successfu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57954 (Permission verification vulnerability in the media library module Impa ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-57673 (An issue in floodlight v1.2 allows a local attacker to cause a denial  ...)
 	TODO: check
 CVE-2024-57672 (An issue in floodlight v1.2 allows a local attacker to cause a denial  ...)
 	TODO: check
 CVE-2024-57668 (In Code-projects Shopping Portal v1.0, the insert-product.php page has ...)
-	TODO: check
+	NOT-FOR-US: Code-projects Shopping Portal
 CVE-2024-57610 (A rate limiting issue in Sylius v2.0.2 allows a remote attacker to per ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2024-57599 (Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 al ...)
-	TODO: check
+	NOT-FOR-US: DouPHP
 CVE-2024-57523 (Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packe ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Packers and Movers Management System
 CVE-2024-57430 (An SQL injection vulnerability in the pjActionGetUser function of PHPJ ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Cinema Booking System
 CVE-2024-57429 (A cross-site request forgery (CSRF) vulnerability in the pjActionUpdat ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Cinema Booking System
 CVE-2024-57428 (A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Cinema Booking System
 CVE-2024-57427 (PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Cinema Booking System
 CVE-2024-57426 (NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an at ...)
-	TODO: check
+	NOT-FOR-US: NetMod VPN Client
 CVE-2024-52892 (IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable t ...)
 	NOT-FOR-US: IBM
 CVE-2024-47258 (2N Access Commander version 2.1 and prior is vulnerable in default set ...)
-	TODO: check
+	NOT-FOR-US: 2N Access Commander
 CVE-2024-47256 (Successful exploitation of this vulnerability could allow an attacker  ...)
-	TODO: check
+	NOT-FOR-US: 2N Access Commander
 CVE-2024-45626 (Apache James server JMAP HTML to text plain implementation in versions ...)
-	TODO: check
+	NOT-FOR-US: Apache James
 CVE-2024-43811
 	REJECTED
 CVE-2024-43779 (An information disclosure vulnerability exists in the Vault API functi ...)
-	TODO: check
+	NOT-FOR-US: ClearML Enterprise Server
 CVE-2024-39272 (A cross-site scripting (xss) vulnerability exists in the dataset uploa ...)
-	TODO: check
+	NOT-FOR-US: ClearML Enterprise Server
 CVE-2024-39033 (In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Referen ...)
-	TODO: check
+	NOT-FOR-US: Newgensoft OmniDocs
 CVE-2024-37358 (Similarly to CVE-2024-34055, Apache James is vulnerable to denial of s ...)
-	TODO: check
+	NOT-FOR-US: Apache James
 CVE-2024-36558 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
-	TODO: check
+	NOT-FOR-US: Forever KidsWatch Call Me KW-50
 CVE-2024-36557 (The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_Y ...)
-	TODO: check
+	NOT-FOR-US: Forever KidsWatch Call Me KW-50
 CVE-2024-36556 (Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19 ...)
-	TODO: check
+	NOT-FOR-US: Forever KidsWatch Call Me KW-50
 CVE-2024-36555 (Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R ...)
-	TODO: check
+	NOT-FOR-US: Forever KidsWatch Call Me KW-50
 CVE-2024-36554 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
-	TODO: check
+	NOT-FOR-US: Forever KidsWatch Call Me KW-50
 CVE-2024-36553 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
-	TODO: check
+	NOT-FOR-US: Forever KidsWatch Call Me KW-50
 CVE-2024-24911 (In rare scenarios, the cpca process on the Security Management Server  ...)
 	TODO: check
 CVE-2024-13614 (Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for W ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2024-13417 (Specifically crafted payloads sent to the RFID reader could cause DoS  ...)
-	TODO: check
+	NOT-FOR-US: 2N Access Commander
 CVE-2024-13416 (Using API in the 2N OS device, authorized user can enable logging, whi ...)
-	TODO: check
+	NOT-FOR-US: 2N OS device
 CVE-2024-12602 (Identity verification vulnerability in the ParamWatcher module Impact: ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-5878 (Honeywell OneWireless   Wireless Device Manager (WDM)for the following ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2025-24845 (Improper neutralization of argument delimiters in a command ('Argument ...)
 	NOT-FOR-US: Defense Platform Home Edition
 CVE-2025-24483 (NULL pointer dereference vulnerability exists in Defense Platform Home ...)
@@ -459,7 +459,7 @@ CVE-2025-1028 (The Contact Manager plugin for WordPress is vulnerable to arbitra
 CVE-2025-1026 (Versions of the package spatie/browsershot before 5.0.5 are vulnerable ...)
 	NOT-FOR-US: spatie/browsershot
 CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
 CVE-2025-1022 (Versions of the package spatie/browsershot before 5.0.5 are vulnerable ...)
 	NOT-FOR-US: spatie/browsershot
 CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds checks ...)
@@ -324479,7 +324479,7 @@ CVE-2020-36086
 CVE-2020-36085
 	RESERVED
 CVE-2020-36084 (SQL Injection vulnerability in SourceCodester Responsive E-Learning Sy ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Responsive E-Learning System
 CVE-2020-36083
 	RESERVED
 CVE-2020-36082 (File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9db89417e6438953e385556baf4b3244f7d49f13

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9db89417e6438953e385556baf4b3244f7d49f13
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250207/354606ec/attachment.htm>

More information about the debian-security-tracker-commits mailing list