[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Feb 9 09:18:41 GMT 2025



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
21ad7a75 by Salvatore Bonaccorso at 2025-02-09T10:18:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-0517
 	REJECTED
 CVE-2025-0316 (The WP Directorybox Manager plugin for WordPress is vulnerable to auth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0169 (The DWT - Directory & Listing WordPress Theme is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-8377
 	REJECTED
 CVE-2024-6909
@@ -11,19 +11,19 @@ CVE-2024-6909
 CVE-2024-5183
 	REJECTED
 CVE-2024-13440 (The Super Store Finder plugin for WordPress is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4927
 	REJECTED
 CVE-2025-1117 (A vulnerability, which was classified as critical, was found in CoinRe ...)
-	TODO: check
+	NOT-FOR-US: CoinRemitter on OpenCart
 CVE-2025-1116 (A vulnerability, which was classified as critical, has been found in D ...)
-	TODO: check
+	NOT-FOR-US: Dreamvention Live AJAX Search Free on OpenCart
 CVE-2025-1115 (A vulnerability classified as problematic was found in RT-Thread up to ...)
-	TODO: check
+	NOT-FOR-US: RT-Thread
 CVE-2024-54176 (IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM Urb ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-13850 (The Simple add pages or posts plugin for WordPress is vulnerable to St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-25187 (Joplin is a free, open source note taking and to-do application, which ...)
 	- joplin <itp> (bug #931306)
 CVE-2025-24366 (SFTPGo is an open source, event-driven file transfer solution. SFTPGo  ...)
@@ -41,7 +41,7 @@ CVE-2024-57606 (SQL injection vulnerability in Beijing Guoju Information Technol
 CVE-2024-57357 (An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427  ...)
 	NOT-FOR-US: TPLINK
 CVE-2024-57279 (A reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
-	TODO: check
+	NOT-FOR-US: LDAP User Manager
 CVE-2024-57278 (A reflected Cross-Site Scripting (XSS) vulnerability exists in /websca ...)
 	NOT-FOR-US: QingScan
 CVE-2024-55630 (Joplin is a free, open source note taking and to-do application, which ...)
@@ -49,7 +49,7 @@ CVE-2024-55630 (Joplin is a free, open source note taking and to-do application,
 CVE-2024-55272 (An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain  ...)
 	NOT-FOR-US: Brainasoft Braina
 CVE-2024-55215 (An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: trojan
 CVE-2025-25183 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
 	NOT-FOR-US: vLLM
 CVE-2025-25168 (Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigita ...)
@@ -1340,9 +1340,9 @@ CVE-2025-0971 (A vulnerability was found in Zenvia Movidesk up to 25.01.22. It h
 CVE-2025-0970 (A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has be ...)
 	NOT-FOR-US: Zenvia Movidesk
 CVE-2025-0015 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
-	TODO: check
+	NOT-FOR-US: Arm GPU Kernel Driver
 CVE-2024-6790 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Arm GPU Kernel Driver
 CVE-2024-57968 (Advantive VeraCore before 2024.4.2.1 allows remote authenticated users ...)
 	NOT-FOR-US: Advantive VeraCore
 CVE-2024-57967 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
@@ -201131,7 +201131,7 @@ CVE-2022-40918 (Buffer overflow in firmware lewei_cam binary version 2.0.10 in F
 CVE-2022-40917
 	RESERVED
 CVE-2022-40916 (Tiny File Manager v2.4.7 and below is vulnerable to session fixation.)
-	TODO: check
+	NOT-FOR-US: Tiny File Manager
 CVE-2022-40915
 	RESERVED
 CVE-2022-40914
@@ -202244,7 +202244,7 @@ CVE-2022-40492
 CVE-2022-40491
 	RESERVED
 CVE-2022-40490 (Tiny File Manager v2.4.7 and below was discovered to contain a Cross S ...)
-	TODO: check
+	NOT-FOR-US: Tiny File Manager
 CVE-2022-40489 (ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CS ...)
 	NOT-FOR-US: ThinkCMF
 CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Fo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21ad7a7579fc350af15b23feb864396c16e2a32b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21ad7a7579fc350af15b23feb864396c16e2a32b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250209/37307e3a/attachment.htm>


More information about the debian-security-tracker-commits mailing list