[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 10 20:55:24 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c58c934c by Salvatore Bonaccorso at 2025-02-10T21:55:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,65 +53,65 @@ CVE-2025-1147 (A vulnerability has been found in GNU Binutils 2.43 and classifie
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32556
 	NOTE: binutils not covered by security support
 CVE-2025-1099 (The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi secur ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-8685 (Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi ...)
-	TODO: check
+	NOT-FOR-US: Revolution Pi
 CVE-2024-8684 (OS Command Injection vulnerability in Revolution Pi version 2022-07-28 ...)
-	TODO: check
+	NOT-FOR-US: Revolution Pi
 CVE-2024-8550 (A Local File Inclusion (LFI) vulnerability exists in the /load-workflo ...)
-	TODO: check
+	NOT-FOR-US: modelscope/agentscope
 CVE-2024-57409 (A stored cross-site scripting (XSS) vulnerability in the Parameter Lis ...)
-	TODO: check
+	NOT-FOR-US: cool-admin-java
 CVE-2024-57408 (An arbitrary file upload vulnerability in the component /comm/upload o ...)
-	TODO: check
+	NOT-FOR-US: cool-admin-java
 CVE-2024-57407 (An arbitrary file upload vulnerability in the component /userPicture o ...)
-	TODO: check
+	NOT-FOR-US: Timo
 CVE-2024-57178 (An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020 ...)
-	TODO: check
+	NOT-FOR-US: Stock-Forecaster
 CVE-2024-57177 (A host header injection vulnerability exists in the NPM package of per ...)
 	TODO: check
 CVE-2024-54954 (OneBlog v2.3.6 was discovered to contain a template injection vulnerab ...)
-	TODO: check
+	NOT-FOR-US: OneBlog
 CVE-2024-48170 (PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Small CRM
 CVE-2024-46437 (A sensitive information disclosure vulnerability in the Tenda W18E V16 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46436 (Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenti ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46435 (A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46434 (Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46433 (A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) all ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46432 (Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46431 (Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attac ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46430 (Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46429 (A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) a ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-42513 (Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 all ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET Standard Stack
 CVE-2024-42512 (Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 all ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET Standard Stack
 CVE-2024-27859 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-13059 (A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 a ...)
-	TODO: check
+	NOT-FOR-US: mintplex-labs/anything-llm
 CVE-2024-13011 (The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13010 (The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11831 (A flaw was found in npm-serialize-javascript. The vulnerability occurs ...)
 	TODO: check
 CVE-2024-11621 (Missing certificate validation in Devolutions Remote Desktop Manager o ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2024-10649 (wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d co ...)
 	TODO: check
 CVE-2024-10334 (A vulnerability exists in the VideONet product included in the listed  ...)
-	TODO: check
+	NOT-FOR-US: VideONet product
 CVE-2025-21693 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.12.12-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c58c934cdc80cc8e2669c84588d9657036b52ba8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c58c934cdc80cc8e2669c84588d9657036b52ba8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250210/5d0e2466/attachment.htm>

More information about the debian-security-tracker-commits mailing list