[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 11 08:50:11 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
926d4ba5 by Salvatore Bonaccorso at 2025-02-11T09:48:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2025-25243 (SAP Supplier Relationship Management (Master Data Management Catalog)  ...)
 	NOT-FOR-US: SAP
 CVE-2025-25241 (Due to a missing authorization check, an attacker who is logged in to  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-25194 (Lemmy, a link aggregator and forum for the fediverse, is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: Lemmy
 CVE-2025-25193 (Netty, an asynchronous, event-driven network application framework, ha ...)
 	TODO: check
 CVE-2025-25190 (The ZOO-Project is an open source processing platform. The ZOO-Project ...)
-	TODO: check
+	NOT-FOR-US: ZOO-Project
 CVE-2025-25189 (The ZOO-Project is an open source processing platform. A reflected Cro ...)
-	TODO: check
+	NOT-FOR-US: ZOO-Project
 CVE-2025-24970 (Netty, an asynchronous, event-driven network application framework, ha ...)
 	TODO: check
 CVE-2025-24876 (The SAP Approuter Node.js package version v16.7.1 and before is vulner ...)
@@ -33,13 +33,13 @@ CVE-2025-23193 (SAP NetWeaver Server ABAP allows an unauthenticated attacker to
 CVE-2025-23191 (Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ...)
 	NOT-FOR-US: SAP
 CVE-2025-23190 (Due to missing authorization check, an authenticated attacker could ca ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-23189 (Due to missing authorization check in an RFC enabled function module i ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-23187 (Due to missing authorization check in an RFC enabled function module i ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-1211 (Versions of the package hackney from 0.0.0 are vulnerable to Server-si ...)
-	TODO: check
+	NOT-FOR-US: hackney
 CVE-2025-1181 (A vulnerability classified as critical was found in GNU Binutils 2.43. ...)
 	TODO: check
 CVE-2025-1180 (A vulnerability classified as problematic has been found in GNU Binuti ...)
@@ -49,59 +49,59 @@ CVE-2025-1179 (A vulnerability was found in GNU Binutils 2.43. It has been rated
 CVE-2025-1178 (A vulnerability was found in GNU Binutils 2.43. It has been declared a ...)
 	TODO: check
 CVE-2025-1177 (A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been class ...)
-	TODO: check
+	NOT-FOR-US: dayrui XunRuiCMS
 CVE-2025-1176 (A vulnerability was found in GNU Binutils 2.43 and classified as criti ...)
 	TODO: check
 CVE-2025-1174 (A vulnerability has been found in 1000 Projects Bookstore Management S ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Bookstore Management System
 CVE-2025-1173 (A vulnerability, which was classified as critical, was found in 1000 P ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Bookstore Management System
 CVE-2025-1172 (A vulnerability, which was classified as critical, has been found in 1 ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Bookstore Management System
 CVE-2025-1171 (A vulnerability classified as problematic was found in code-projects R ...)
-	TODO: check
+	NOT-FOR-US: code-projects Real Estate Property Management System
 CVE-2025-1170 (A vulnerability classified as problematic has been found in code-proje ...)
-	TODO: check
+	NOT-FOR-US: code-projects Real Estate Property Management System
 CVE-2025-1169 (A vulnerability was found in SourceCodester Image Compressor Tool 1.0. ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Image Compressor Tool
 CVE-2025-1168 (A vulnerability was found in SourceCodester Contact Manager with Expor ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Contact Manager
 CVE-2025-1167 (A vulnerability was found in Mayuri K Employee Management System up to ...)
-	TODO: check
+	NOT-FOR-US: Mayuri K Employee Management System
 CVE-2025-1166 (A vulnerability has been found in SourceCodester Food Menu Manager 1.0 ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Food Menu Manager
 CVE-2025-1165 (A vulnerability, which was classified as critical, was found in Lumsof ...)
-	TODO: check
+	NOT-FOR-US: Lumsoft ERP
 CVE-2025-1164 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: code-projects Police FIR Record Management System
 CVE-2025-1163 (A vulnerability classified as critical was found in code-projects Vehi ...)
-	TODO: check
+	NOT-FOR-US: code-projects Vehicle Parking Management System
 CVE-2025-1162 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects Job Recruitment
 CVE-2025-1160 (A vulnerability was found in SourceCodester Employee Management System ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Employee Management System
 CVE-2025-1159 (A vulnerability was found in CampCodes School Management Software 1.0. ...)
-	TODO: check
+	NOT-FOR-US: CampCodes School Management Software
 CVE-2025-1158 (A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It h ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET
 CVE-2025-1157 (A vulnerability was found in Allims lab.online up to 20250201 and clas ...)
-	TODO: check
+	NOT-FOR-US: Allims lab.online
 CVE-2025-1156 (A vulnerability has been found in Pix Software Vivaz 6.0.10 and classi ...)
-	TODO: check
+	NOT-FOR-US: Pix Software Vivaz
 CVE-2025-1145 (NetVision Information ISOinsight has a Reflected Cross-site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: NetVision Information ISOinsight
 CVE-2025-1144 (School Affairs System from Quanxun has an Exposure of Sensitive Inform ...)
-	TODO: check
+	NOT-FOR-US: School Affairs System from Quanxun
 CVE-2025-1143 (Certain models of routers from Billion Electric has hard-coded embedde ...)
-	TODO: check
+	NOT-FOR-US: Billion Electric
 CVE-2025-1002 (MicroDicom DICOM Viewerversion 2024.03  fails to adequately verify the ...)
 	TODO: check
 CVE-2025-0499
 	REJECTED
 CVE-2025-0181 (The WP Foodbakery plugin for WordPress is vulnerable to privilege esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0180 (The WP Foodbakery plugin for WordPress is vulnerable to privilege esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0064 (Under specific conditions, the Central Management Console of the SAP B ...)
 	NOT-FOR-US: SAP
 CVE-2025-0054 (SAP NetWeaver Application Server Java does not sufficiently handle use ...)
@@ -167,11 +167,11 @@ CVE-2024-5164
 CVE-2024-5146
 	REJECTED
 CVE-2024-52612 (SolarWinds Platform is vulnerable to a reflected cross-site scripting  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2024-52611 (The SolarWinds Platform is vulnerable to an information disclosure vul ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2024-52606 (SolarWinds Platform is affected by server-side request forgery vulnera ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2024-4952
 	REJECTED
 CVE-2024-4951
@@ -191,7 +191,7 @@ CVE-2024-4101
 CVE-2024-4012
 	REJECTED
 CVE-2024-45718 (Sensitive data could be exposed to non- privileged users in a configur ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2024-3975
 	REJECTED
 CVE-2024-3702
@@ -215,7 +215,7 @@ CVE-2024-2114
 CVE-2024-2037
 	REJECTED
 CVE-2024-28989 (SolarWinds Web Help Desk was found to have a hardcoded cryptographic k ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2024-1964
 	REJECTED
 CVE-2024-1944
@@ -225,13 +225,13 @@ CVE-2024-1734
 CVE-2024-1457
 	REJECTED
 CVE-2024-13643 (The Zox News - Professional WordPress News & Magazine Theme plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13570 (The Stray Random Quotes WordPress plugin through 1.9.9 does not saniti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13544 (The Zarinpal Paid Download WordPress plugin through 2.3 does not prope ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13543 (The Zarinpal Paid Download WordPress plugin through 2.3 does not sanit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12904
 	REJECTED
 CVE-2024-12765
@@ -241,7 +241,7 @@ CVE-2024-12764
 CVE-2024-12763
 	REJECTED
 CVE-2024-12599 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12246
 	REJECTED
 CVE-2024-12242



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/926d4ba533fd2751f69959d1e0d69e9143892442

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/926d4ba533fd2751f69959d1e0d69e9143892442
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250211/8fb3bbc9/attachment.htm>

More information about the debian-security-tracker-commits mailing list