[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 18 20:29:28 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4fb422f2 by Salvatore Bonaccorso at 2025-02-18T21:29:04+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
 CVE-2025-27016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27013 (Missing Authorization vulnerability in EPC MediCenter - Health Medical ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
 	TODO: check
 CVE-2025-26620 (Duende.AccessTokenManagement is a set of .NET libraries that manage OA ...)
-	TODO: check
+	NOT-FOR-US: Duende.AccessTokenManagement
 CVE-2025-26604 (Discord-Bot-Framework-Kernel is a Discord bot framework built with int ...)
-	TODO: check
+	NOT-FOR-US: Discord-Bot-Framework-Kernel Discord bot framework
 CVE-2025-26603 (Vim is a greatly improved version of the good old UNIX editor Vi. Vim  ...)
 	TODO: check
 CVE-2025-26058 (Webkul QloApps v1.6.1 exposes authentication tokens in URLs during red ...)
-	TODO: check
+	NOT-FOR-US: Webkul QloApps
 CVE-2025-25305 (Home Assistant Core is an open source home automation that puts local  ...)
-	TODO: check
+	NOT-FOR-US: Home Assistant Core
 CVE-2025-25300 (smartbanner.js is a customizable smart app banner for iOS and Android. ...)
 	TODO: check
 CVE-2025-25284 (The ZOO-Project is an open source processing platform, released under  ...)
-	TODO: check
+	NOT-FOR-US: ZOO-Project
 CVE-2025-24895 (CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator fo ...)
-	TODO: check
+	NOT-FOR-US: CIE.AspNetCore.Authentication AspNetCore Remote Authenticator for CIE
 CVE-2025-24894 (SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator f ...)
-	TODO: check
+	NOT-FOR-US: SPID.AspNetCore.Authentication AspNetCore Remote Authenticator for SPID
 CVE-2025-22663 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22657 (Missing Authorization vulnerability in Vito Peleg Atarim allows Exploi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22656 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22654 (Unrestricted Upload of File with Dangerous Type vulnerability in kodes ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22650 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22645 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22639 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22207 (Improperly built order clauses lead to a SQL injection vulnerability i ...)
 	TODO: check
 CVE-2025-21608 (Meshtastic is an open source mesh networking solution. In affected fir ...)
@@ -43,37 +43,37 @@ CVE-2025-21608 (Meshtastic is an open source mesh networking solution. In affect
 CVE-2025-1414 (Memory safety bugs present in Firefox 135. Some of these bugs showed e ...)
 	TODO: check
 CVE-2025-1269 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...)
-	TODO: check
+	NOT-FOR-US: HAVELSAN Liman MYS
 CVE-2025-1035 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Komtera Technolgies KLog Server
 CVE-2025-1023 (A vulnerability exists in ChurchCRM5.13.0 and priorthat allows an atta ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2025-0981 (A vulnerability exists in ChurchCRM5.13.0 and prior that allows an att ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2025-0817 (The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0521 (The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-57056 (Incorrect cookie session handling in WombatDialer before 25.02 results ...)
-	TODO: check
+	NOT-FOR-US: WombatDialer
 CVE-2024-57055 (Server-Side Access Control Bypass vulnerability in WombatDialer before ...)
-	TODO: check
+	NOT-FOR-US: WombatDialer
 CVE-2024-57050 (A vulnerability in the TP-Link WR840N v6 router with firmware version  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-57049 (A vulnerability in the TP-Link Archer c20 router with firmware version ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-57046 (A vulnerability in the Netgear DGN2200 router with firmware version v1 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-57045 (A vulnerability in the D-Link DIR-859 router with firmware version A3  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-56883 (Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. ...)
 	TODO: check
 CVE-2024-56882 (Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS ...)
 	TODO: check
 CVE-2024-56000 (Incorrect Privilege Assignment vulnerability in NotFound K Elements al ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-55460 (A time-based SQL injection vulnerability in the login page of BoardRoo ...)
-	TODO: check
+	NOT-FOR-US: BoardRoom Limited Dividend Distribution Tax Election System
 CVE-2024-51505 (An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly tru ...)
 	TODO: check
 CVE-2024-50609 (An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry in ...)
@@ -202490,7 +202490,7 @@ CVE-2022-41547 (Mobile Security Framework (MobSF) v0.9.2 and below was discovere
 CVE-2022-41546
 	RESERVED
 CVE-2022-41545 (The administrative web interface of a Netgear C7800 Router running fir ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code executio ...)
 	NOT-FOR-US: GetSimple CMS
 CVE-2022-41543



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fb422f23452033f1770432b4d54dff9bbdf5216

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fb422f23452033f1770432b4d54dff9bbdf5216
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250218/da873618/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list