[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 19 22:04:59 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38f01825 by Salvatore Bonaccorso at 2025-02-19T23:04:38+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2025-27089 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2025-24965 (crun is an open source OCI Container Runtime fully written in C. In af ...)
 	TODO: check
 CVE-2025-24806 (Authelia is an open-source authentication and authorization server pro ...)
-	TODO: check
+	NOT-FOR-US: Authelia
 CVE-2025-20211 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20158 (A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20153 (A vulnerability in the email filtering mechanism of Cisco Secure Email ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-1465 (A vulnerability, which was classified as problematic, was found in lmx ...)
-	TODO: check
+	NOT-FOR-US: lmxcms
 CVE-2025-1464 (A vulnerability, which was classified as critical, has been found in B ...)
-	TODO: check
+	NOT-FOR-US: Baiyi Cloud Asset Management System
 CVE-2025-1426 (Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0 ...)
 	TODO: check
 CVE-2025-1135 (A vulnerability exists in ChurchCRM5.13.0. and prior that allows an at ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2025-1134 (A vulnerability exists in ChurchCRM5.13.0 and prior that allows an att ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2025-1133 (A vulnerability exists in ChurchCRM 5.13.0 and priorthat allows an att ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2025-1132 (A time-based blind SQL Injectionvulnerability exists in the ChurchCRM  ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2025-1075 (Insertion of Sensitive Information into Log File in Checkmk GmbH's Che ...)
 	TODO: check
 CVE-2025-1024 (A vulnerability exists in ChurchCRM 5.13.0that allows an attacker to e ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2025-1007 (In OpenVSX version v0.9.0 to v0.20.0, the  /user/namespace/{namespace} ...)
 	TODO: check
 CVE-2025-1006 (Use after free in Network in Google Chrome prior to 133.0.6943.126 all ...)
@@ -39,13 +39,13 @@ CVE-2025-0968 (The ElementsKit Elementor addons plugin for WordPress is vulnerab
 CVE-2025-0916 (The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Br ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0893 (Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptibl ...)
-	TODO: check
+	NOT-FOR-US: Symantec Diagnostic Tool (SymDiag)
 CVE-2024-53974 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-52902 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
 	NOT-FOR-US: IBM
 CVE-2024-52541 (Dell Client Platform BIOS contains a Weak Authentication vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-45084 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
 	NOT-FOR-US: IBM
 CVE-2024-45081 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
@@ -85,21 +85,21 @@ CVE-2024-13336 (The Disable Auto Updates plugin for WordPress is vulnerable to C
 CVE-2024-13231 (The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51299 (PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection i ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Hotel Booking System
 CVE-2023-51298 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection  ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Event Booking Calendar
 CVE-2023-51297 (A lack of rate limiting in the 'Email Settings' feature of PHPJabbers  ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Hotel Booking System
 CVE-2023-51296 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Event Booking Calendar
 CVE-2023-51293 (A lack of rate limiting in the 'Forgot Password', 'Email Settings' fea ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Event Booking Calendar
 CVE-2023-47160 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
 	NOT-FOR-US: IBM
 CVE-2023-46272 (Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10. ...)
-	TODO: check
+	NOT-FOR-US: Extreme Networks IQ Engine
 CVE-2023-46271 (Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 1 ...)
-	TODO: check
+	NOT-FOR-US: Extreme Networks IQ Engine
 CVE-2025-26624 (Rufus is a utility that helps format and create bootable USB flash dri ...)
 	NOT-FOR-US: Rufus
 CVE-2025-26617 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
@@ -333165,7 +333165,7 @@ CVE-2021-20066 (JSDom improperly allows the loading of local resources, which al
 CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 ...)
 	NOT-FOR-US: Mitel
 CVE-2020-35546 (Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query string.)
 	- spotweb <removed> (bug #977719)
 	[buster] - spotweb <no-dsa> (Minor issue)
@@ -378261,7 +378261,7 @@ CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows X
 CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...)
 	NOT-FOR-US: EM-HTTP-Request
 CVE-2020-13481 (Certain Lexmark products through 2020-05-25 allow XSS which allows an  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...)
 	NOT-FOR-US: Verint Workforce Optimization (WFO)
 CVE-2020-13479
@@ -388640,7 +388640,7 @@ CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respon
 CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...)
 	- zammad <itp> (bug #841355)
 CVE-2020-10095 (Various Lexmark devices have CSRF that allows an attacker to modify th ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...)
 	NOT-FOR-US: Lexmark
 CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f01825a22687ffbd03427b213447e5079b90c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f01825a22687ffbd03427b213447e5079b90c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250219/8d3b104b/attachment.htm>

More information about the debian-security-tracker-commits mailing list