[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Feb 23 16:04:36 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fba4aa42 by Salvatore Bonaccorso at 2025-02-23T17:04:06+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2025-1576 (A vulnerability classified as critical was found in code-projects
CVE-2025-1575 (A vulnerability classified as problematic has been found in Harpia Dia ...)
NOT-FOR-US: Harpia DiagSystem
CVE-2024-13728 (The Accept Donations with PayPal & Stripe plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27012 (Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Sh ...)
NOT-FOR-US: a1post A1POST.BG
CVE-2025-26973 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -43,26 +43,26 @@ CVE-2025-0953 (The SMTP for Sendinblue \u2013 YaySMTP plugin for WordPress is vu
CVE-2025-0918 (The SMTP for SendGrid \u2013 YaySMTP plugin for WordPress is vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-52939 (Kernel software installed and running inside a Guest VM may post impro ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-47896 (Kernel software installed and running inside a Guest VM may exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-46975 (Kernel software installed and running inside a Guest VM may exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-13869 (The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13564 (The Rife Elementor Extensions & Templates plugin for WordPress is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12577 (Kernel software installed and running inside a Guest VM may exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-21704 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.16-1
NOTE: https://git.kernel.org/linus/e563b01208f4d1f609bcab13333b6c0e24ce6a01 (6.14-rc3)
CVE-2025-27109 (solid-js is a declarative, efficient, and flexible JavaScript library ...)
- TODO: check
+ NOT-FOR-US: solid-js
CVE-2025-27108 (dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering ...)
- TODO: check
+ NOT-FOR-US: dom-expressions
CVE-2025-27106 (binance-trading-bot is an automated Binance trading bot with trailing ...)
- TODO: check
+ NOT-FOR-US: binance-trading-bot
CVE-2025-27105 (vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles ...)
NOT-FOR-US: Vyper
CVE-2025-27104 (vyper is a Pythonic Smart Contract Language for the EVM. Multiple eval ...)
@@ -150,9 +150,9 @@ CVE-2025-1535 (A vulnerability was found in Baiyi Cloud Asset Management System
CVE-2025-1489 (The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1471 (In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print fu ...)
- TODO: check
+ NOT-FOR-US: Eclipse OMR
CVE-2025-1470 (In Eclipse OMR, from the initial contribution to version 0.4.0, some O ...)
- TODO: check
+ NOT-FOR-US: Eclipse OMR
CVE-2025-1410 (The Events Calendar Made Simple \u2013 Pie Calendar plugin for WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1403 (Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause ...)
@@ -487,7 +487,7 @@ CVE-2025-1492 (Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20373
NOTE: CBOR Object Signing and Encryption (COSE) dissector introduced in 3.6.0rc0
CVE-2025-1293 (Hermes versions up to 0.4.0 improperly validated the JWT provided when ...)
- TODO: check
+ NOT-FOR-US: Hashicorp Hermes
CVE-2025-1223 (An attacker can gain application privileges in order to perform limite ...)
NOT-FOR-US: Citrix
CVE-2025-1222 (An attacker can gain application privileges in order to perform limite ...)
@@ -728,7 +728,7 @@ CVE-2025-22919 (A reachable assertion in FFmpeg git-master commit N-113007-g8d24
CVE-2025-22888 (Movable Type contains a stored cross-site scripting vulnerability in t ...)
- movabletype-opensource <removed>
CVE-2025-22622 (Age Verification for your checkout page. Verify your customer's identi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1448 (A vulnerability was found in Synway SMG Gateway Management Software up ...)
NOT-FOR-US: Synway SMG Gateway Management Software
CVE-2025-1447 (A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been ...)
@@ -831,7 +831,7 @@ CVE-2025-26058 (Webkul QloApps v1.6.1 exposes authentication tokens in URLs duri
CVE-2025-25305 (Home Assistant Core is an open source home automation that puts local ...)
NOT-FOR-US: Home Assistant Core
CVE-2025-25300 (smartbanner.js is a customizable smart app banner for iOS and Android. ...)
- TODO: check
+ NOT-FOR-US: smartbanner.js
CVE-2025-25284 (The ZOO-Project is an open source processing platform, released under ...)
NOT-FOR-US: ZOO-Project
CVE-2025-24895 (CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator fo ...)
@@ -240154,7 +240154,7 @@ CVE-2022-28341
CVE-2022-28340
RESERVED
CVE-2022-28339 (Trend Micro HouseCall for Home Networks version 5.3.1302 and below con ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-28338
RESERVED
CVE-2022-28337
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fba4aa427e55cb67741158d77c1ec77e41a0395c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fba4aa427e55cb67741158d77c1ec77e41a0395c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250223/db989853/attachment.htm>
More information about the debian-security-tracker-commits
mailing list