[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 25 10:21:41 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d7549a3 by Salvatore Bonaccorso at 2025-02-25T11:21:22+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-25513 (Seacms <=13.3 is vulnerable to SQL Injection in admin_members.ph
 CVE-2025-22974 (SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remot ...)
 	NOT-FOR-US: SeaCMS
 CVE-2025-22210 (A SQL injection vulnerability in the Hikashop component versions 3.3.0 ...)
-	TODO: check
+	NOT-FOR-US: Hikashop
 CVE-2025-1675 (The function dns_copy_qname in dns_pack.c performs performs a memcpy o ...)
 	TODO: check
 CVE-2025-1674 (A lack of input validation allows for out of bounds reads caused by ma ...)
@@ -25,41 +25,41 @@ CVE-2025-1674 (A lack of input validation allows for out of bounds reads caused
 CVE-2025-1673 (A malicious or malformed DNS packet without a payload can cause an out ...)
 	TODO: check
 CVE-2025-1648 (The Yawave plugin for WordPress is vulnerable to SQL Injection via the ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1646 (A vulnerability, which was classified as critical, has been found in L ...)
-	TODO: check
+	NOT-FOR-US: Lumsoft ERP
 CVE-2025-1645 (A vulnerability classified as critical was found in Benner Connecta 1. ...)
-	TODO: check
+	NOT-FOR-US: Benner Connecta
 CVE-2025-1644 (A vulnerability classified as problematic has been found in Benner Mod ...)
-	TODO: check
+	NOT-FOR-US: Benner ModernaNet
 CVE-2025-1643 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It has bee ...)
-	TODO: check
+	NOT-FOR-US: Benner ModernaNet
 CVE-2025-1642 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It has bee ...)
-	TODO: check
+	NOT-FOR-US: Benner ModernaNet
 CVE-2025-1641 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It has bee ...)
-	TODO: check
+	NOT-FOR-US: Benner ModernaNet
 CVE-2025-1640 (A vulnerability was found in Benner ModernaNet up to 1.1.0 and classif ...)
-	TODO: check
+	NOT-FOR-US: Benner ModernaNet
 CVE-2025-1128 (The Everest Forms \u2013 Contact Forms, Quiz, Survey, Newsletter & Pay ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1063 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-57685 (An issue in sparkshop v.1.1.7 and before allows a remote attacker to e ...)
-	TODO: check
+	NOT-FOR-US: sparkshop
 CVE-2024-57608 (An issue in Via Browser 6.1.0 allows a a remote attacker to execute ar ...)
-	TODO: check
+	NOT-FOR-US: Via Browser
 CVE-2024-56525 (In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 an ...)
-	TODO: check
+	NOT-FOR-US: Public Knowledge Project (PKP) OJS, OMP, and OPS
 CVE-2024-53544 (NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was d ...)
-	TODO: check
+	NOT-FOR-US: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus
 CVE-2024-53543 (NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was d ...)
-	TODO: check
+	NOT-FOR-US: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus
 CVE-2024-53542 (Incorrect access control in the component /iclock/Settings?restartNCS= ...)
-	TODO: check
+	NOT-FOR-US: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus
 CVE-2024-13494 (The WordPress File Upload plugin for WordPress is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10545 (The Photo Gallery, Sliders, Proofing and   WordPress plugin before 3.5 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27364 (In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code ...)
 	NOT-FOR-US: MITRE Caldera
 CVE-2025-27357 (Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI \xd6nceki ...)
@@ -200,7 +200,7 @@ CVE-2025-25460 (A stored Cross-Site Scripting (XSS) vulnerability was identified
 CVE-2025-23017 (WorkOS Hosted AuthKit before 2025-01-07 allows a password authenticati ...)
 	NOT-FOR-US: WorkOS Hosted AuthKit
 CVE-2025-22495 (An improper input validation vulnerability was discovered in the NTP s ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2025-1632 (A vulnerability was found in libarchive up to 3.7.7. It has been class ...)
 	- libarchive <unfixed> (unimportant)
 	NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
@@ -218,9 +218,9 @@ CVE-2024-56897 (Improper access control in the HTTP server in YI Car Dashcam v3.
 CVE-2024-54820 (XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to c ...)
 	NOT-FOR-US: XOne Web Monitor
 CVE-2024-12918 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Agito Computer Health4All
 CVE-2024-12917 (Files or Directories Accessible to External Parties vulnerability in A ...)
-	TODO: check
+	NOT-FOR-US: Agito Computer Health4All
 CVE-2024-12916 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Agito Computer Life4All
 CVE-2023-52926 (In the Linux kernel, the following vulnerability has been resolved:  I ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7549a3224b4a529e6710ba3fb026fd3b51ea61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7549a3224b4a529e6710ba3fb026fd3b51ea61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250225/fc150662/attachment.htm>

More information about the debian-security-tracker-commits mailing list