[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 25 21:47:55 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ccc04141 by Salvatore Bonaccorso at 2025-02-25T22:47:39+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -149,39 +149,39 @@ CVE-2025-21626 (GLPI is a free asset and IT management software package. Startin
 	- glpi <removed>
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5vvr-pxwf-3w77
 CVE-2025-1676 (A vulnerability classified as critical was found in hzmanyun Education ...)
-	TODO: check
+	NOT-FOR-US: hzmanyun Education and Training System
 CVE-2025-1262 (The Advanced Google reCaptcha plugin for WordPress is vulnerable to CA ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1204 (The "update" binary in the firmware of the affected product sends atte ...)
 	TODO: check
 CVE-2025-1068 (There is an untrusted search path vulnerability in Esri ArcGIS AllSour ...)
-	TODO: check
+	NOT-FOR-US: Esri ArcGIS
 CVE-2025-1067 (There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 ...)
-	TODO: check
+	NOT-FOR-US: Esri ArcGIS
 CVE-2024-54444 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-51539 (The Dell Secure Connect Gateway (SCG) Application and Appliance, versi ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-45426 (Incorrect ownership assignment in some Zoom Workplace Apps may allow a ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-45425 (Incorrect user management in some Zoom Workplace Apps may allow a priv ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-45424 (Business logic error in some Zoom Workplace Apps may allow an unauthen ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-45421 (Buffer overflow in some Zoom Apps may allow an authenticated user to c ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-45418 (Symlink following in the installer for some Zoom apps for macOS before ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-45417 (Uncontrolled resource consumption in the installer for some Zoom apps  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-36259 (Improper access control in mail module of Odoo Community 17.0 and Odoo ...)
 	TODO: check
 CVE-2024-34036 (An issue was discovered in O-RAN Near Realtime RIC I-Release. To explo ...)
-	TODO: check
+	NOT-FOR-US: O-RAN
 CVE-2024-34035 (An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigg ...)
-	TODO: check
+	NOT-FOR-US: O-RAN
 CVE-2024-34034 (An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscrip ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2024-13695 (The Enfold theme for WordPress is vulnerable to Server-Side Request Fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13693 (The Enfold theme for WordPress is vulnerable to unauthorized access of ...)
@@ -269,11 +269,11 @@ CVE-2025-22974 (SQL Injection vulnerability in SeaCMS v.13.2 and before allows a
 CVE-2025-22210 (A SQL injection vulnerability in the Hikashop component versions 3.3.0 ...)
 	NOT-FOR-US: Hikashop
 CVE-2025-1675 (The function dns_copy_qname in dns_pack.c performs performs a memcpy o ...)
-	TODO: check
+	NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-1674 (A lack of input validation allows for out of bounds reads caused by ma ...)
-	TODO: check
+	NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-1673 (A malicious or malformed DNS packet without a payload can cause an out ...)
-	TODO: check
+	NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-1648 (The Yawave plugin for WordPress is vulnerable to SQL Injection via the ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1646 (A vulnerability, which was classified as critical, has been found in L ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccc0414163302074e14c301de76d2fc9a0d363a3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccc0414163302074e14c301de76d2fc9a0d363a3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250225/8d5c8161/attachment.htm>

More information about the debian-security-tracker-commits mailing list