[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 27 21:11:58 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48ad8bf1 by Salvatore Bonaccorso at 2025-02-27T22:11:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,37 +5,37 @@ CVE-2025-27157 (Mastodon is a self-hosted, federated microblogging platform. Sta
 CVE-2025-27154 (Spotipy is a lightweight Python library for the Spotify Web API. The ` ...)
 	TODO: check
 CVE-2025-25761 (HkCms v2.3.2.240702 was discovered to contain an arbitrary file write  ...)
-	TODO: check
+	NOT-FOR-US: HkCms
 CVE-2025-25760 (A Server-Side Request Forgery (SSRF) in the component admin_webgather. ...)
-	TODO: check
+	NOT-FOR-US: SUCMS
 CVE-2025-25759 (An issue in the component admin_template.php of SUCMS v1.0 allows atta ...)
-	TODO: check
+	NOT-FOR-US: SUCMS
 CVE-2025-25334 (An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows atta ...)
-	TODO: check
+	NOT-FOR-US: Suning Commerce Group Suning EMall
 CVE-2025-25333 (An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive us ...)
-	TODO: check
+	NOT-FOR-US: IKEA CN iOS
 CVE-2025-25331 (An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: Beitatong Technology LianJia iOS
 CVE-2025-25330 (An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attacke ...)
-	TODO: check
+	NOT-FOR-US: Boohee Technology Boohee Health iOS
 CVE-2025-25329 (An issue in Tencent Technology (Beijing) Company Limited Tencent Micro ...)
-	TODO: check
+	NOT-FOR-US: Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS
 CVE-2025-25326 (An issue in Merchants Union Consumer Finance Company Limited Merchants ...)
-	TODO: check
+	NOT-FOR-US: Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS
 CVE-2025-25325 (An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHir ...)
-	TODO: check
+	NOT-FOR-US: Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS
 CVE-2025-25324 (An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 a ...)
-	TODO: check
+	NOT-FOR-US: Shandong Provincial Big Data Center AiShanDong iOS
 CVE-2025-25323 (An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd ...)
-	TODO: check
+	NOT-FOR-US: Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS
 CVE-2025-23687 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22952 (elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SS ...)
-	TODO: check
+	NOT-FOR-US: elestio memos
 CVE-2025-22624 (FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, M ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22280 (Missing Authorization vulnerability in revmakx DefendWP Firewall allow ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-21824 [gpu: host1x: Fix a use of uninitialized mutex]
 	- linux 6.12.16-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -157,19 +157,19 @@ CVE-2025-1756 (mongosh may be susceptible to local privilege escalation under ce
 CVE-2025-1755 (MongoDB Compass may be susceptible to local privilege escalation under ...)
 	TODO: check
 CVE-2025-1751 (A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATIS ...)
-	TODO: check
+	NOT-FOR-US: Ciges
 CVE-2025-1745 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classifie ...)
-	TODO: check
+	NOT-FOR-US: LinZhaoguan pb-cms
 CVE-2025-1743 (A vulnerability, which was classified as critical, was found in zyx081 ...)
-	TODO: check
+	NOT-FOR-US: zyx0814 Pichome
 CVE-2025-1742 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: pihome-shc PiHome
 CVE-2025-1741 (A vulnerability classified as problematic was found in b1gMail up to 7 ...)
-	TODO: check
+	NOT-FOR-US: b1gMail
 CVE-2025-1739 (An Authentication Bypass vulnerability has been found in Trivision Cam ...)
-	TODO: check
+	NOT-FOR-US: Trivision Camera NC227WF
 CVE-2025-1738 (A Password Transmitted over Query String vulnerability has been found  ...)
-	TODO: check
+	NOT-FOR-US: Trivision Camera NC227WF
 CVE-2025-1693 (The MongoDB Shell may be susceptible to control character injection wh ...)
 	TODO: check
 CVE-2025-1692 (The MongoDB Shell may be susceptible to control character injection wh ...)
@@ -183,15 +183,15 @@ CVE-2025-1450 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line
 CVE-2025-1282 (The Car Dealer Automotive WordPress Theme \u2013 Responsive theme for  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0914 (An improper access control issue in the VQL shell feature in Velocirap ...)
-	TODO: check
+	NOT-FOR-US: Velociraptor
 CVE-2025-0767 (WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user inp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0759 (IBM EntireX 11.1 could allow a local user to unintentionally modify da ...)
 	NOT-FOR-US: IBM
 CVE-2024-9334 (Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanis ...)
-	TODO: check
+	NOT-FOR-US: E-Kent Pallium Vehicle Tracking
 CVE-2024-9285 (A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Andr ...)
-	TODO: check
+	NOT-FOR-US: Tu Yafeng Via Browser
 CVE-2024-56812 (IBM EntireX 11.1 could allow a local user to obtain sensitive informat ...)
 	NOT-FOR-US: IBM
 CVE-2024-56811 (IBM EntireX 11.1 could allow a local user to obtain sensitive informat ...)
@@ -207,15 +207,15 @@ CVE-2024-56494 (IBM EntireX 11.1 could allow a local user to obtain sensitive in
 CVE-2024-56493 (IBM EntireX 11.1 could allow a local user to obtain sensitive informat ...)
 	NOT-FOR-US: IBM
 CVE-2024-54957 (Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Too ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2024-54170 (IBM EntireX 11.1could allow a local user to cause a denial of service  ...)
 	NOT-FOR-US: IBM
 CVE-2024-54169 (IBM EntireX 11.1could allow an authenticated attacker to traverse dire ...)
 	NOT-FOR-US: IBM
 CVE-2024-53944 (An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices thro ...)
-	TODO: check
+	NOT-FOR-US: Tuoshi/Dionlink LT15D 4G Wi-Fi devices
 CVE-2024-53408 (AVE System Web Client v2.1.131.13992 was discovered to contain a cross ...)
-	TODO: check
+	NOT-FOR-US: AVE System Web Client
 CVE-2024-13734 (The Card Elements for Elementor plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13402 (The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cr ...)
@@ -223,7 +223,7 @@ CVE-2024-13402 (The Buddyboss Platform plugin for WordPress is vulnerable to Sto
 CVE-2024-13217 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13148 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Yukseloglu Filter B2B Login Platform
 CVE-2024-10918 (Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows  ...)
 	TODO: check
 CVE-2025-1728
@@ -916,11 +916,11 @@ CVE-2024-6810 (The Quiz Organizer plugin for WordPress is vulnerable to Stored C
 CVE-2024-53427 (jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy functi ...)
 	TODO: check
 CVE-2024-52925 (In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution ca ...)
-	TODO: check
+	NOT-FOR-US: OPSWAT MetaDefender Kiosk
 CVE-2024-47053 (This advisory addresses an authorization vulnerability in Mautic's HTT ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2024-47051 (This advisory addresses two critical security vulnerabilities present  ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2024-46226 (A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0. ...)
 	NOT-FOR-US: HelpDeskZ
 CVE-2024-13560 (The Subscriptions & Memberships for PayPal plugin for WordPress is vul ...)
@@ -252344,7 +252344,7 @@ CVE-2022-25775 (Prior to the patched version, logged in users of Mautic are vuln
 CVE-2022-25774 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
 	NOT-FOR-US: Mautic
 CVE-2022-25773 (This advisory addresses a file placement vulnerability that could allo ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking compone ...)
 	NOT-FOR-US: Mautic
 CVE-2022-25771



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48ad8bf1a8aee9e83ec93fd0d8727dc2b4af81a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48ad8bf1a8aee9e83ec93fd0d8727dc2b4af81a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250227/bf82f1aa/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list