[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 28 08:04:11 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf8245d0 by Moritz Muehlenhoff at 2025-02-28T09:03:47+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -155,9 +155,9 @@ CVE-2024-58022 [mailbox: th1520: Fix a NULL vs IS_ERR() bug]
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d0f98e14c010bcf27898b635a54c1994ac4110a8 (6.14-rc1)
 CVE-2025-1756 (mongosh may be susceptible to local privilege escalation under certain ...)
-	TODO: check
+	NOT-FOR-US: mongosh (MongoDB Shell)
 CVE-2025-1755 (MongoDB Compass may be susceptible to local privilege escalation under ...)
-	TODO: check
+	NOT-FOR-US: MongoDB Compass
 CVE-2025-1751 (A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATIS ...)
 	NOT-FOR-US: Ciges
 CVE-2025-1745 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classifie ...)
@@ -173,11 +173,11 @@ CVE-2025-1739 (An Authentication Bypass vulnerability has been found in Trivisio
 CVE-2025-1738 (A Password Transmitted over Query String vulnerability has been found  ...)
 	NOT-FOR-US: Trivision Camera NC227WF
 CVE-2025-1693 (The MongoDB Shell may be susceptible to control character injection wh ...)
-	TODO: check
+	NOT-FOR-US: mongosh (MongoDB Shell)
 CVE-2025-1692 (The MongoDB Shell may be susceptible to control character injection wh ...)
-	TODO: check
+	NOT-FOR-US: mongosh (MongoDB Shell)
 CVE-2025-1691 (The MongoDB Shell may be susceptible to control character injection wh ...)
-	TODO: check
+	NOT-FOR-US: mongosh (MongoDB Shell)
 CVE-2025-1690 (The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1450 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Mess ...)
@@ -903,7 +903,7 @@ CVE-2025-20111 (A vulnerability in the health monitoring diagnostics of Cisco Ne
 CVE-2025-1726 (There is a SQL injection issuein Esri ArcGIS Monitor versions 2023.0 t ...)
 	NOT-FOR-US: Esri ArcGIS Monitor
 CVE-2025-1716 (picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An  ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-1517 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1249 (Missing Authorization vulnerability in Pixelite Events Manager allows  ...)
@@ -911,7 +911,7 @@ CVE-2025-1249 (Missing Authorization vulnerability in Pixelite Events Manager al
 CVE-2025-0941 (MET ONE 3400+ instruments running software v1.0.41 can, under rare con ...)
 	NOT-FOR-US: MET ONE 3400+ instruments
 CVE-2025-0731 (An unauthenticated remote attacker can upload a .aspx file instead of  ...)
-	TODO: check
+	NOT-FOR-US: SMA
 CVE-2025-0719 (IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to  ...)
 	NOT-FOR-US: IBM
 CVE-2024-6810 (The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross- ...)
@@ -5332,7 +5332,7 @@ CVE-2024-50608 (An issue was discovered in Fluent Bit 3.1.9. When the Prometheus
 CVE-2024-4028 (A vulnerability was found in Keycloak. This issue may allow a privileg ...)
 	- keycloak <itp> (bug #1088287)
 CVE-2024-49589 (Foundry Artifacts was found to be vulnerable to a Denial Of Service at ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2024-39328 (Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A high ...)
 	NOT-FOR-US: Atos Eviden
 CVE-2024-39327 (Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6. ...)
@@ -173516,7 +173516,7 @@ CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart co
 CVE-2023-25575 (API Platform Core is the server component of API Platform: hypermedia  ...)
 	NOT-FOR-US: API Platform Core
 CVE-2023-25574 (`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learni ...)
-	TODO: check
+	NOT-FOR-US: jupyterhub-ltiauthenticator
 CVE-2023-25573 (metersphere is an open source continuous testing platform. In affected ...)
 	NOT-FOR-US: metersphere
 CVE-2023-25572 (react-admin is a frontend framework for building browser applications  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf8245d0619e463154d7b4f700d91fcd45174d6b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf8245d0619e463154d7b4f700d91fcd45174d6b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250228/343925bc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list