[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 28 09:14:14 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d16f29e by Moritz Muehlenhoff at 2025-02-28T10:13:56+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,97 +1,97 @@
 CVE-2025-26325 (ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.)
-	TODO: check
+	NOT-FOR-US: ShopXO
 CVE-2025-26264 (GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote ...)
-	TODO: check
+	NOT-FOR-US: GeoVision GV-ASWeb
 CVE-2025-25730 (An issue in Motorola Mobility Droid Razr HD (Model XT926) System Versi ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2025-25729 (An information disclosure vulnerability in Bosscomm IF740 Firmware ver ...)
-	TODO: check
+	NOT-FOR-US: Bosscom
 CVE-2025-25728 (Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System v ...)
-	TODO: check
+	NOT-FOR-US: Bosscom
 CVE-2025-25727 (Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System v ...)
-	TODO: check
+	NOT-FOR-US: Bosscom
 CVE-2025-25570 (Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to  ...)
-	TODO: check
+	NOT-FOR-US: Vue Vben Admin
 CVE-2025-25477 (A host header injection vulnerability in SysPass 3.2x allows an attack ...)
-	TODO: check
+	NOT-FOR-US: SysPass
 CVE-2025-24832 (Arbitrary file overwrite during home directory recovery due to imprope ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-23225 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticat ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-1757 (The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1744 (Out-of-bounds Write vulnerability in radareorg radare2 allows   heap-b ...)
 	TODO: check
 CVE-2025-1687 (The Cardealer theme for WordPress is vulnerable to Cross-Site Request  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1682 (The Cardealer theme for WordPress is vulnerable to privilege escalatio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1681 (The Cardealer theme for WordPress is vulnerable to unauthorized modifi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1572 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1571 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1513 (The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Cont ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1511 (The User Registration & Membership \u2013 Custom Registration Form, Lo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1506 (The Wp Social Login and Register Social Counter plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1505 (The Advanced AJAX Product Filters plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1405 (The Product Catalog Simple plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0975 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an aut ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-0823 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-0801 (The RateMyAgent Official plugin for WordPress is vulnerable to Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0764 (The wpForo Forum plugin for WordPress is vulnerable to arbitrary file  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-56340 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-55160 (GFast between v2 to v3.2 was discovered to contain a SQL injection vul ...)
-	TODO: check
+	NOT-FOR-US: GFast
 CVE-2024-54173 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-51139 (Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2024-51138 (Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier;  ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2024-41340 (An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620 ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2024-41339 (An issue in the CGI endpoint used to upload configurations in Draytek  ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2024-41338 (A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2024-41336 (Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prio ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2024-41335 (Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prio ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2024-41334 (Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prio ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2024-38292 (In XIQ-SE before 24.2.11, due to a missing access control check, a pat ...)
-	TODO: check
+	NOT-FOR-US: XIQ-SE
 CVE-2024-38291 (In XIQ-SE before 24.2.11, a low-privileged user may be able to access  ...)
-	TODO: check
+	NOT-FOR-US: XIQ-SE
 CVE-2024-38290 (In XIQ-SE before 24.2.11, a server misconfiguration may allow user enu ...)
-	TODO: check
+	NOT-FOR-US: XIQ-SE
 CVE-2024-37567 (Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.)
-	TODO: check
+	NOT-FOR-US: Infoblox NIOS
 CVE-2024-37566 (Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.)
-	TODO: check
+	NOT-FOR-US: Infoblox NIOS
 CVE-2024-36047 (Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input V ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NIOS
 CVE-2024-36046 (Infoblox NIOS through 8.6.4 executes with more privileges than require ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NIOS
 CVE-2024-13796 (The Post Grid and Gutenberg Blocks \u2013 ComboBlocks plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12820 (The MK Google Directions plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12811 (The Traveler theme for WordPress is vulnerable to Local File Inclusion ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27399 (Mastodon is a self-hosted, federated microblogging platform. In versio ...)
 	- mastodon <itp> (bug #859741)
 CVE-2025-27157 (Mastodon is a self-hosted, federated microblogging platform. Starting  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d16f29efe2ec53d0df25e895027733708320fe8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d16f29efe2ec53d0df25e895027733708320fe8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250228/c7952a13/attachment.htm>

More information about the debian-security-tracker-commits mailing list