[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 28 20:26:39 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff73e602 by Salvatore Bonaccorso at 2025-02-28T21:25:42+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
 CVE-2025-27408 (Manifest offers users a one-file micro back end. Prior to version 4.9. ...)
-	TODO: check
+	NOT-FOR-US: Manifest
 CVE-2025-27400 (Magento Long Term Support (LTS) is an unofficial, community-driven pro ...)
-	TODO: check
+	NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2025-26326 (A vulnerability in the remote connection complements of the NVDA (Nonv ...)
-	TODO: check
+	NOT-FOR-US: NVDA (Nonvisual Desktop Access)
 CVE-2025-26263 (GeoVision ASManager Windows desktop application with the version 6.1.2 ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2025-26047 (Loggrove v1.0 is vulnerable to SQL Injection in the read.py file.)
-	TODO: check
+	NOT-FOR-US: Loggrove
 CVE-2025-25916 (wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del  ...)
-	TODO: check
+	NOT-FOR-US: wuzhicms
 CVE-2025-25635 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulne ...)
-	TODO: check
+	NOT-FOR-US: TOTOlink
 CVE-2025-25610 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulne ...)
-	TODO: check
+	NOT-FOR-US: TOTOlink
 CVE-2025-25609 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulne ...)
-	TODO: check
+	NOT-FOR-US: TOTOlink
 CVE-2025-25461 (A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6. ...)
-	TODO: check
+	NOT-FOR-US: SeedDMS
 CVE-2025-25431 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (X ...)
-	TODO: check
+	NOT-FOR-US: Trendnet
 CVE-2025-25430 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (X ...)
-	TODO: check
+	NOT-FOR-US: Trendnet
 CVE-2025-25429 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (X ...)
-	TODO: check
+	NOT-FOR-US: Trendnet
 CVE-2025-25428 (TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded pas ...)
-	TODO: check
+	NOT-FOR-US: Trendnet
 CVE-2025-24849 (Lack of encryption in transit for cloud infrastructure facilitating po ...)
 	TODO: check
 CVE-2025-24843 (Insecure file retrieval process that facilitates potential for file ma ...)
@@ -37,19 +37,19 @@ CVE-2025-24316 (The Dario Health Internet-based server infrastructure is vulnera
 CVE-2025-23405 (Unauthenticated log effects metrics gathering incident response effort ...)
 	TODO: check
 CVE-2025-22492 (The connection string visible to users with access to FRSCore database ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2025-22491 (The user input was not sanitized on Reporting Hierarchy Management pag ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2025-22274 (It is possible to inject HTML code into the page content using the "co ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
 CVE-2025-22273 (Application does not limit the number or frequency of user interaction ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
 CVE-2025-22272 (In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, i ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
 CVE-2025-22271 (The application or its infrastructure allows for IP address spoofing b ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
 CVE-2025-22270 (An attacker with access to the Administration panel, specifically the  ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
 CVE-2025-20060 (An attacker could expose cross-user personal identifiable information  ...)
 	TODO: check
 CVE-2025-20049 (The Dario Health portal service application is vulnerable to XSS, whic ...)
@@ -57,63 +57,63 @@ CVE-2025-20049 (The Dario Health portal service application is vulnerable to XSS
 CVE-2025-1795 (During an address list folding when a separating comma ends up on a fo ...)
 	TODO: check
 CVE-2025-1776 (Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior t ...)
-	TODO: check
+	NOT-FOR-US: Soteshop
 CVE-2025-1749 (HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Th ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2025-1748 (HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Th ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2025-1747 (HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Th ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2025-1746 (Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0 ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2025-1662 (The URL Media Uploader plugin for WordPress is vulnerable to Server-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1570 (The Directorist: AI-Powered Business Directory Plugin with Classified  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1560 (The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1413 (DaVinci Resolve on MacOS was found to be installed with incorrect file ...)
-	TODO: check
+	NOT-FOR-US: DaVinci Resolve
 CVE-2025-1319 (The Site Mailer \u2013 SMTP Replacement, Email API Deliverability & Em ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1300 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
 	TODO: check
 CVE-2025-0985 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD   stores potentially sensi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-0769 (PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0160 (IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-0159 (IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-9195 (The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9193 (The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9019 (The SecuPress Free \u2014 WordPress Security plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8425 (The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8420 (The DHVC Form plugin for WordPress is vulnerable to privilege escalati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54175 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD   could allow a local user ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-44754 (Cryptographic key extraction from internal flash in Minut M2 with firm ...)
 	TODO: check
 CVE-2024-13851 (The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13832 (The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13831 (The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Obj ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13716 (The Forex Calculators plugin for WordPress is vulnerable to unauthoriz ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13638 (The Order Attachments for WooCommerce plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13469 (The Pricing Table by PickPlugins plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10860 (The NextMove Lite \u2013 Thank You Page for WooCommerce plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27531
 	NOT-FOR-US: Apache InLong
 CVE-2025-26325 (ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff73e60281230ce211177d89b50e80b35c23a060

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff73e60281230ce211177d89b50e80b35c23a060
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250228/ac610fd3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list