[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 9 21:02:18 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13eb9100 by Salvatore Bonaccorso at 2025-01-09T22:00:05+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,49 +97,49 @@ CVE-2025-22149 (JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementatio
 CVE-2025-21628 (Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation ...)
 	TODO: check
 CVE-2025-21602 (An Improper Handling of Exceptional Conditions vulnerability in the ro ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-21600 (An Out-of-Bounds Read vulnerability in  the routing protocol daemon (r ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-21599 (AMissing Release of Memory after Effective Lifetime vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-21598 (AnOut-of-bounds Read vulnerability in Juniper Networks Junos OS and Ju ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-21596 (An Improper Handling of Exceptional Conditions vulnerability in the co ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-21593 (An Improper Control of a Resource Through its Lifetime vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-21592 (An Exposure of Sensitive Information to an Unauthorized Actorvulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-0349 (A vulnerability classified as critical has been found in Tenda AC6 15. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-0348 (A vulnerability was found in CampCodes DepEd Equipment Inventory Syste ...)
-	TODO: check
+	NOT-FOR-US: CampCodes DepEd Equipment Inventory System
 CVE-2025-0347 (A vulnerability was found in code-projects Admission Management System ...)
-	TODO: check
+	NOT-FOR-US: code-projects Admission Management System
 CVE-2025-0346 (A vulnerability was found in code-projects Content Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects Content Management System
 CVE-2025-0345 (A vulnerability was found in leiyuxi cy-fast 1.0 and classified as cri ...)
-	TODO: check
+	NOT-FOR-US: leiyuxi cy-fast
 CVE-2024-6155 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5769 (The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-56114 (Canlineapp Online 1.1 is vulnerable to Broken Access Control and allow ...)
-	TODO: check
+	NOT-FOR-US: Canlineapp Online
 CVE-2024-56113 (Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on  ...)
 	TODO: check
 CVE-2024-55494 (A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect  ...)
-	TODO: check
+	NOT-FOR-US: Opencode Mobile Collect Call
 CVE-2024-54887 (TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-54762 (Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Ruoyi
 CVE-2024-54761 (BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the  ...)
-	TODO: check
+	NOT-FOR-US: BigAnt Office Messenger
 CVE-2024-54724 (PHPYun before 7.0.2 is vulnerable to code execution through backdoor-r ...)
-	TODO: check
+	NOT-FOR-US: PHPYun
 CVE-2024-46505 (Infoblox BloxOne v2.4 was discovered to contain a business logic flaw  ...)
-	TODO: check
+	NOT-FOR-US: Infoblox BloxOne
 CVE-2024-43176 (IBM OpenPages 9.0 could allow an authenticated user to obtain sensitiv ...)
 	NOT-FOR-US: IBM
 CVE-2024-13284 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg al ...)
@@ -239,65 +239,65 @@ CVE-2024-13238 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2024-13237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	TODO: check
 CVE-2024-13153 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12848 (The SKT Page Builder plugin for WordPress is vulnerable to arbitrary f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12819 (The Searchie plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12802 (SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases du ...)
-	TODO: check
+	NOT-FOR-US: SonicWALL
 CVE-2024-12621 (The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12618 (The Newsletter2Go plugin for WordPress is vulnerable to unauthorized m ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12616 (The Bitly's WordPress Plugin plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12605 (The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12542 (The linkID plugin for WordPress is vulnerable to unauthorized access o ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12515 (The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12514 (The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12496 (The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12493 (The Files Download Delay plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12491 (The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12394 (The Action Network plugin for WordPress is vulnerable to Cross-Site Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12330 (The WP Database Backup \u2013 Unlimited Database & Files Backup by Bac ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12285 (The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12249 (The GS Insever Portfolio plugin for WordPress is vulnerable to unautho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12222 (The Deliver via Shipos for WooCommerce plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12218 (The Woocommerce check pincode/zipcode for shipping plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12206 (The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12122 (The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12067 (The WP Travel \u2013 Ultimate Travel Booking System, Tour Management E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11929 (The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11907 (The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11815 (The P\xf3sturinn\'s Shipping with WooCommerce plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11686 (The WhatsApp \U0001f680 click to chat plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11642 (The Post Grid Master \u2013 Custom Post Types, Taxonomies & Ajax Filte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11328 (The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10215 (The WPBookit plugin for WordPress is vulnerable to Arbitrary User Pass ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10106 (A buffer overflow vulnerability in the packet handoff plugin allows an ...)
 	TODO: check
 CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permission ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13eb910053a1130850c23fd5a87cf98e39491226

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13eb910053a1130850c23fd5a87cf98e39491226
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250109/d5ab857c/attachment.htm>

More information about the debian-security-tracker-commits mailing list