[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Jan 10 10:14:01 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
815143f1 by Salvatore Bonaccorso at 2025-01-10T11:13:32+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purvie ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an authorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey titles of  ...)
 	TODO: check
 CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the built-in mess ...)
@@ -15,13 +15,13 @@ CVE-2024-55225 (An issue in the component src/api/identity.rs of Vaultwarden pri
 CVE-2024-55224 (An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows ...)
 	TODO: check
 CVE-2024-51229 (Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows  ...)
-	TODO: check
+	NOT-FOR-US: LinZhaoguan pb-cms
 CVE-2024-48806 (Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allo ...)
-	TODO: check
+	NOT-FOR-US: Neat Board NFC
 CVE-2024-46464 (In PRIMX ZED Enterprise up to 2024.3, technical files stored in local  ...)
-	TODO: check
+	NOT-FOR-US: PRIMX
 CVE-2024-42898 (A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 all ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2024-13312 (Missing Authorization vulnerability in Drupal Open Social allows Force ...)
 	TODO: check
 CVE-2024-13311 (Vulnerability in Drupal Allow All File Extensions for file fields.This ...)
@@ -209,7 +209,7 @@ CVE-2024-5769 (The MIMO Woocommerce Order Tracking plugin for WordPress is vulne
 CVE-2024-56114 (Canlineapp Online 1.1 is vulnerable to Broken Access Control and allow ...)
 	NOT-FOR-US: Canlineapp Online
 CVE-2024-56113 (Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on  ...)
-	TODO: check
+	NOT-FOR-US: Smart Toilet Lab - Motius
 CVE-2024-55494 (A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect  ...)
 	NOT-FOR-US: Opencode Mobile Collect Call
 CVE-2024-54887 (TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/815143f17cef1feddbcdc7bfceeefdaf3a1f845d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/815143f17cef1feddbcdc7bfceeefdaf3a1f845d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250110/a030e38e/attachment-0001.htm>
