[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 13 21:43:39 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
daf195e4 by Salvatore Bonaccorso at 2025-01-13T22:43:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,61 +3,61 @@ CVE-2025-23027 (next-forge is a Next.js project boilerplate for modern web appli
 CVE-2025-23026 (jte (Java Template Engine) is a secure and lightweight template engine ...)
 	TODO: check
 CVE-2025-22963 (Teedy through 1.11 allows CSRF for account takeover via POST /api/user ...)
-	TODO: check
+	NOT-FOR-US: TeedyTeedy
 CVE-2025-22828 (CloudStack users can add and read comments (annotations) on resources  ...)
 	TODO: check
 CVE-2025-22800 (Missing Authorization vulnerability in Post SMTP Post SMTP allows Expl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22777 (Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allow ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22514 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22499 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22498 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22337 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22314 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22144 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-22142 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2024-6352 (A malformed packet can cause a buffer overflow in the APS layer of the ...)
 	TODO: check
 CVE-2024-5743 (An attacker could exploit the 'Use of Password Hash With Insufficient  ...)
-	TODO: check
+	NOT-FOR-US: EveHome Eve Play
 CVE-2024-57488 (Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Online Car Rental System
 CVE-2024-57487 (In Code-Projects Online Car Rental System 1.0, the file upload feature ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Online Car Rental System
 CVE-2024-56301 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Eniture Technology Distance Based Shipping Calculator
 CVE-2024-56065 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Saleswonder.biz Team WP2LEADS
 CVE-2024-54999 (MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vuln ...)
-	TODO: check
+	NOT-FOR-US: MonicaHQ
 CVE-2024-52938 (Kernel software installed and running inside a Guest VM may post impro ...)
 	TODO: check
 CVE-2024-52937 (Kernel software installed and running inside a Guest VM may exploit me ...)
@@ -71,7 +71,7 @@ CVE-2024-52333 (An improper array index validation vulnerability exists in the d
 CVE-2024-51728
 	REJECTED
 CVE-2024-48883 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-47897 (Software installed and run as a non-privileged user may conduct improp ...)
 	TODO: check
 CVE-2024-47895 (Kernel software installed and running inside a Guest VM may post impro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daf195e49c68a01f3aba32bd039db504fe74a79f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daf195e49c68a01f3aba32bd039db504fe74a79f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250113/16b3568e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list