[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 15 08:24:04 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de5ca3f9 by Moritz Muehlenhoff at 2025-01-15T09:23:39+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,77 +1,77 @@
 CVE-2025-23061 (Mongoose before 8.9.5 can improperly use a nested $where filter with a ...)
-	TODO: check
+	NOT-FOR-US: Mongoose
 CVE-2025-23013 (In Yubico pam-u2f before 1.3.1, local privilege escalation can sometim ...)
 	TODO: check
 CVE-2025-22997 (A stored cross-site scripting (XSS) vulnerability in the prf_table_con ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2025-22996 (A stored cross-site scripting (XSS) vulnerability in the spf_table_con ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2025-22394 (Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-ch ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2025-21101 (Dell Display Manager, versions prior to 2.3.2.20, contain a race condi ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2025-0356 (NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver. ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2025-0355 (Missing Authentication for Critical Function vulnerability in NEC Corp ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2025-0354 (Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS V ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2025-0343 (Swift ASN.1 can be caused to crash when parsing certain BER/DER constr ...)
-	TODO: check
+	NOT-FOR-US: swift-asn1
 CVE-2024-7322 (A ZigBee coordinator, router, or end device may change their node ID w ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2024-57767 (MSFM before v2025.01.01 was discovered to contain a Server-Side Reques ...)
-	TODO: check
+	NOT-FOR-US: MSFM (mysiteforme)
 CVE-2024-57766 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...)
-	TODO: check
+	NOT-FOR-US: MSFM (mysiteforme)
 CVE-2024-57765 (MSFM before 2025.01.01 was discovered to contain a SQL injection vulne ...)
-	TODO: check
+	NOT-FOR-US: MSFM (mysiteforme)
 CVE-2024-57764 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...)
-	TODO: check
+	NOT-FOR-US: MSFM (mysiteforme)
 CVE-2024-57763 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...)
-	TODO: check
+	NOT-FOR-US: MSFM (mysiteforme)
 CVE-2024-57762 (MSFM before v2025.01.01 was discovered to contain a deserialization vu ...)
-	TODO: check
+	NOT-FOR-US: MSFM (mysiteforme)
 CVE-2024-57761 (An arbitrary file upload vulnerability in the parserXML() method of Je ...)
-	TODO: check
+	NOT-FOR-US: JeeWMS
 CVE-2024-57760 (JeeWMS before v2025.01.01 was discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: JeeWMS
 CVE-2024-57757 (JeeWMS before v2025.01.01 was discovered to contain a permission bypas ...)
-	TODO: check
+	NOT-FOR-US: JeeWMS
 CVE-2024-57483 (Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacF ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-57482 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
-	TODO: check
+	NOT-FOR-US: H3C N12 V100R005
 CVE-2024-57480 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
-	TODO: check
+	NOT-FOR-US: H3C N12 V100R005
 CVE-2024-57479 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
-	TODO: check
+	NOT-FOR-US: H3C N12 V100R005
 CVE-2024-57473 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
-	TODO: check
+	NOT-FOR-US: H3C N12 V100R005
 CVE-2024-57471 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
-	TODO: check
+	NOT-FOR-US: H3C N12 V100R005
 CVE-2024-55577 (Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06  ...)
 	TODO: check
 CVE-2024-54730 (Flatnotes <v5.3.1 is vulnerable to denial of service through the uploa ...)
 	TODO: check
 CVE-2024-54142 (Discourse AI is a Discourse plugin which provides a number of AI featu ...)
-	TODO: check
+	NOT-FOR-US: Discourse plugin
 CVE-2024-53277 (Silverstripe Framework is a PHP framework which powers the Silverstrip ...)
 	TODO: check
 CVE-2024-50861 (The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: GestioIP
 CVE-2024-50859 (The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Refl ...)
-	TODO: check
+	NOT-FOR-US: GestioIP
 CVE-2024-50858 (Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Req ...)
-	TODO: check
+	NOT-FOR-US: GestioIP
 CVE-2024-50857 (The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: GestioIP
 CVE-2024-4227 (In Genivia gSOAP with a specific configuration an unauthenticated remo ...)
-	TODO: check
+	NOT-FOR-US: GestioIP
 CVE-2024-48760 (An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: GestioIP
 CVE-2024-47605 (silverstripe-asset-admin is a silverstripe assets gallery for asset ma ...)
-	TODO: check
+	NOT-FOR-US: silverstripe-asset-admin
 CVE-2024-45102 (A privilege escalation vulnerability was discovered that could allow a ...)
 	TODO: check
 CVE-2024-42911 (ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was disco ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de5ca3f9ef48513a585bf25f8f72de2901692c53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de5ca3f9ef48513a585bf25f8f72de2901692c53
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250115/c418e3ed/attachment.htm>

More information about the debian-security-tracker-commits mailing list