[Git][security-tracker-team/security-tracker][master] NFUs

Wed Jan 15 09:48:42 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c5d37ec by Moritz Muehlenhoff at 2025-01-15T10:38:27+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58,11 +58,11 @@ CVE-2024-55577 (Stack-based buffer overflow vulnerability exists in Linux Ratfor
 	[bookworm] - ratfor <no-dsa> (Minor issue)
 	NOTE: http://www.dgate.org/ratfor/#changehistory
 CVE-2024-54730 (Flatnotes <v5.3.1 is vulnerable to denial of service through the uploa ...)
-	TODO: check
+	NOT-FOR-US: Flatnotes
 CVE-2024-54142 (Discourse AI is a Discourse plugin which provides a number of AI featu ...)
 	NOT-FOR-US: Discourse plugin
 CVE-2024-53277 (Silverstripe Framework is a PHP framework which powers the Silverstrip ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe framework
 CVE-2024-50861 (The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable t ...)
 	NOT-FOR-US: GestioIP
 CVE-2024-50859 (The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Refl ...)
@@ -78,19 +78,19 @@ CVE-2024-48760 (An issue in GestioIP v3.5.7 allows a remote attacker to execute
 CVE-2024-47605 (silverstripe-asset-admin is a silverstripe assets gallery for asset ma ...)
 	NOT-FOR-US: silverstripe-asset-admin
 CVE-2024-45102 (A privilege escalation vulnerability was discovered that could allow a ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-42911 (ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was disco ...)
-	TODO: check
+	NOT-FOR-US: ECOVACS
 CVE-2024-13394 (The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13334 (The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11870 (The Event Registration Calendar By vcita plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10254 (A potential buffer overflow vulnerability was reported in PC Manager,  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-10253 (A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Br ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2025-0448
 	- chromium 132.0.6834.83-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -133,15 +133,15 @@ CVE-2025-0434
 CVE-2025-23366 (A flaw was found in the HAL Console in the Wildfly component, which do ...)
 	TODO: check
 CVE-2025-23081 (Cross-Site Request Forgery (CSRF), Improper Neutralization of Input Du ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension DataTransfer
 CVE-2025-23080 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension OpenBadges
 CVE-2025-23074 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension SocialProfile
 CVE-2025-23073 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension GlobalBlocking
 CVE-2025-23072 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension RefreshSpecial
 CVE-2025-23052 (Authenticated command injection vulnerability in the commandline inter ...)
 	NOT-FOR-US: HPE
 CVE-2025-23051 (An authenticated parameter injection vulnerability existsin the web-ba ...)
@@ -149,7 +149,7 @@ CVE-2025-23051 (An authenticated parameter injection vulnerability existsin the
 CVE-2025-23042 (Gradio is an open-source Python package that allows quick building of  ...)
 	NOT-FOR-US: Gradio
 CVE-2025-23041 (Umbraco.Forms is a web form framework written for the nuget ecosystem. ...)
-	TODO: check
+	NOT-FOR-US: Umbraco.Forms
 CVE-2025-23025 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2025-23019 (IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and rout ...)
@@ -525,7 +525,7 @@ CVE-2025-0461 (A vulnerability has been found in Shanghai Lingdang Information T
 CVE-2025-0460 (A vulnerability, which was classified as critical, was found in Blog B ...)
 	NOT-FOR-US: Blog Botz for Journal Theme on OpenCart
 CVE-2025-0459 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	- retroarch <not-affected> (Windows-specific)
 CVE-2025-0458 (A vulnerability classified as problematic was found in Virtual Compute ...)
 	NOT-FOR-US: Virtual Computer Vysual RH Solution
 CVE-2025-0394 (The WordPress CRM, Email & Marketing Automation for WordPress | Award  ...)
@@ -597,7 +597,7 @@ CVE-2024-50566 (A improper neutralization of special elements used in an os comm
 CVE-2024-50564 (A use of hard-coded cryptographic key in Fortinet FortiClientWindows v ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-50338 (Git Credential Manager (GCM) is a secure Git credential helper built o ...)
-	TODO: check
+	NOT-FOR-US: Git Credential Manager (GCM)
 CVE-2024-49375 (Open source machine learning framework. A vulnerability has been ident ...)
 	NOT-FOR-US: Rasa
 CVE-2024-48893 (An improper neutralization of input during web page generation vulnera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c5d37ec726b17fc31f2052490f9d34f9cbc2ca7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c5d37ec726b17fc31f2052490f9d34f9cbc2ca7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250115/da9d41bf/attachment-0001.htm>
