[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 16 11:28:12 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d3c3d00 by Moritz Muehlenhoff at 2025-01-16T12:27:50+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attac ...)
 	NOT-FOR-US: dingfanzuCMS
 CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDS ...)
-	TODO: check
+	NOT-FOR-US: Acora CMS
 CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the pppUser ...)
 	NOT-FOR-US: RE11S
 CVE-2025-22913 (RE11S v1.11 was discovered to contain a stack overflow via the rootAPm ...)
@@ -49,29 +49,29 @@ CVE-2024-57727 (SimpleHelp remote support software v5.5.7 and before is vulnerab
 CVE-2024-57726 (SimpleHelp remote support software v5.5.7 and before has a vulnerabili ...)
 	NOT-FOR-US: SimpleHelp
 CVE-2024-55503 (An issue in termius before v.9.9.0 allows a local attacker to execute  ...)
-	TODO: check
+	NOT-FOR-US: termius
 CVE-2024-53407 (In Phiewer 4.1.0, a dylib injection leads to Command Execution which a ...)
-	TODO: check
+	NOT-FOR-US: Phiewer
 CVE-2024-48126 (HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded cr ...)
-	TODO: check
+	NOT-FOR-US: HI-SCAN
 CVE-2024-48125 (An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows ...)
-	TODO: check
+	NOT-FOR-US: HI-SCAN
 CVE-2024-48123 (An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19- ...)
-	TODO: check
+	NOT-FOR-US: HI-SCAN
 CVE-2024-48122 (Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I all ...)
-	TODO: check
+	NOT-FOR-US: HI-SCAN
 CVE-2024-48121 (The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user cr ...)
-	TODO: check
+	NOT-FOR-US: HI-SCAN
 CVE-2024-41454 (An arbitrary file upload vulnerability in the UI login page logo uploa ...)
-	TODO: check
+	NOT-FOR-US: Process Maker
 CVE-2024-41453 (A cross-site scripting (XSS) vulnerability in Process Maker pm4core-do ...)
-	TODO: check
+	NOT-FOR-US: Process Maker
 CVE-2024-39967 (Insecure permissions in Aginode GigaSwitch v5 allows attackers to acce ...)
-	TODO: check
+	NOT-FOR-US: Aginode GigaSwitch
 CVE-2024-36751 (An issue in parse-uri v1.0.9 allows attackers to cause a Regular expre ...)
 	TODO: check
 CVE-2024-12226 (In affected versions of the Octopus Kubernetes worker or agent, sensit ...)
-	TODO: check
+	NOT-FOR-US: Octopus Kubernetes worker
 CVE-2024-11452 (The Chamber Dashboard Business Directory plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10970 (The The Motors \u2013 Car Dealer, Classifieds & Listing plugin for Wor ...)
@@ -81,7 +81,7 @@ CVE-2024-10789 (The WP User Profile Avatar plugin for WordPress is vulnerable to
 CVE-2024-10401
 	REJECTED
 CVE-2025-23040 (GitHub Desktop is an open-source Electron-based GitHub app designed fo ...)
-	TODO: check
+	NOT-FOR-US: GitHub Desktop
 CVE-2025-22968 (An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execu ...)
 	NOT-FOR-US: D-Link
 CVE-2025-22799 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -210,9 +210,9 @@ CVE-2025-20036 (Mattermost Mobile Apps versions <=2.22.0 fail to properly valida
 CVE-2025-0502 (Transmission of Private Resources into a New Sphere ('Resource Leak')  ...)
 	NOT-FOR-US: CrafterCMS
 CVE-2025-0501 (An issue in the native clients for Amazon WorkSpaces Clients when runn ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2025-0500 (An issue in the native clients for Amazon WorkSpaces, Amazon AppStream ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2025-0485 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been ...)
 	NOT-FOR-US: Fanli2012 native-php-cms
 CVE-2025-0484 (A vulnerability was found in Fanli2012 native-php-cms 1.0 and classifi ...)
@@ -447,7 +447,7 @@ CVE-2024-11851 (The NitroPack plugin for WordPress is vulnerable to unauthorized
 CVE-2024-11848 (The NitroPack plugin for WordPress is vulnerable to unauthorized modif ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11322 (A denial-of-service vulnerability exists in CyberPower PowerPanel Busi ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel Business
 CVE-2024-11029 (A flaw was found in the FreeIPA API audit, where it sends the whole Fr ...)
 	- freeipa <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2325557
@@ -602,7 +602,7 @@ CVE-2025-0434 (Out of bounds memory access in V8 in Google Chrome prior to 132.0
 	- chromium 132.0.6834.83-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-23366 (A flaw was found in the HAL Console in the Wildfly component, which do ...)
-	TODO: check
+	- wildfly <itp> (bug #752018)
 CVE-2025-23081 (Cross-Site Request Forgery (CSRF), Improper Neutralization of Input Du ...)
 	NOT-FOR-US: Mediawiki extension DataTransfer
 CVE-2025-23080 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d3c3d00fc38d188d298d8b28e1e022e89df34a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d3c3d00fc38d188d298d8b28e1e022e89df34a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250116/3e71b170/attachment.htm>

More information about the debian-security-tracker-commits mailing list