[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 22 20:57:32 GMT 2025



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50405b2d by Salvatore Bonaccorso at 2025-01-22T21:56:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,203 +1,203 @@
 CVE-2025-24403 (A missing permission check in Jenkins Azure Service Fabric Plugin 1.6  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2025-24402 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Ser ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2025-24401 (Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2025-24400 (Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2025-24399 (Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2025-24398 (Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2025-24397 (An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earli ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2025-24027 (ps_contactinfo, a PrestaShop module for displaying store contact infor ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2025-23992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23966 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23953 (Unrestricted Upload of File with Dangerous Type vulnerability in Innov ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23949 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23948 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23944 (Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23942 (Unrestricted Upload of File with Dangerous Type vulnerability in NgocC ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23938 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23932 (Deserialization of Untrusted Data vulnerability in NotFound Quick Coun ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23931 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23921 (Unrestricted Upload of File with Dangerous Type vulnerability in NotFo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23918 (Unrestricted Upload of File with Dangerous Type vulnerability in NotFo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23914 (Deserialization of Untrusted Data vulnerability in NotFound Muzaara Go ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23910 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23882 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23867 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23866 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23809 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23806 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23803 (Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23798 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23784 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23781 (Insertion of Sensitive Information Into Sent Data vulnerability in Not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23774 (Insertion of Sensitive Information Into Sent Data vulnerability in Not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23769 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23758 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23732 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23709 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23706 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23701 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23686 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23684 (Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23683 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23682 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23681 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23679 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23678 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23672 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23643 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23625 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23611 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23610 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23609 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23607 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23606 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23605 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23604 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23603 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23602 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23601 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23589 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23562 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23512 (Missing Authorization vulnerability in Team118GROUP Team 118GROUP Agen ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23507 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23503 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23500 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23498 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23495 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23486 (Missing Authorization vulnerability in NotFound Database Sync allows E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23475 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23462 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23449 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23047 (Cilium is a networking, observability, and security solution with an e ...)
 	TODO: check
 CVE-2025-23028 (Cilium is a networking, observability, and security solution with an e ...)
 	TODO: check
 CVE-2025-22980 (A SQL Injection vulnerability exists in Senayan Library Management Sys ...)
-	TODO: check
+	NOT-FOR-US: Senayan Library Management System SLiMS 9 Bulian
 CVE-2025-22772 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-20165 (A vulnerability in the SIP processing subsystem of Cisco BroadWorks co ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20156 (A vulnerability in the REST API of Cisco Meeting Management could allo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2) decryptio ...)
 	TODO: check
 CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP on Wind ...)
@@ -221,7 +221,7 @@ CVE-2024-55957 (In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo F
 CVE-2024-55488 (A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3 ...)
 	TODO: check
 CVE-2024-51457 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-42013 (In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforceme ...)
 	TODO: check
 CVE-2024-42012 (GRAU DATA Blocky before 3.1 stores passwords encrypted rather than has ...)
@@ -229,7 +229,7 @@ CVE-2024-42012 (GRAU DATA Blocky before 3.1 stores passwords encrypted rather th
 CVE-2024-34235 (Open5GS MME versions <= 2.6.4 contains an assertion that can be remote ...)
 	TODO: check
 CVE-2024-31903 (IBM Sterling B2B Integrator Standard Edition6.0.0.0 through 6.1.2.5 an ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-24432 (A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2 ...)
 	TODO: check
 CVE-2024-24430 (A reachable assertion in the mme_ue_find_by_imsi function of Open5GS < ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50405b2d7290eed913c2dacea6a1091725415306

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50405b2d7290eed913c2dacea6a1091725415306
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250122/e7e73799/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list