[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 24 21:08:27 GMT 2025



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d61f4ec by Salvatore Bonaccorso at 2025-01-24T22:07:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -209,120 +209,120 @@ CVE-2025-24542 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-24363 (The HL7 FHIR IG publisher is a tool to take a set of inputs and create ...)
 	NOT-FOR-US: HL7 FHIR IG publisher
 CVE-2025-24362 (In some circumstances, debug artifacts uploaded by the CodeQL Action a ...)
-	TODO: check
+	NOT-FOR-US: CodeQL
 CVE-2025-24359 (ASTEVAL is an evaluator of Python expressions and statements. Prior to ...)
 	- python-asteval <unfixed>
 	NOTE: https://github.com/lmfit/asteval/security/advisories/GHSA-3wwr-3g9f-9gc7
 CVE-2025-24355 (Updatecli is a tool used to apply file update strategies. Prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Updatecli
 CVE-2025-24025 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-23991 (Missing Authorization vulnerability in theDotstore Product Size Charts ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23888 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23885 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23838 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23837 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23737 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23734 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23711 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23622 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23522 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23422 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23222 (An issue was discovered in Deepin dde-api-proxy through 1.0.19 in whic ...)
-	TODO: check
+	NOT-FOR-US: Deepin dde-api-proxy
 CVE-2025-22714 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-22612 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-22611 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-22610 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-22609 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-22608 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-22607 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-22606 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-22605 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-0708 (A vulnerability was found in fumiao opencms 2.2. It has been declared  ...)
-	TODO: check
+	NOT-FOR-US: fumiao
 CVE-2025-0707 (A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has ...)
-	TODO: check
+	NOT-FOR-US: Rise Group Rise Mode Temp CPU
 CVE-2025-0706 (A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5 ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0705 (A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209 ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0704 (A vulnerability, which was classified as problematic, was found in Joe ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0703 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0702 (A vulnerability classified as critical was found in JoeyBling bootplus ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0701 (A vulnerability classified as critical has been found in JoeyBling boo ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0700 (A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5 ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0699 (A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5 ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0698 (A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5 ...)
-	TODO: check
+	NOT-FOR-US: JoeyBling bootplus
 CVE-2025-0697 (A vulnerability, which was classified as problematic, was found in Tel ...)
-	TODO: check
+	NOT-FOR-US: Telstra Smart Modem Gen 2
 CVE-2024-9499 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: USBXpress Win 98SE Dev Kit installer
 CVE-2024-9498 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: USBXpress SDK installer
 CVE-2024-9497 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: USBXpress 4 SDK installer
 CVE-2024-9496 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: USBXpress Dev Kit installer
 CVE-2024-9495 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: CP210x VCP Windows installer
 CVE-2024-9494 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: CP210 VCP Win 2k installer
 CVE-2024-9493 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: ToolStick installer
 CVE-2024-9492 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: Flash Programming Utility installer
 CVE-2024-9491 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: Configuration Wizard 2 installer
 CVE-2024-9490 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
-	TODO: check
+	NOT-FOR-US: Silicon Labs (8-bit) IDE installer
 CVE-2024-57277 (InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: InnoShop
 CVE-2024-57184 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It  ...)
 	TODO: check
 CVE-2024-57095 (SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacke ...)
-	TODO: check
+	NOT-FOR-US: Go-CMS
 CVE-2024-57041 (A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11. ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2024-56404 (In One Identity Identity Manager 9.x before 9.3, an insecure direct ob ...)
-	TODO: check
+	NOT-FOR-US: One Identity Identity Manager
 CVE-2024-52807 (The HL7 FHIR IG publisher is a tool to take a set of inputs and create ...)
-	TODO: check
+	NOT-FOR-US: HL7 FHIR IG publisher
 CVE-2024-45077 (IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to un ...)
 	NOT-FOR-US: IBM
 CVE-2024-41757 (IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to  ...)
@@ -338,31 +338,31 @@ CVE-2024-35122 (IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local
 CVE-2024-25034 (IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious fi ...)
 	NOT-FOR-US: IBM
 CVE-2024-13698 (The Jobify - Job Board WordPress Theme for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-13594 (The Simple Downloads List plugin for WordPress is vulnerable to SQL In ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13583 (The Simple Gallery with Filter plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13572 (The Precious Metals Charts and Widgets for WordPress plugin for WordPr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13545 (The Bootstrap Ultimate theme for WordPress is vulnerable to Local File ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-13542 (The WP Google Street View (with 360\xb0 virtual tour) & Google maps +  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13409 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13408 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13354 (The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13335 (The Spexo Addons for Elementor \u2013 Free Elementor Addons, Widgets a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12494 (The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11913 (The Activity Plus Reloaded for BuddyPress plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10324 (The RomethemeKit For Elementor plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0577
 	- glibc <not-affected> (Doesn't affect any released version of glibc)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2338871
@@ -266263,7 +266263,7 @@ CVE-2021-42720 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-
 CVE-2021-42719 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...)
 	NOT-FOR-US: Adobe
 CVE-2021-42718 (Information Disclosure in API in Replicated Replicated Classic version ...)
-	TODO: check
+	NOT-FOR-US: Replicated Replicated Classic
 CVE-2021-3894
 	REJECTED
 CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d61f4ec45092ffaf83f5e148abce0482f0806ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d61f4ec45092ffaf83f5e148abce0482f0806ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250124/137051de/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list