[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Sun Jan 26 20:24:17 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f68407e by Salvatore Bonaccorso at 2025-01-26T21:21:15+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2024-31906 (IBM Automation Decision Services 23.0.2 allows web pages to be stored  ...)
 	NOT-FOR-US: IBM
 CVE-2024-13505 (The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12334 (The WC Affiliate \u2013 A Complete WooCommerce Affiliate Plugin plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11936 (The Zox News theme for WordPress is vulnerable to unauthorized modific ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-11641 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50946 (IBM Common Licensing 9.0  could allow an authenticated user to modify  ...)
 	NOT-FOR-US: IBM
 CVE-2023-50945 (IBM Common Licensing 9.0 stores user credentials in plain clear text w ...)
@@ -15,18 +15,18 @@ CVE-2023-50945 (IBM Common Licensing 9.0 stores user credentials in plain clear
 CVE-2023-38009 (IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disc ...)
 	NOT-FOR-US: IBM
 CVE-2017-20196 (A vulnerability was found in Itechscripts School Management Software 2 ...)
-	TODO: check
+	NOT-FOR-US: Itechscripts School Management Software
 CVE-2025-24356
 	- fastd 23-1
 	NOTE: https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv
 CVE-2025-24858 (Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an atta ...)
-	TODO: check
+	NOT-FOR-US: Develocity (formerly Gradle Enterprise)
 CVE-2025-24814
 	- lucene-solr <unfixed>
 	NOTE: https://solr.apache.org/security.html#cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files
 	NOTE: https://www.openwall.com/lists/oss-security/2025/01/26/1
 CVE-2024-46881 (Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect  ...)
-	TODO: check
+	NOT-FOR-US: Develocity (formerly Gradle Enterprise)
 CVE-2024-11090 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10705 (The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f68407e56d08a4d4089b7743ecdfea2958f1d74

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f68407e56d08a4d4089b7743ecdfea2958f1d74
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250126/db3e8858/attachment.htm>
