[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 27 20:27:47 GMT 2025



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9c079c1 by Salvatore Bonaccorso at 2025-01-27T21:27:23+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-24783 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Ran ...)
-	TODO: check
+	NOT-FOR-US: Apache Cocoon
 CVE-2025-24782 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-24754 (Missing Authorization vulnerability in Houzez.co Houzez. This issue af ...)
@@ -75,109 +75,109 @@ CVE-2025-24365 (vaultwarden is an unofficial Bitwarden compatible server written
 CVE-2025-24364 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
 	TODO: check
 CVE-2025-24357 (vLLM is a library for LLM inference and serving. vllm/model_executor/w ...)
-	TODO: check
+	NOT-FOR-US: vLLM
 CVE-2025-24354 (imgproxy is server for resizing, processing, and converting images. Im ...)
-	TODO: check
+	NOT-FOR-US: imgproxy
 CVE-2025-23982 (Missing Authorization vulnerability in Marian Kanev Cab fare calculato ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23849 (Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23792 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23669 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23656 (Missing Authorization vulnerability in Saul Morales Pacheco Donate vis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23531 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23529 (Missing Authorization vulnerability in Blokhaus Minterpress allows Acc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23457 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-23197 (matrix-hookshot is a Matrix bot for connecting to external services li ...)
 	TODO: check
 CVE-2025-22604 (Cacti is an open source performance and fault management framework. Du ...)
 	TODO: check
 CVE-2025-22513 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0751 (A vulnerability classified as critical has been found in Axiomatic Ben ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2025-0734 (A vulnerability has been found in y_project RuoYi up to 4.8.0 and clas ...)
-	TODO: check
+	NOT-FOR-US: y_project RuoYi
 CVE-2025-0733 (A vulnerability, which was classified as problematic, was found in Pos ...)
-	TODO: check
+	NOT-FOR-US: Postman
 CVE-2025-0732 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Discord
 CVE-2025-0730 (A vulnerability classified as problematic has been found in TP-Link TL ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-0729 (A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Re ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-0696 (A NULL Pointer Dereferencevulnerability in Cesanta Frozen versions les ...)
 	TODO: check
 CVE-2025-0695 (An Allocation of Resources Without Limits orThrottling vulnerability i ...)
 	TODO: check
 CVE-2024-57595 (DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: DLINK
 CVE-2024-57590 (TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vul ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-57276 (In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service c ...)
-	TODO: check
+	NOT-FOR-US: Electronic Arts Dragon Age Origins
 CVE-2024-57272 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnera ...)
-	TODO: check
+	NOT-FOR-US: SecuSTATION Camera
 CVE-2024-56972 (An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: Midea Home
 CVE-2024-56971 (An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technolog ...)
-	TODO: check
+	NOT-FOR-US: Shuqi Novel
 CVE-2024-56969 (An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7. ...)
-	TODO: check
+	NOT-FOR-US: BeautyPlus
 CVE-2024-56968 (An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 a ...)
-	TODO: check
+	NOT-FOR-US: Govee Home
 CVE-2024-56967 (An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: PolyBuzz
 CVE-2024-56966 (An issue in Shanghai Xuan Ting Entertainment Information & Technology  ...)
-	TODO: check
+	NOT-FOR-US: Qidian Reader
 CVE-2024-56965 (An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS ...)
-	TODO: check
+	NOT-FOR-US: Shihuo
 CVE-2024-56964 (An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guaz ...)
-	TODO: check
+	NOT-FOR-US: Guazi Used Car
 CVE-2024-56963 (An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input  ...)
-	TODO: check
+	NOT-FOR-US: Sogou Input
 CVE-2024-56962 (An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39  ...)
-	TODO: check
+	NOT-FOR-US: WeSing
 CVE-2024-56960 (An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdi ...)
-	TODO: check
+	NOT-FOR-US: BeiKe Holdings
 CVE-2024-56959 (An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows ...)
-	TODO: check
+	NOT-FOR-US: Anyihua
 CVE-2024-56957 (An issue in Kingsoft Office Software Corporation Limited WPS Office iO ...)
-	TODO: check
+	NOT-FOR-US: Kingsoft Office Software Corporation Limited WPS Office
 CVE-2024-56955 (An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6 ...)
-	TODO: check
+	NOT-FOR-US: QQMail
 CVE-2024-56954 (An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Vi ...)
-	TODO: check
+	NOT-FOR-US: Haokan Video
 CVE-2024-56953 (An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12. ...)
-	TODO: check
+	NOT-FOR-US: Baidu Input Method (iOS version)
 CVE-2024-56952 (An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lit ...)
-	TODO: check
+	NOT-FOR-US: Baidu Lite
 CVE-2024-56951 (An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.1 ...)
-	TODO: check
+	NOT-FOR-US: UU Game Booster
 CVE-2024-56950 (An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows  ...)
-	TODO: check
+	NOT-FOR-US: KuGou Concept
 CVE-2024-56949 (An issue in Guangzhou Polar Future Culture Technology Co., Ltd Univers ...)
-	TODO: check
+	NOT-FOR-US: University Search
 CVE-2024-56948 (An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows at ...)
-	TODO: check
+	NOT-FOR-US: KuGou Music
 CVE-2024-56947 (An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 a ...)
-	TODO: check
+	NOT-FOR-US: BeautyCam
 CVE-2024-55931 (Xerox Workplace Suite stores tokens in session storage, which may expo ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2024-55228 (A cross-site scripting (XSS) vulnerability in the Product module of Do ...)
 	TODO: check
 CVE-2024-55227 (A cross-site scripting (XSS) vulnerability in the Events/Agenda module ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c079c1b6848f6dba005bbec20d75ca1a2e227f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c079c1b6848f6dba005bbec20d75ca1a2e227f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250127/a343adce/attachment.htm>


More information about the debian-security-tracker-commits mailing list