[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 29 21:15:29 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6dab3a69 by Salvatore Bonaccorso at 2025-01-29T22:15:01+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
 CVE-2025-24882 (regclient is a Docker and OCI Registry Client in Go. A malicious regis ...)
 	- golang-github-regclient-regclient <itp> (bug #1084521)
 CVE-2025-24792 (Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (P ...)
-	TODO: check
+	NOT-FOR-US: Snowflake PHP PDO Driver
 CVE-2025-24791 (snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake ...)
-	TODO: check
+	NOT-FOR-US: snowflake-connector-nodejs
 CVE-2025-24790 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...)
-	TODO: check
+	NOT-FOR-US: Snowflake JDBC
 CVE-2025-24789 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...)
-	TODO: check
+	NOT-FOR-US: Snowflake JDBC
 CVE-2025-24527 (An issue was discovered in Akamai Enterprise Application Access (EAA)  ...)
-	TODO: check
+	NOT-FOR-US: Akamai
 CVE-2025-24374 (Twig is a template language for PHP. When using the ?? operator, outpu ...)
 	TODO: check
 CVE-2025-20061 (mySCADA myPRO does not properly neutralize POST requests sent to a spe ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2025-20014 (mySCADA myPRO does not properly neutralize POST requests sent to a spe ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2025-0840 (A vulnerability, which was classified as problematic, was found in GNU ...)
 	TODO: check
 CVE-2025-0617 (An attacker with access to an HX 10.0.0  and previous versions, may se ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2025-0353 (The Divi Torque Lite \u2013 Best Divi Addon, Extensions, Modules & Soc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-57965 (In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a U ...)
 	TODO: check
 CVE-2024-57439 (An issue in the reset password interface of ruoyi v4.8.0 allows attack ...)
-	TODO: check
+	NOT-FOR-US: ruoyi
 CVE-2024-57438 (Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to ...)
-	TODO: check
+	NOT-FOR-US: RuoYi
 CVE-2024-57437 (RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: RuoYi
 CVE-2024-57436 (RuoYi v4.8.0 was discovered to allow unauthorized attackers to view th ...)
-	TODO: check
+	NOT-FOR-US: RuoYi
 CVE-2024-54462 (The file names constructed within image_picker are missing sanitizatio ...)
 	TODO: check
 CVE-2024-54461 (The file names constructed within file_selector are missing sanitizati ...)
 	TODO: check
 CVE-2024-48852 (Insertion of Sensitive Information into Log File vulnerability observe ...)
-	TODO: check
+	NOT-FOR-US: FLEXON
 CVE-2024-48849 (Missing Origin Validation in WebSockets vulnerability inFLXEON. Sessio ...)
-	TODO: check
+	NOT-FOR-US: FLEXON
 CVE-2024-41140 (Zohocorp ManageEngine Applications Manager versions174000 and prior ar ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-13561 (The Target Video Easy Publish plugin for WordPress is vulnerable to St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10001 (A Code Injection vulnerability was identified in GitHub Enterprise Ser ...)
 	TODO: check
 CVE-2023-37413 (IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive userna ...)
@@ -493386,7 +493386,7 @@ CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bou
 CVE-2018-9379 (In multiple functions of MiniThumbFile.java, there is a possible way t ...)
 	NOT-FOR-US: Android
 CVE-2018-9378 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9377 (In getIntentForIntentSender of ActivityManagerService.java, there is a ...)
 	NOT-FOR-US: Android
 CVE-2018-9376 (In rpc_msg_handler and related handlers ofdrivers/misc/mediatek/eccci/ ...)
@@ -493396,7 +493396,7 @@ CVE-2018-9375 (In multiple functions of UserDictionaryProvider.java, there is a
 CVE-2018-9374 (In installPackageLI of PackageManagerService.java, there is a possible ...)
 	NOT-FOR-US: Android
 CVE-2018-9373 (In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9372 (In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out  ...)
 	NOT-FOR-US: Android
 CVE-2018-9371 (In the Mediatek Preloader, there are out of bounds reads and writes du ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dab3a69daff9793faa90d2cb98303278b6915f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dab3a69daff9793faa90d2cb98303278b6915f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250129/cc83f691/attachment.htm>

More information about the debian-security-tracker-commits mailing list