[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 30 13:42:37 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f00fa3d8 by Salvatore Bonaccorso at 2025-01-30T14:38:54+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation requests to th ...)
-	TODO: check
+	NOT-FOR-US: kube-audit-rest
 CVE-2025-24795 (The Snowflake Connector for Python provides an interface for developin ...)
 	NOT-FOR-US: Snowflake Connector for Python
 CVE-2025-24794 (The Snowflake Connector for Python provides an interface for developin ...)
@@ -11,11 +11,11 @@ CVE-2025-24788 (snowflake-connector-net is the Snowflake Connector for .NET. Sno
 CVE-2025-23374 (Dell Networking Switches running Enterprise SONiC OS, version(s) prior ...)
 	NOT-FOR-US: Dell
 CVE-2025-21415 (Authentication bypass by spoofing in Azure AI Face Service allows an a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-21396 (Missing authorization in Microsoft Account allows an unauthorized atta ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-0851 (A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Ja ...)
-	TODO: check
+	NOT-FOR-US: Deep Java Library (DJL)
 CVE-2025-0849 (A vulnerability classified as critical has been found in CampCodes Sch ...)
 	NOT-FOR-US: CampCodes School Management Software
 CVE-2025-0848 (A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been  ...)
@@ -33,11 +33,11 @@ CVE-2025-0842 (A vulnerability was found in needyamin Library Card System 1.0 an
 CVE-2025-0841 (A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCa ...)
 	NOT-FOR-US: Aridius XYZ
 CVE-2025-0662 (In some cases, the ktrace facility will log the contents of kernel str ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2025-0374 (When etcupdate encounters conflicts while merging files, it saves a ve ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2025-0373 (On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, t ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-57665 (JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/e ...)
 	NOT-FOR-US: JFinalCMS
 CVE-2024-57513 (A floating-point exception (FPE) vulnerability exists in the AP4_TfraA ...)
@@ -49,35 +49,35 @@ CVE-2024-57509 (Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d197
 CVE-2024-57395 (Password Vulnerability in Safety production process management system  ...)
 	NOT-FOR-US: Password Vulnerability in Safety production process management system
 CVE-2024-54852 (When LDAP connection is activated in Teedy versions between 1.9 to 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Teedy
 CVE-2024-54851 (Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due  ...)
-	TODO: check
+	NOT-FOR-US: Teedy
 CVE-2024-51182 (HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 a ...)
 	NOT-FOR-US: Celk Sistemas Celk Saude
 CVE-2024-48761 (The specific component in Celk Saude 3.1.252.1 that processes user inp ...)
 	NOT-FOR-US: Celk Saude
 CVE-2024-23733 (The /WmAdmin/,/invoke/vm.server/login login page in the Integration Se ...)
-	TODO: check
+	NOT-FOR-US: Software AG webMethods
 CVE-2024-13642 (The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13470 (The Ninja Forms \u2013 The Contact Form Builder That Grows With You pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13457 (The Event Tickets and Registration plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12921 (The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12709 (The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF check ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12708 (The Bulk Me Now! WordPress plugin through 2.0 does not validate and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12638 (The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12400 (The tourmaster WordPress plugin before 5.3.5 does not escape generated ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12163 (The goodlayers-core WordPress plugin before 2.1.3 allows users with a  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10309 (The Tracking Code Manager WordPress plugin before 2.4.0 does not sanit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-24528 [Prevent overflow when calculating ulog block size]
 	- krb5 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
@@ -126,9 +126,9 @@ CVE-2024-57437 (RuoYi v4.8.0 was discovered to contain a SQL injection vulnerabi
 CVE-2024-57436 (RuoYi v4.8.0 was discovered to allow unauthorized attackers to view th ...)
 	NOT-FOR-US: RuoYi
 CVE-2024-54462 (The file names constructed within image_picker are missing sanitizatio ...)
-	TODO: check
+	NOT-FOR-US: flutter/image_picker_android
 CVE-2024-54461 (The file names constructed within file_selector are missing sanitizati ...)
-	TODO: check
+	NOT-FOR-US: flutter/file_selector_android
 CVE-2024-48852 (Insertion of Sensitive Information into Log File vulnerability observe ...)
 	NOT-FOR-US: FLEXON
 CVE-2024-48849 (Missing Origin Validation in WebSockets vulnerability inFLXEON. Sessio ...)
@@ -138,7 +138,7 @@ CVE-2024-41140 (Zohocorp ManageEngine Applications Manager versions174000 and pr
 CVE-2024-13561 (The Target Video Easy Publish plugin for WordPress is vulnerable to St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10001 (A Code Injection vulnerability was identified in GitHub Enterprise Ser ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-37413 (IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive userna ...)
 	NOT-FOR-US: IBM
 CVE-2023-37412 (IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00fa3d83fbc4f01902ec83082d81e9c70a125f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00fa3d83fbc4f01902ec83082d81e9c70a125f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250130/1a4e8a18/attachment.htm>

More information about the debian-security-tracker-commits mailing list