[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 31 08:43:46 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
972f8377 by Salvatore Bonaccorso at 2025-01-31T09:43:10+01:00
Process some NFUs

Some Boradcom issues are straight marked as NFUs as there is no real
trackable information available on those CVEs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,15 +3,15 @@ CVE-2025-24886 (pwn.college is an education platform to learn about, and practic
 CVE-2025-24885 (pwn.college is an education platform to learn about, and practice, cor ...)
 	NOT-FOR-US: pwn.college
 CVE-2025-24336 (SXF Common Library handles input data improperly. If a product using t ...)
-	TODO: check
+	NOT-FOR-US: SXF Common Library
 CVE-2025-22216 (A UAA configured with multiple identity zones, does not properly valid ...)
-	TODO: check
+	NOT-FOR-US: CloudFoundry
 CVE-2025-0882 (A vulnerability was found in code-projects Chat System up to 1.0. It h ...)
-	TODO: check
+	NOT-FOR-US: code-projects Chat System
 CVE-2025-0881 (A vulnerability was found in Codezips Gym Management System 1.0. It ha ...)
-	TODO: check
+	NOT-FOR-US: Codezips Gym Management System
 CVE-2025-0880 (A vulnerability was found in Codezips Gym Management System 1.0 and cl ...)
-	TODO: check
+	NOT-FOR-US: Codezips Gym Management System
 CVE-2025-0809 (The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0574 (Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnera ...)
@@ -35,9 +35,9 @@ CVE-2025-0493 (The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Mark
 CVE-2025-0470 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53007 (Bentley Systems ProjectWise Integration Server before 10.00.03.288 all ...)
-	TODO: check
+	NOT-FOR-US: Bentley Systems ProjectWise Integration Server
 CVE-2024-52875 (An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The  ...)
-	TODO: check
+	NOT-FOR-US: GFI Kerio Control
 CVE-2024-47900 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2024-47899 (Software installed and run as a non-privileged user may conduct improp ...)
@@ -143,7 +143,7 @@ CVE-2024-11610 (AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption
 CVE-2024-11609 (AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overf ...)
 	NOT-FOR-US: AutomationDirect
 CVE-2024-10867 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6195 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	TODO: check
 CVE-2025-24883 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
@@ -153,21 +153,21 @@ CVE-2025-24802 (Plonky2 is a SNARK implementation based on techniques from PLONK
 CVE-2025-24784 (kubewarden-controller is a Kubernetes controller that allows you to dy ...)
 	NOT-FOR-US: kubewarden-controller
 CVE-2025-24507 (This vulnerability allows appliance compromise at boot time.)
-	TODO: check
+	NOT-FOR-US: Boradcom
 CVE-2025-24506 (A specific authentication strategy allows to learn ids of PAM users as ...)
-	TODO: check
+	NOT-FOR-US: Boradcom
 CVE-2025-24505 (This vulnerability allows a high-privileged authenticated PAM user to  ...)
-	TODO: check
+	NOT-FOR-US: Boradcom
 CVE-2025-24504 (An improper input validation the CSRF filter results in unsanitized us ...)
-	TODO: check
+	NOT-FOR-US: Boradcom
 CVE-2025-24503 (A malicious actor can fix the session of a PAM user by tricking the us ...)
-	TODO: check
+	NOT-FOR-US: Boradcom
 CVE-2025-24502 (An improper session validation allows an unauthenticated attacker to c ...)
-	TODO: check
+	NOT-FOR-US: Boradcom
 CVE-2025-24501 (An improper input validation allows an unauthenticated attacker to alt ...)
-	TODO: check
+	NOT-FOR-US: Boradcom
 CVE-2025-24500 (The vulnerability allows an unauthenticated attacker to access informa ...)
-	TODO: check
+	NOT-FOR-US: Boradcom
 CVE-2025-24376 (kubewarden-controller is a Kubernetes controller that allows you to dy ...)
 	NOT-FOR-US: kubewarden-controller
 CVE-2025-24099 (The issue was addressed with improved checks. This issue is fixed in m ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972f8377fb510c4d05935dfd066e98ea333f165e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972f8377fb510c4d05935dfd066e98ea333f165e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250131/e761bec5/attachment.htm>

More information about the debian-security-tracker-commits mailing list