[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 1 08:44:33 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08ad3fb2 by Salvatore Bonaccorso at 2025-03-01T09:43:59+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
 CVE-2025-27554 (ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and o ...)
-	TODO: check
+	NOT-FOR-US: ToDesktop
 CVE-2025-27416 (Scratch-Coding-Hut.github.io is the website for Coding Hut. The websit ...)
-	TODO: check
+	NOT-FOR-US: Scratch-Coding-Hut.github.io flaw
 CVE-2025-27414 (MinIO is a high performance object storage. Starting in RELEASE.2024-0 ...)
 	TODO: check
 CVE-2025-27413 (PwnDoc is a penetration test reporting application. Prior to version 1 ...)
-	TODO: check
+	NOT-FOR-US: PwnDoc
 CVE-2025-27410 (PwnDoc is a penetration test reporting application. Prior to version 1 ...)
-	TODO: check
+	NOT-FOR-US: PwnDoc
 CVE-2025-25723 (Buffer Overflow vulnerability in GPAC version 2.5 allows a local attac ...)
 	TODO: check
 CVE-2025-25478 (The account file upload functionality in Syspass 3.2.x fails to proper ...)
-	TODO: check
+	NOT-FOR-US: Syspass
 CVE-2025-25476 (A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x all ...)
-	TODO: check
+	NOT-FOR-US: Syspass
 CVE-2025-25379 (Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a  ...)
-	TODO: check
+	NOT-FOR-US: 07FLYCMS
 CVE-2025-23119 (An Improper Neutralization of Escape Sequences vulnerability could all ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2025-23118 (An Improper Certificate Validation vulnerability could allow an authen ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2025-23117 (An Insufficient Firmware Update Validation vulnerability could allow a ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2025-23116 (An Authentication Bypass vulnerability on UniFi Protect Application wi ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2025-23115 (A Use After Free vulnerability on UniFi Protect Cameras could allow a  ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2025-1803
 	REJECTED
 CVE-2025-1780 (The BuddyPress WooCommerce My Account Integration. Create WooCommerce  ...)
@@ -49,7 +49,7 @@ CVE-2024-9217 (The Currency Switcher for WooCommerce plugin for WordPress is vul
 CVE-2024-9212 (The SKU Generator for WooCommerce plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1509 (Brocade ASCG before 3.2.0 Web Interface  is not  enforcing HSTS, as de ...)
-	TODO: check
+	NOT-FOR-US: Brocade ASCG
 CVE-2024-13911 (The Database Backup and check Tables Automated With Scheduler 2024 plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13901 (The Counter Box: Add Engaging Countdowns, Timers & Counters to Your Wo ...)
@@ -103,15 +103,15 @@ CVE-2025-25429 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Script
 CVE-2025-25428 (TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded pas ...)
 	NOT-FOR-US: Trendnet
 CVE-2025-24849 (Lack of encryption in transit for cloud infrastructure facilitating po ...)
-	TODO: check
+	NOT-FOR-US: Dario Health
 CVE-2025-24843 (Insecure file retrieval process that facilitates potential for file ma ...)
-	TODO: check
+	NOT-FOR-US: Dario Health
 CVE-2025-24318 (Cookie policy is observable via built-in browser tools. In the presenc ...)
-	TODO: check
+	NOT-FOR-US: Dario Health
 CVE-2025-24316 (The Dario Health Internet-based server infrastructure is vulnerable du ...)
-	TODO: check
+	NOT-FOR-US: Dario Health
 CVE-2025-23405 (Unauthenticated log effects metrics gathering incident response effort ...)
-	TODO: check
+	NOT-FOR-US: Dario Health
 CVE-2025-22492 (The connection string visible to users with access to FRSCore database ...)
 	NOT-FOR-US: Eaton
 CVE-2025-22491 (The user input was not sanitized on Reporting Hierarchy Management pag ...)
@@ -127,9 +127,9 @@ CVE-2025-22271 (The application or its infrastructure allows for IP address spoo
 CVE-2025-22270 (An attacker with access to the Administration panel, specifically the  ...)
 	NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
 CVE-2025-20060 (An attacker could expose cross-user personal identifiable information  ...)
-	TODO: check
+	NOT-FOR-US: Dario Health
 CVE-2025-20049 (The Dario Health portal service application is vulnerable to XSS, whic ...)
-	TODO: check
+	NOT-FOR-US: Dario Health
 CVE-2025-1795 (During an address list folding when a separating comma ends up on a fo ...)
 	- python3.13 3.13.0~b1-1
 	- python3.12 3.12.9-1
@@ -183,7 +183,7 @@ CVE-2024-8420 (The DHVC Form plugin for WordPress is vulnerable to privilege esc
 CVE-2024-54175 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD   could allow a local user ...)
 	NOT-FOR-US: IBM
 CVE-2024-44754 (Cryptographic key extraction from internal flash in Minut M2 with firm ...)
-	TODO: check
+	NOT-FOR-US: Minut
 CVE-2024-13851 (The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13832 (The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ad3fb223a2c13302edeb021f9e50c436832b1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ad3fb223a2c13302edeb021f9e50c436832b1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250301/0f77a378/attachment.htm>

More information about the debian-security-tracker-commits mailing list