[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 14 20:19:21 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76ae218e by Salvatore Bonaccorso at 2025-03-14T21:18:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-2304 (A Privilege Escalation through a Mass Assignment exists in Camale
 CVE-2025-2268 (The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a de ...)
 	TODO: check
 CVE-2025-2232 (The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2000 (A maliciously crafted QPY file can potential execute arbitrary-code em ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-29782 (WeGIA is Web manager for charitable institutions A Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-29780 (Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Pyt ...)
 	TODO: check
 CVE-2025-29779 (Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Pyt ...)
@@ -21,21 +21,21 @@ CVE-2025-29774 (xml-crypto is an XML digital signature and encryption library fo
 CVE-2025-29771 (HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 ...)
 	TODO: check
 CVE-2025-29387 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /gofor ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29386 (In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/Adv ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29385 (In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /gofo ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29384 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/ ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29032 (Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overfl ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29031 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29030 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29029 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-27606 (Element Android is an Android Matrix Client provided by Element. Eleme ...)
 	TODO: check
 CVE-2025-27595 (The device uses a weak hashing alghorithm to create the password hash. ...)
@@ -61,9 +61,9 @@ CVE-2025-25871 (An issue in Open Panel v.0.3.4 allows a remote attacker to escal
 CVE-2025-1888 (The Leica Web Viewer within the Aperio Eslide Manager Application is v ...)
 	TODO: check
 CVE-2025-1507 (The ShareThis Dashboard for Google Analytics plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-55594 (An improper handling of syntactically invalid structure in Fortinet Fo ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-54449 (The API used to interact with documents in the application contains tw ...)
 	TODO: check
 CVE-2024-54448 (The Automation Scripting functionality can be exploited by attackers t ...)
@@ -75,29 +75,29 @@ CVE-2024-54446 (Document history functionality contains a blind SQL injection th
 CVE-2024-54445 (Login functionality contains a blind SQL injection that can be exploit ...)
 	TODO: check
 CVE-2024-47573 (An improper validation of integrity check value vulnerability [CWE-354 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-46662 (A improper neutralization of special elements used in a command ('comm ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-45643 (IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-45638 (IBM Security QRadar 3.12 EDR stores user credentials in plain text whi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-40590 (Animproper certificate validation vulnerability [CWE-295] in FortiPort ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-40585 (An insertion of sensitive information into log file vulnerabilities [C ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-29409 (File Upload vulnerability in nestjs nest v.10.3.2 allows a remote atta ...)
 	TODO: check
 CVE-2024-26006 (An improper neutralization of input during web page Generation vulnera ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-13773 (The Civi - Job Board & Freelance Marketplace WordPress Theme plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13772 (The Civi - Job Board & Freelance Marketplace WordPress Theme plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13771 (The Civi - Job Board & Freelance Marketplace WordPress Theme plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12810 (The JobCareer | Job Board Responsive WordPress Theme theme for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12245 (Logout functionality contains a blind SQL injection that can be exploi ...)
 	TODO: check
 CVE-2024-12020 (There is a reflected cross-site scripting (XSS) within JSP files used  ...)
@@ -105,11 +105,11 @@ CVE-2024-12020 (There is a reflected cross-site scripting (XSS) within JSP files
 CVE-2024-12019 (The API used to interact with documents in the application contains a  ...)
 	TODO: check
 CVE-2023-48785 (An improper certificate validation vulnerability [CWE-295] in FortiNAC ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-45588 (An external control of file name or path vulnerability [CWE-73] in  Fo ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-33300 (A improper neutralization of special elements used in a command ('comm ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-52927 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/4914109a8e1e494c6aa9852f9e84ec77a5fc643f (6.6-rc1)
@@ -82505,7 +82505,7 @@ CVE-2024-2119 (The LuckyWP Table of Contents plugin for WordPress is vulnerable
 CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1446 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
@@ -247279,7 +247279,7 @@ CVE-2022-29061 (An improper neutralization of special elements used in an OS com
 CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-29059 (An improper neutralization of special elements used in an SQL command( ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-29058 (An improper neutralization of special elements [CWE-89] used in an OS  ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-29057 (A improper neutralization of input during web page generation ('cross- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ae218e6c8ecbafbba01d7c1cbb32d115fe7eff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ae218e6c8ecbafbba01d7c1cbb32d115fe7eff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250314/3d10c104/attachment.htm>

More information about the debian-security-tracker-commits mailing list