[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 14 20:28:15 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3729b839 by Salvatore Bonaccorso at 2025-03-14T21:27:47+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-2304 (A Privilege Escalation through a Mass Assignment exists in Camaleon CM ...)
-	TODO: check
+	NOT-FOR-US: Camaleon CMS
 CVE-2025-2268 (The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a de ...)
-	TODO: check
+	NOT-FOR-US: HP LaserJet MFP M232-M237 Printer Series
 CVE-2025-2232 (The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, u ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2000 (A maliciously crafted QPY file can potential execute arbitrary-code em ...)
@@ -13,13 +13,13 @@ CVE-2025-29780 (Post-Quantum Secure Feldman's Verifiable Secret Sharing provides
 CVE-2025-29779 (Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Pyt ...)
 	TODO: check
 CVE-2025-29776 (Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Ca ...)
-	TODO: check
+	NOT-FOR-US: Azle
 CVE-2025-29775 (xml-crypto is an XML digital signature and encryption library for Node ...)
-	TODO: check
+	NOT-FOR-US: Node xml-crypto
 CVE-2025-29774 (xml-crypto is an XML digital signature and encryption library for Node ...)
-	TODO: check
+	NOT-FOR-US: Node xml-crypto
 CVE-2025-29771 (HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 ...)
-	TODO: check
+	NOT-FOR-US: HtmlSanitizer Node.js module
 CVE-2025-29387 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /gofor ...)
 	NOT-FOR-US: Tenda
 CVE-2025-29386 (In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/Adv ...)
@@ -45,21 +45,21 @@ CVE-2025-27594 (The device uses an unencrypted, proprietary protocol for communi
 CVE-2025-27593 (The product can be used to distribute malicious code using SDD Device  ...)
 	TODO: check
 CVE-2025-26626 (The GLPI Inventory Plugin handles various types of tasks for GLPI agen ...)
-	TODO: check
+	NOT-FOR-US: GLPI Inventory Plugin
 CVE-2025-26312 (SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass ...)
-	TODO: check
+	NOT-FOR-US: SendQuick Entera devices
 CVE-2025-26216
 	REJECTED
 CVE-2025-26215
 	REJECTED
 CVE-2025-25873 (Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3 ...)
-	TODO: check
+	NOT-FOR-US: Open Panel OpenAdmin
 CVE-2025-25872 (An issue in Open Panel v.0.3.4 allows a remote attacker to escalate pr ...)
-	TODO: check
+	NOT-FOR-US: Open Panel
 CVE-2025-25871 (An issue in Open Panel v.0.3.4 allows a remote attacker to escalate pr ...)
-	TODO: check
+	NOT-FOR-US: Open Panel
 CVE-2025-1888 (The Leica Web Viewer within the Aperio Eslide Manager Application is v ...)
-	TODO: check
+	NOT-FOR-US: Aperio Eslide Manager Application
 CVE-2025-1507 (The ShareThis Dashboard for Google Analytics plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-55594 (An improper handling of syntactically invalid structure in Fortinet Fo ...)
@@ -87,7 +87,7 @@ CVE-2024-40590 (Animproper certificate validation vulnerability [CWE-295] in For
 CVE-2024-40585 (An insertion of sensitive information into log file vulnerabilities [C ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-29409 (File Upload vulnerability in nestjs nest v.10.3.2 allows a remote atta ...)
-	TODO: check
+	NOT-FOR-US: nestjs nest
 CVE-2024-26006 (An improper neutralization of input during web page Generation vulnera ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-13773 (The Civi - Job Board & Freelance Marketplace WordPress Theme plugin fo ...)
@@ -123,7 +123,7 @@ CVE-2024-8176 (A stack overflow vulnerability exists in the libexpat library due
 	NOTE: https://github.com/libexpat/libexpat/issues/893
 	NOTE: https://github.com/libexpat/libexpat/pull/973
 CVE-2025-30022 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: CM Soluces Informatica Ltda Auto Atendimento
 CVE-2025-2289 (The Zegen - Church WordPress Theme theme for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2221 (The WPCOM Member plugin for WordPress is vulnerable to time-based SQL  ...)
@@ -135,7 +135,7 @@ CVE-2025-2103 (The SoundRise Music plugin for WordPress is vulnerable to unautho
 CVE-2025-2056 (The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin for  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-26163 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: CM Soluces Informatica Ltda Auto Atendimento
 CVE-2025-24855 (numbers.c in libxslt before 1.1.43 has a use-after-free because, in ne ...)
 	- libxslt <unfixed>
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
@@ -159,7 +159,7 @@ CVE-2024-55549 (xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/46041b65f2fbddf5c284ee1a1332fa2c515c0515 (v1.1.43)
 CVE-2024-55060 (A cross-site scripting (XSS) vulnerability in the component index.php  ...)
-	TODO: check
+	NOT-FOR-US: Rafed CMS Website
 CVE-2024-13913 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13824 (The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is v ...)
@@ -296544,7 +296544,7 @@ CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load
 CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...)
 	NOT-FOR-US: Gurock TestRail
 CVE-2021-37787 (The unprivileged administrative interface in ABO.CMS version 5.8 throu ...)
-	TODO: check
+	NOT-FOR-US: ABO.CMS
 CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...)
 	NOT-FOR-US: Covid certificate app in Switzerland.
 CVE-2021-37785



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3729b839fec74a5dbd7853ba8cba23cc1f081282

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3729b839fec74a5dbd7853ba8cba23cc1f081282
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250314/98357bd4/attachment.htm>

More information about the debian-security-tracker-commits mailing list