[Git][security-tracker-team/security-tracker][master] Re-associate some older CVEs with koha itp'ed bug

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb8407d6 by Salvatore Bonaccorso at 2025-03-17T07:32:50+01:00
Re-associate some older CVEs with koha itp'ed bug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2025-2337 (A vulnerability, which was classified as critical, has been found
 CVE-2025-30077 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an i ...)
 	NOT-FOR-US: onos-lib-go
 CVE-2025-30076 (Koha before 24.11.02 allows admins to execute arbitrary commands via s ...)
-	NOT-FOR-US: Koha
+	- koha <itp> (bug #702134)
 CVE-2025-30074 (Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macO ...)
 	NOT-FOR-US: Alludo Parallels Desktop
 CVE-2025-2335 (A vulnerability classified as problematic was found in Drivin Solu\xe7 ...)
@@ -620,7 +620,7 @@ CVE-2025-25566 (Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an at
 CVE-2025-25565 (SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Comman ...)
 	NOT-FOR-US: SoftEtherVPN
 CVE-2025-22954 (GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows ...)
-	NOT-FOR-US: Koha Library Management System
+	- koha <itp> (bug #702134)
 CVE-2025-21590 (An Improper Isolation or Compartmentalization vulnerability in the ker ...)
 	NOT-FOR-US: Juniper
 CVE-2025-20209 (A vulnerability in the Internet Key Exchange version 2 (IKEv2) functio ...)
@@ -63039,9 +63039,9 @@ CVE-2024-33897 (A compromised HMS Networks Cosy+ device could be used to request
 CVE-2024-30170 (PrivX before 34.0 allows data exfiltration and denial of service via t ...)
 	NOT-FOR-US: PrivX
 CVE-2024-28740 (Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows ...)
-	NOT-FOR-US: Koha ILS
+	- koha <itp> (bug #702134)
 CVE-2024-28739 (An issue in Koha ILS 23.05 and before allows a remote attacker to exec ...)
-	NOT-FOR-US: Koha ILS
+	- koha <itp> (bug #702134)
 CVE-2024-23483 (An Improper Input Validation vulnerability in Zscaler Client Connector ...)
 	NOT-FOR-US: Zscaler Client Connector on MacOS
 CVE-2024-23464 (In certain cases, Zscaler Internet Access (ZIA) can be disabled by Pow ...)
@@ -95921,7 +95921,7 @@ CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1,
 CVE-2023-7252 (The Tickera  WordPress plugin before 3.5.2.5 does not prevent users fr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2018-25101 (A vulnerability, which was classified as problematic, has been found i ...)
-	NOT-FOR-US: Koha Library Management System
+	- koha <itp> (bug #702134)
 CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
@@ -106851,7 +106851,7 @@ CVE-2024-28283 (There is stack-based buffer overflow vulnerability in pc_change_
 CVE-2024-28092 (UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a r ...)
 	NOT-FOR-US: UBEE DDW365 XCNDDW365
 CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the '/members/m ...)
-	NOT-FOR-US: Koha Library Management System
+	- koha <itp> (bug #702134)
 CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2 ...)
 	NOT-FOR-US: Spring Authorization Server
 CVE-2024-22085 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
@@ -116659,7 +116659,7 @@ CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53,
 CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...)
 	NOT-FOR-US: SAP
 CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...)
-	NOT-FOR-US: Koha Library Management System
+	- koha <itp> (bug #702134)
 CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...)
 	- openrefine 3.7.8-1 (bug #1064192)
 	[bookworm] - openrefine <no-dsa> (Minor issue)
@@ -139395,9 +139395,9 @@ CVE-2023-4936 (It is possible to sideload a compromised DLL during the installat
 CVE-2023-45396 (An Insecure Direct Object Reference (IDOR) vulnerability leads to even ...)
 	NOT-FOR-US: Insecure Direct Object Reference
 CVE-2023-44962 (File Upload vulnerability in Koha Library Software 23.05.04 and before ...)
-	NOT-FOR-US: Koha
+	- koha <itp> (bug #702134)
 CVE-2023-44961 (SQL Injection vulnerability in Koha Library Software 23.0.5.04 and bef ...)
-	NOT-FOR-US: Koha
+	- koha <itp> (bug #702134)
 CVE-2023-44186 (An Improper Handling of Exceptional Conditions vulnerability in AS PAT ...)
 	NOT-FOR-US: Juniper
 CVE-2023-44119 (Vulnerability of mutual exclusion management in the kernel module.Succ ...)
@@ -629373,7 +629373,7 @@ CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (ak
 	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
 	NOTE: https://www.openwall.com/lists/oss-security/2015/06/18/3
 CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl  ...)
-	NOT-FOR-US: Koha
+	- koha <itp> (bug #702134)
 CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM,  ...)
 	NOT-FOR-US: FastL4
 CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8407d6a2c4cfa45961716d480ebb4fd5aa972c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8407d6a2c4cfa45961716d480ebb4fd5aa972c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250317/1f506eaa/attachment.htm>