[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu, 09 Jan 2025 13:02:28 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
13eb9100 by Salvatore Bonaccorso at 2025-01-09T22:00:05+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,49 +97,49 @@ CVE-2025-22149 (JWK Set (JSON Web Key Set) is a JWK and JWK 
Set Go implementatio
 CVE-2025-21628 (Chatwoot is a customer engagement suite. Prior to 3.16.0, 
conversation ...)
        TODO: check
 CVE-2025-21602 (An Improper Handling of Exceptional Conditions vulnerability 
in the ro ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2025-21600 (An Out-of-Bounds Read vulnerability in  the routing protocol 
daemon (r ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2025-21599 (AMissing Release of Memory after Effective Lifetime 
vulnerability in t ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2025-21598 (AnOut-of-bounds Read vulnerability in Juniper Networks Junos 
OS and Ju ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2025-21596 (An Improper Handling of Exceptional Conditions vulnerability 
in the co ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2025-21593 (An Improper Control of a Resource Through its Lifetime 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2025-21592 (An Exposure of Sensitive Information to an Unauthorized 
Actorvulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2025-0349 (A vulnerability classified as critical has been found in Tenda 
AC6 15. ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-0348 (A vulnerability was found in CampCodes DepEd Equipment 
Inventory Syste ...)
-       TODO: check
+       NOT-FOR-US: CampCodes DepEd Equipment Inventory System
 CVE-2025-0347 (A vulnerability was found in code-projects Admission Management 
System ...)
-       TODO: check
+       NOT-FOR-US: code-projects Admission Management System
 CVE-2025-0346 (A vulnerability was found in code-projects Content Management 
System 1 ...)
-       TODO: check
+       NOT-FOR-US: code-projects Content Management System
 CVE-2025-0345 (A vulnerability was found in leiyuxi cy-fast 1.0 and classified 
as cri ...)
-       TODO: check
+       NOT-FOR-US: leiyuxi cy-fast
 CVE-2024-6155 (The Greenshift \u2013 animation and page builder blocks plugin 
for Wor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-5769 (The MIMO Woocommerce Order Tracking plugin for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56114 (Canlineapp Online 1.1 is vulnerable to Broken Access Control 
and allow ...)
-       TODO: check
+       NOT-FOR-US: Canlineapp Online
 CVE-2024-56113 (Smart Toilet Lab - Motius 1.3.11 is running with debug mode 
turned on  ...)
        TODO: check
 CVE-2024-55494 (A cross-site scripting (XSS) vulnerability in Opencode Mobile 
Collect  ...)
-       TODO: check
+       NOT-FOR-US: Opencode Mobile Collect Call
 CVE-2024-54887 (TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier 
contain a ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2024-54762 (Ruoyi v.4.7.9 and before contains an authenticated SQL 
injection vulne ...)
-       TODO: check
+       NOT-FOR-US: Ruoyi
 CVE-2024-54761 (BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection 
via the  ...)
-       TODO: check
+       NOT-FOR-US: BigAnt Office Messenger
 CVE-2024-54724 (PHPYun before 7.0.2 is vulnerable to code execution through 
backdoor-r ...)
-       TODO: check
+       NOT-FOR-US: PHPYun
 CVE-2024-46505 (Infoblox BloxOne v2.4 was discovered to contain a business 
logic flaw  ...)
-       TODO: check
+       NOT-FOR-US: Infoblox BloxOne
 CVE-2024-43176 (IBM OpenPages 9.0 could allow an authenticated user to obtain 
sensitiv ...)
        NOT-FOR-US: IBM
 CVE-2024-13284 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal 
Gutenberg al ...)
@@ -239,65 +239,65 @@ CVE-2024-13238 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2024-13237 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        TODO: check
 CVE-2024-13153 (The Unlimited Elements For Elementor plugin for WordPress is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12848 (The SKT Page Builder plugin for WordPress is vulnerable to 
arbitrary f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12819 (The Searchie plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12802 (SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific 
cases du ...)
-       TODO: check
+       NOT-FOR-US: SonicWALL
 CVE-2024-12621 (The Yumpu E-Paper publishing plugin for WordPress is 
vulnerable to Sto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12618 (The Newsletter2Go plugin for WordPress is vulnerable to 
unauthorized m ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12616 (The Bitly's WordPress Plugin plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12605 (The AI Scribe \u2013 SEO AI Writer, Content Generator, 
Humanizer, Blog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12542 (The linkID plugin for WordPress is vulnerable to unauthorized 
access o ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12515 (The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12514 (The 3DVieweronline plugin for WordPress is vulnerable to 
Stored Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12496 (The Linear plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12493 (The Files Download Delay plugin for WordPress is vulnerable to 
Stored  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12491 (The SimplyRETS Real Estate IDX plugin for WordPress is 
vulnerable to S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12394 (The Action Network plugin for WordPress is vulnerable to 
Cross-Site Re ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12330 (The WP Database Backup \u2013 Unlimited Database & Files 
Backup by Bac ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12285 (The SEMA API plugin for WordPress is vulnerable to Reflected 
Cross-Sit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12249 (The GS Insever Portfolio plugin for WordPress is vulnerable to 
unautho ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12222 (The Deliver via Shipos for WooCommerce plugin for WordPress is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12218 (The Woocommerce check pincode/zipcode for shipping plugin for 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12206 (The WordPress Header Builder Plugin \u2013 Pearl plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12122 (The ResAds plugin for WordPress is vulnerable to Reflected 
Cross-Site  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12067 (The WP Travel \u2013 Ultimate Travel Booking System, Tour 
Management E ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11929 (The Responsive FlipBook Plugin Wordpress plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11907 (The Skyword API Plugin plugin for WordPress is vulnerable to 
Stored Cr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11815 (The P\xf3sturinn\'s Shipping with WooCommerce plugin for 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11686 (The WhatsApp \U0001f680 click to chat plugin for WordPress is 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11642 (The Post Grid Master \u2013 Custom Post Types, Taxonomies & 
Ajax Filte ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11328 (The CLUEVO LMS, E-Learning Platform plugin for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10215 (The WPBookit plugin for WordPress is vulnerable to Arbitrary 
User Pass ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10106 (A buffer overflow vulnerability in the packet handoff plugin 
allows an ...)
        TODO: check
 CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite 
permission ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13eb910053a1130850c23fd5a87cf98e39491226

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13eb910053a1130850c23fd5a87cf98e39491226
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to