[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 21 Jan 2025 12:41:50 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dac300bf by Salvatore Bonaccorso at 2025-01-21T21:39:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,149 +53,149 @@ CVE-2025-23184 (A potential denial of service 
vulnerability is present in versio
 CVE-2025-23086 (On most desktop platforms, Brave Browser versions 
1.70.x-1.73.x includ ...)
        - brave-browser <itp> (bug #864795)
 CVE-2025-22825 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22763 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22735 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22733 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22732 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22727 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22723 (Unrestricted Upload of File with Dangerous Type vulnerability 
in UkrSo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22722 (Missing Authorization vulnerability in Widget Options Team 
Widget Opti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22721 (Missing Authorization vulnerability in Farhan Noor ApplyOnline 
\u2013  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22719 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22718 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22717 (Missing Authorization vulnerability in Joe Dolson My Tickets 
allows Ac ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22716 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22711 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22710 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22709 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22706 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22661 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22553 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22322 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22318 (Missing Authorization vulnerability in Eniture Technology 
Standard Box ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22311 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22276 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22267 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22262 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-22150 (Undici is an HTTP/1.1 client. Starting in version 4.5.0 and 
prior to v ...)
        TODO: check
 CVE-2025-0623
        REJECTED
 CVE-2025-0615 (Input validation vulnerability in Qualifio's Wheel of Fortune. 
This vu ...)
-       TODO: check
+       NOT-FOR-US: Qualifio's Wheel of Fortune
 CVE-2025-0614 (Input validation vulnerability in Qualifio's Wheel of Fortune. 
This vu ...)
-       TODO: check
+       NOT-FOR-US: Qualifio's Wheel of Fortune
 CVE-2025-0450 (The Betheme plugin for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-0377 (HashiCorp\u2019s go-slug library is vulnerable to a zip-slip 
style att ...)
        TODO: check
 CVE-2025-0371 (The JetElements plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6466 (NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows 
an att ...)
-       TODO: check
+       NOT-FOR-US: NEC Corporation's WebSAM DeploymentManager
 CVE-2024-57036 (TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a 
command  ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-56998 (PHPGurukul Hospital Management System 4.0 is vulnerable to 
Cross Site  ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2024-56997 (PHPGurukul Hospital Management System 4.0 is vulnerable to 
Cross Site  ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2024-56990 (PHPGurukul Hospital Management System 4.0 is vulnerable to 
Cross Site  ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2024-56277 (Improper Encoding or Escaping of Output vulnerability in Poll 
Maker Te ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-55504 (An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 
allows loc ...)
        TODO: check
 CVE-2024-54795 (SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting 
(XSS) vul ...)
-       TODO: check
+       NOT-FOR-US: SpagoBI
 CVE-2024-54794 (The script input feature of SpagoBI 3.5.1 allows arbitrary 
code execut ...)
-       TODO: check
+       NOT-FOR-US: SpagoBI
 CVE-2024-54792 (A Cross-Site Request Forgery (CSRF) vulnerability has been 
found in Sp ...)
-       TODO: check
+       NOT-FOR-US: SpagoBI
 CVE-2024-53829 (CodeChecker is an analyzer tooling, defect database and viewer 
extensi ...)
        TODO: check
 CVE-2024-52973 (An allocation of resources without limits or throttling in 
Kibana can  ...)
        TODO: check
 CVE-2024-51919 (Unrestricted Upload of File with Dangerous Type vulnerability 
in NotFo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-51888 (Incorrect Privilege Assignment vulnerability in NotFound Homey 
Login R ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-51818 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-51417 (An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 
allows rem ...)
        TODO: check
 CVE-2024-49700 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-49699 (Deserialization of Untrusted Data vulnerability in NotFound 
ARPrice al ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-49688 (Deserialization of Untrusted Data vulnerability in NotFound 
ARPrice al ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-49666 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-49655 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-49333 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-49303 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-49300 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-45687 (Improper Neutralization of CRLF Sequences in HTTP Headers 
('HTTP Reque ...)
-       TODO: check
+       NOT-FOR-US: Payara
 CVE-2024-45091 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 
7.1.2.10, ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-43709 (An allocation of resources without limits or throttling in 
Elasticsear ...)
        TODO: check
 CVE-2024-42936 (The mqlink.elf is service component in Ruijie RG-EW300N with 
firmware  ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2024-37284 (Improper handling of alternate encoding occurs when Elastic 
Defend on  ...)
        TODO: check
 CVE-2024-32555 (Incorrect Privilege Assignment vulnerability in NotFound Easy 
Real Est ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13536 (The 1003 Mortgage Application plugin for WordPress is 
vulnerable to Fu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13454 (Weak encryption algorithm in Easy-RSA version 3.0.5 through 
3.1.7 allo ...)
        TODO: check
 CVE-2024-13444 (The wp-greet plugin for WordPress is vulnerable to Cross-Site 
Request  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13404 (The Link Library plugin for WordPress is vulnerable to 
Reflected Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13230 (The Social Share, Social Login and Social Comments Plugin 
\u2013 Super ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12104 (The Visual Website Collaboration, Feedback & Project 
Management \u2013 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12005 (The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site 
Request ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11226 (The FireCask Like & Share Button plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10936 (The String locator plugin for WordPress is vulnerable to PHP 
Object In ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-45908 (Homarr before v0.14.0 was discovered to contain a stored 
cross-site sc ...)
-       TODO: check
+       NOT-FOR-US: Homarr
 CVE-2024-45479
        NOT-FOR-US: Apache Ranger
 CVE-2024-45478



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac300bf49e0b05a382785284c21358d2b31da49

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac300bf49e0b05a382785284c21358d2b31da49
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to