[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu, 30 Jan 2025 05:42:49 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f00fa3d8 by Salvatore Bonaccorso at 2025-01-30T14:38:54+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation 
requests to th ...)
-       TODO: check
+       NOT-FOR-US: kube-audit-rest
 CVE-2025-24795 (The Snowflake Connector for Python provides an interface for 
developin ...)
        NOT-FOR-US: Snowflake Connector for Python
 CVE-2025-24794 (The Snowflake Connector for Python provides an interface for 
developin ...)
@@ -11,11 +11,11 @@ CVE-2025-24788 (snowflake-connector-net is the Snowflake 
Connector for .NET. Sno
 CVE-2025-23374 (Dell Networking Switches running Enterprise SONiC OS, 
version(s) prior ...)
        NOT-FOR-US: Dell
 CVE-2025-21415 (Authentication bypass by spoofing in Azure AI Face Service 
allows an a ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21396 (Missing authorization in Microsoft Account allows an 
unauthorized atta ...)
        NOT-FOR-US: Microsoft
 CVE-2025-0851 (A path traversal issue in ZipUtils.unzip and TarUtils.untar in 
Deep Ja ...)
-       TODO: check
+       NOT-FOR-US: Deep Java Library (DJL)
 CVE-2025-0849 (A vulnerability classified as critical has been found in 
CampCodes Sch ...)
        NOT-FOR-US: CampCodes School Management Software
 CVE-2025-0848 (A vulnerability was found in Tenda A18 up to 15.13.07.09. It 
has been  ...)
@@ -33,11 +33,11 @@ CVE-2025-0842 (A vulnerability was found in needyamin 
Library Card System 1.0 an
 CVE-2025-0841 (A vulnerability has been found in Aridius XYZ up to 20240927 on 
OpenCa ...)
        NOT-FOR-US: Aridius XYZ
 CVE-2025-0662 (In some cases, the ktrace facility will log the contents of 
kernel str ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2025-0374 (When etcupdate encounters conflicts while merging files, it 
saves a ve ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2025-0373 (On 64-bit systems, the implementation of VOP_VPTOFH() in the 
cd9660, t ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2024-57665 (JFinalCMS 1.0 is vulnerable to SQL Injection in 
rc/main/java/com/cms/e ...)
        NOT-FOR-US: JFinalCMS
 CVE-2024-57513 (A floating-point exception (FPE) vulnerability exists in the 
AP4_TfraA ...)
@@ -49,35 +49,35 @@ CVE-2024-57509 (Buffer Overflow vulnerability in Bento4 
mp42avc v.3bdc891602d197
 CVE-2024-57395 (Password Vulnerability in Safety production process management 
system  ...)
        NOT-FOR-US: Password Vulnerability in Safety production process 
management system
 CVE-2024-54852 (When LDAP connection is activated in Teedy versions between 
1.9 to 1.1 ...)
-       TODO: check
+       NOT-FOR-US: Teedy
 CVE-2024-54851 (Teedy <= 1.12 is vulnerable to Cross Site Request Forgery 
(CSRF), due  ...)
-       TODO: check
+       NOT-FOR-US: Teedy
 CVE-2024-51182 (HTML Injection vulnerability in Celk Sistemas Celk Saude 
v.3.1.252.1 a ...)
        NOT-FOR-US: Celk Sistemas Celk Saude
 CVE-2024-48761 (The specific component in Celk Saude 3.1.252.1 that processes 
user inp ...)
        NOT-FOR-US: Celk Saude
 CVE-2024-23733 (The /WmAdmin/,/invoke/vm.server/login login page in the 
Integration Se ...)
-       TODO: check
+       NOT-FOR-US: Software AG webMethods
 CVE-2024-13642 (The Stratum \u2013 Elementor Widgets plugin for WordPress is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13470 (The Ninja Forms \u2013 The Contact Form Builder That Grows 
With You pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13457 (The Event Tickets and Registration plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12921 (The EthereumICO plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12709 (The Bulk Me Now! WordPress plugin through 2.0 does not have 
CSRF check ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12708 (The Bulk Me Now! WordPress plugin through 2.0 does not 
validate and es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12638 (The Bulk Me Now! WordPress plugin through 2.0 does not 
sanitise and es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12400 (The tourmaster WordPress plugin before 5.3.5 does not escape 
generated ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12163 (The goodlayers-core WordPress plugin before 2.1.3 allows users 
with a  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10309 (The Tracking Code Manager WordPress plugin before 2.4.0 does 
not sanit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-24528 [Prevent overflow when calculating ulog block size]
        - krb5 <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
@@ -126,9 +126,9 @@ CVE-2024-57437 (RuoYi v4.8.0 was discovered to contain a 
SQL injection vulnerabi
 CVE-2024-57436 (RuoYi v4.8.0 was discovered to allow unauthorized attackers to 
view th ...)
        NOT-FOR-US: RuoYi
 CVE-2024-54462 (The file names constructed within image_picker are missing 
sanitizatio ...)
-       TODO: check
+       NOT-FOR-US: flutter/image_picker_android
 CVE-2024-54461 (The file names constructed within file_selector are missing 
sanitizati ...)
-       TODO: check
+       NOT-FOR-US: flutter/file_selector_android
 CVE-2024-48852 (Insertion of Sensitive Information into Log File vulnerability 
observe ...)
        NOT-FOR-US: FLEXON
 CVE-2024-48849 (Missing Origin Validation in WebSockets vulnerability 
inFLXEON. Sessio ...)
@@ -138,7 +138,7 @@ CVE-2024-41140 (Zohocorp ManageEngine Applications Manager 
versions174000 and pr
 CVE-2024-13561 (The Target Video Easy Publish plugin for WordPress is 
vulnerable to St ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-10001 (A Code Injection vulnerability was identified in GitHub 
Enterprise Ser ...)
-       TODO: check
+       NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-37413 (IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose 
sensitive userna ...)
        NOT-FOR-US: IBM
 CVE-2023-37412 (IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a 
privileged user t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00fa3d83fbc4f01902ec83082d81e9c70a125f3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00fa3d83fbc4f01902ec83082d81e9c70a125f3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to