[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 15 Apr 2025 14:13:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a1997dbb by Salvatore Bonaccorso at 2025-04-15T23:12:15+02:00
Process some NFUs

Note the TOTOLINK CVEs did not got catched by the auto-nfu matching.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -76,7 +76,7 @@ CVE-2025-2567 (An attacker could modify or disable settings, 
disrupt fuel monito
 CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is 
vulnerable t ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-29817 (Uncontrolled search path element in Power Automate allows an 
authorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-29705 (code-gen <=2.0.6 is vulnerable to Incorrect Access Control. 
The projec ...)
        NOT-FOR-US: code-gen
 CVE-2025-29281 (In PerfreeBlog version 4.0.11, regular users can exploit the 
arbitrary ...)
@@ -98,15 +98,15 @@ CVE-2025-28143 (Edimax AC1200 Wave 2 Dual-Band Gigabit 
Router BR-6478AC V3_1.0.1
 CVE-2025-28142 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC 
V3_1.0.15 was  ...)
        NOT-FOR-US: Edimax
 CVE-2025-28137 (The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to 
contain a pre ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-28136 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a 
buffer o ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-28100 (A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a 
attacker  ...)
        NOT-FOR-US: dingfanzuCMS
 CVE-2025-27980 (cashbook v4.0.3 has an arbitrary file read vulnerability in 
/api/entry ...)
        NOT-FOR-US: cashbook
 CVE-2025-27791 (Collabora Online is a collaborative online office suite based 
on Libre ...)
-       TODO: check
+       NOT-FOR-US: Collabora Online
 CVE-2025-26992 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26990 (Server-Side Request Forgery (SSRF) vulnerability in WP Royal 
Royal Ele ...)
@@ -146,11 +146,11 @@ CVE-2025-24948 (In JotUrl 2.0, passwords are sent via 
HTTP GET-type requests, po
 CVE-2025-24358 (gorilla/csrf provides Cross Site Request Forgery (CSRF) 
prevention mid ...)
        TODO: check
 CVE-2025-22903 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to 
contain a sta ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-22900 (Totolink N600R v4.3.0cu.7647_B20210106 was discovered to 
contain a sta ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-1688 (Milestone Systems has discovered a security vulnerability in 
Milestone ...)
-       TODO: check
+       NOT-FOR-US: Milestone XProtect installer
 CVE-2025-1292 (Out-Of-Bounds Write in TPM2 Reference Library in Google 
ChromeOS 122.0 ...)
        NOT-FOR-US: ChromeOS
 CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google 
ChromeOS 122.0 ...)
@@ -166,11 +166,11 @@ CVE-2024-42193 (HCL BigFix Web Reports' service 
communicates over HTTPS but exhi
 CVE-2024-42189 (HCL BigFix Web Reports might be subject to a Denial of Service 
(DoS) a ...)
        NOT-FOR-US: HCL
 CVE-2024-36842 (An issue in Oncord+ Android Infotainment Systems OS Android 
12, Model  ...)
-       TODO: check
+       NOT-FOR-US: Oncord+ Android Infotainment Systems
 CVE-2024-13177 (Netskope Client on Mac OS is impacted by a vulnerability in 
which the  ...)
-       TODO: check
+       NOT-FOR-US: Netskope Client on Mac OS
 CVE-2024-11084 (Helix ALM prior to 2025.1 returns distinct error responses 
during auth ...)
-       TODO: check
+       NOT-FOR-US: Helix ALM
 CVE-2025-3523 (When an email contains multiple attachments with external links 
via th ...)
        - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3523
@@ -334271,7 +334271,7 @@ CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, 
processes SRIs using a regular
        NOTE: https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf
        NOTE: 
https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2 
(v8.0.1)
 CVE-2021-27289 (A replay attack vulnerability was discovered in a Zigbee smart 
home ki ...)
-       TODO: check
+       NOT-FOR-US: Zigbee
 CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows 
remote attack ...)
        NOT-FOR-US: X2Engine X2CRM
 CVE-2021-27287
@@ -386683,7 +386683,7 @@ CVE-2020-18245
 CVE-2020-18244
        RESERVED
 CVE-2020-18243 (SQL injection vulnerability found in Enricozab CMS v.1.0 
allows a remo ...)
-       TODO: check
+       NOT-FOR-US: Enricozab CMS
 CVE-2020-18242
        RESERVED
 CVE-2020-18241



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1997dbbde8556b3fb11532f7a8702d5a4a81432

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1997dbbde8556b3fb11532f7a8702d5a4a81432
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to