[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add Oracle
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Apr 16 12:25:25 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb9acb8a by Moritz Muehlenhoff at 2025-04-16T13:18:21+02:00
auto-nfu: Add Oracle
- - - - -
2e3cd9d7 by Moritz Muehlenhoff at 2025-04-16T13:25:07+02:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,21 +3,21 @@ CVE-2025-3698 (Interface exposure vulnerability in the mobile application (com.t
CVE-2025-3676 (A vulnerability classified as critical has been found in xxyopen Novel ...)
TODO: check
CVE-2025-3675 (A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-3674 (A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-3668 (A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-3667 (A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-3666 (A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-3665 (A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B2020051 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-3664 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-3663 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-3495 (Delta Electronics COMMGR v1 and v2uses insufficiently randomized value ...)
TODO: check
CVE-2025-3247 (The Contact Form 7 plugin for WordPress is vulnerable to Order Replay ...)
@@ -71,67 +71,67 @@ CVE-2025-30967 (Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJo
CVE-2025-30966 (Path Traversal vulnerability in NotFound WPJobBoard allows Path Traver ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30740 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30737 (Vulnerability in the Oracle Smart View for Office product of Oracle Hy ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30736 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30735 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30733 (Vulnerability in the RDBMS Listener component of Oracle Database Serve ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30732 (Vulnerability in the Oracle Application Object Library product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30731 (Vulnerability in the Oracle Applications Technology Stack product of O ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30730 (Vulnerability in the Oracle Application Object Library product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30729 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30728 (Vulnerability in the Oracle Configurator product of Oracle E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30727 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30726 (Vulnerability in the Oracle Application Object Library product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30725 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
TODO: check
CVE-2025-30724 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30723 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30722 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30721 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30720 (Vulnerability in the Oracle Configurator product of Oracle E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30719 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
TODO: check
CVE-2025-30718 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30717 (Vulnerability in the Oracle Teleservice product of Oracle E-Business S ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30716 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30715 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30714 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
TODO: check
CVE-2025-30713 (Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Mana ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30712 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
TODO: check
CVE-2025-30711 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30710 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30709 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30708 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30707 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30706 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
TODO: check
CVE-2025-30705 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -141,23 +141,23 @@ CVE-2025-30704 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-30703 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30702 (Vulnerability in the Fleet Patching and amp; Provisioning component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30701 (Vulnerability in the RAS Security component of Oracle Database Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30700 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30699 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30698 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
TODO: check
CVE-2025-30697 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30696 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30695 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30694 (Vulnerability in the XML Database component of Oracle Database Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30693 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30692 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...)
@@ -165,7 +165,7 @@ CVE-2025-30692 (Vulnerability in the Oracle iSupplier Portal product of Oracle E
CVE-2025-30691 (Vulnerability in Oracle Java SE (component: Compiler). Supported vers ...)
TODO: check
CVE-2025-30690 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30689 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30688 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -173,7 +173,7 @@ CVE-2025-30688 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-30687 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30686 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-30685 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-30684 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -261,7 +261,7 @@ CVE-2025-26880 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-26870 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26857 (Unauthenticated attackers can rename arbitrary devices of arbitrary us ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-26749 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26748 (Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe all ...)
@@ -281,13 +281,13 @@ CVE-2025-25276 (An unauthenticated attacker can hijack other users' devices and
CVE-2025-24850 (An attacker can export other users' plant information.)
TODO: check
CVE-2025-24839 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-24487 (An unauthenticated attacker can infer the existence of usernames in th ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-24315 (Unauthenticated attackers can add devices of other users to their scen ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-24297 (Due to lack of server-side input validation, attackers can inject mali ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-22911 (RE11S v1.11 was discovered to contain a stack overflow via the rootAPm ...)
TODO: check
CVE-2025-22269 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -301,7 +301,7 @@ CVE-2025-21588 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-21587 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
TODO: check
CVE-2025-21586 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-21585 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-21584 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -343,7 +343,7 @@ CVE-2025-1273 (A maliciously crafted PDF file, when linked or imported into Auto
CVE-2025-0101 (A low privileged user can set the date of the devices to the 19th of J ...)
TODO: check
CVE-2024-49200 (An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde I ...)
- TODO: check
+ NOT-FOR-US: InsydeH2O
CVE-2024-44843 (An issue in the web socket handshake process of SteVe v3.7.1 allows at ...)
TODO: check
CVE-2024-13452 (The Contact Form by Supsystic plugin for WordPress is vulnerable to Cr ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -167,6 +167,29 @@
- cna: hp
- not:
product: HP Linux Imaging and Printing Software
+- reason: Oracle
+ allOf:
+ - cna: oracle
+ - anyOf:
+ - product: JD Edwards EnterpriseOne Tools
+ - product: Oracle Application Object Library
+ - product: Oracle Applications Framework
+ - product: Oracle Applications Technology Stack
+ - product: Oracle BI Publisher
+ - product: Oracle Common Applications
+ - product: Oracle Communications Order and Service Management
+ - product: Oracle Configurator
+ - product: Oracle Database Server
+ - product: Oracle Hospitality Simphony
+ - product: Oracle Scripting
+ - product: Oracle Smart View for Office
+ - product: Oracle Solaris
+ - product: Oracle Teleservice
+ - product: Oracle User Management
+ - product: Oracle iStore
+ - product: PeopleSoft Enterprise CC Common Application Objects
+ - product: PeopleSoft Enterprise HCM Talent Acquisition Manager
+ - product: PeopleSoft Enterprise PeopleTools
- reason: WordPress plugin or theme
allOf:
- cna: Patchstack
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/15460680ca512c22529cbf9520a5388678e71664...2e3cd9d7dd9b9c4b35ec418acea87dfdec5efa83
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/15460680ca512c22529cbf9520a5388678e71664...2e3cd9d7dd9b9c4b35ec418acea87dfdec5efa83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250416/eaab229b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list