[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 22 21:13:00 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a715e49 by security tracker role at 2025-04-22T20:12:53+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-46254 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46253 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46252 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46251 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46250 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46249 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple cale ...)
@@ -23,7 +23,7 @@ CVE-2025-46243 (Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21
CVE-2025-46242 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-46241 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46240 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46239 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -51,7 +51,7 @@ CVE-2025-46227 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-46226 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46225 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-43952 (A cross-site scripting (reflected XSS) vulnerability was found in Mett ...)
TODO: check
CVE-2025-43951 (LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authent ...)
@@ -73,11 +73,11 @@ CVE-2025-3519 (An authorization bypassinUnblu Spark allows aparticipant of a con
CVE-2025-3518 (It technically possible for a user to upload a file to a conversation ...)
TODO: check
CVE-2025-3472 (The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3458 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3457 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-34028 (A path traversal vulnerability in Commvault Command Center Innovation ...)
TODO: check
CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Pr ...)
@@ -99,13 +99,13 @@ CVE-2025-32950 (Jmix is a set of libraries and tools to speed up Spring Boot dat
CVE-2025-32788 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
TODO: check
CVE-2025-31328 (SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSR ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-31327 (SAP Field Logistics Manage Logistics application OData meta-data prope ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-2092 (Insertion of Sensitive Information into Log File in Checkmk GmbH's Che ...)
TODO: check
CVE-2025-29743 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-29621 (Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a conten ...)
TODO: check
CVE-2025-29547 (In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allo ...)
@@ -141,7 +141,7 @@ CVE-2025-28026 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20
CVE-2025-28024 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
TODO: check
CVE-2025-27907 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-26159 (Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in ...)
TODO: check
CVE-2025-23253 (NVIDIA NvContainer service for Windows contains a vulnerability in its ...)
@@ -157,9 +157,9 @@ CVE-2025-23176 (CWE-89: Improper Neutralization of Special Elements used in an S
CVE-2025-23175 (Multiple XSS (CWE-79))
TODO: check
CVE-2025-1951 (IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-1950 (IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-53569 (A stored cross-site scripting (XSS) vulnerability in the New Goal Crea ...)
TODO: check
CVE-2024-53568 (A stored cross-site scripting (XSS) vulnerability in the Image Upload ...)
@@ -169,7 +169,7 @@ CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain
CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a r ...)
TODO: check
CVE-2024-11299 (The Memberpress plugin for WordPress is vulnerable to Sensitive Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44755 (Sacco Management system v1.0 was discovered to contain a SQL injection ...)
TODO: check
CVE-2023-44753 (A stored cross-site scripting (XSS) vulnerability fin Student Manageme ...)
@@ -219,13 +219,13 @@ CVE-2025-2839 (The WP Import Export Lite plugin for WordPress is vulnerable to S
CVE-2025-2594 (The User Registration & Membership WordPress plugin before 4.1.3 does ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2300 (Hitachi Ops Center Common Services within Hitachi Ops Center OVA conta ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2025-1732 (An improper privilege management vulnerability in the recovery functio ...)
NOT-FOR-US: Zyxel
CVE-2025-1731 (An incorrect permission assignment vulnerability in the PostgreSQL com ...)
NOT-FOR-US: Zyxel
CVE-2024-46899 (Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-13569 (The Front End Users WordPress plugin through 3.2.32 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2024-58250 (The passprompt plugin in pppd in ppp before 2.5.2 mishandles privilege ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a715e4927d013d2a63a483edf8a120e1280638a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a715e4927d013d2a63a483edf8a120e1280638a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250422/fe77b359/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list