[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 22 21:50:24 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5970282b by Salvatore Bonaccorso at 2025-04-22T22:50:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,65 +7,65 @@ CVE-2025-46252 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-46251 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaur ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46250 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46249 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple cale ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46247 (Missing Authorization vulnerability in codepeople Appointment Booking ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46246 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSoluti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46245 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSoluti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46244 (Missing Authorization vulnerability in Dotstore Advanced Linked Variat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46243 (Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recove ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46242 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46241 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointm ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46240 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46239 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46238 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46236 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46235 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46233 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46232 (Missing Authorization vulnerability in alttextai Download Alt Text AI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46231 (Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Sol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46229 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46227 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46226 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46225 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-43952 (A cross-site scripting (reflected XSS) vulnerability was found in Mett ...)
- TODO: check
+ NOT-FOR-US: Mettler Toledo FreeWeight.Net Web Reports Viewer
CVE-2025-43951 (LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authent ...)
- TODO: check
+ NOT-FOR-US: LabVantage
CVE-2025-43950 (DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by plac ...)
- TODO: check
+ NOT-FOR-US: DPMAdirektPro
CVE-2025-43949 (MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vuln ...)
- TODO: check
+ NOT-FOR-US: MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web)
CVE-2025-43948 (Codemers KLIMS 1.6.DEV allows Python code injection. A user can provid ...)
- TODO: check
+ NOT-FOR-US: Codemers KLIMS
CVE-2025-43947 (Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowi ...)
- TODO: check
+ NOT-FOR-US: Codemers KLIMS
CVE-2025-43946 (TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted Fi ...)
- TODO: check
+ NOT-FOR-US: TCPWave DDI
CVE-2025-3767 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-3519 (An authorization bypassinUnblu Spark allows aparticipant of a conversa ...)
@@ -79,7 +79,7 @@ CVE-2025-3458 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cros
CVE-2025-3457 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-34028 (A path traversal vulnerability in Commvault Command Center Innovation ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Pr ...)
TODO: check
CVE-2025-32963 (MinIO Operator STS is a native IAM Authentication for Kubernetes. Prio ...)
@@ -113,33 +113,33 @@ CVE-2025-29547 (In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sy
CVE-2025-29339 (An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assert ...)
TODO: check
CVE-2025-28039 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-au ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28038 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-au ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28037 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28036 (TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-aut ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28035 (TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28034 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28033 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28032 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28031 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a har ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28030 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28029 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28027 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28026 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28024 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-27907 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-s ...)
NOT-FOR-US: IBM
CVE-2025-26159 (Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5970282bc1fb1dc46973a40e4b0028998a95a5b1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5970282bc1fb1dc46973a40e4b0028998a95a5b1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250422/846cd993/attachment.htm>
More information about the debian-security-tracker-commits
mailing list