[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 23 06:51:31 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
634cabe6 by Salvatore Bonaccorso at 2025-04-23T07:51:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,11 +67,11 @@ CVE-2025-43947 (Codemers KLIMS 1.6.DEV lacks a proper access control mechanism,
 CVE-2025-43946 (TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted Fi ...)
 	NOT-FOR-US: TCPWave DDI
 CVE-2025-3767 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Centreon BAM (Boolean KPi Listing modules)
 CVE-2025-3519 (An authorization bypassinUnblu Spark allows aparticipant of a conversa ...)
-	TODO: check
+	NOT-FOR-US: Unblu
 CVE-2025-3518 (It technically possible for a user to upload a file to a conversation  ...)
-	TODO: check
+	NOT-FOR-US: Unblu
 CVE-2025-3472 (The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3458 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
@@ -83,19 +83,19 @@ CVE-2025-34028 (A path traversal vulnerability in Commvault Command Center Innov
 CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Pr ...)
 	TODO: check
 CVE-2025-32963 (MinIO Operator STS is a native IAM Authentication for Kubernetes. Prio ...)
-	TODO: check
+	NOT-FOR-US: MinIO Operator
 CVE-2025-32961 (The Cuba JPA web API enables loading and saving any entities defined i ...)
-	TODO: check
+	NOT-FOR-US: Cuba JPA web API
 CVE-2025-32960 (The CUBA REST API add-on performs operations on data and entities. Pri ...)
-	TODO: check
+	NOT-FOR-US: CUBA REST API
 CVE-2025-32959 (CUBA Platform is a high level framework for enterprise applications de ...)
-	TODO: check
+	NOT-FOR-US: CUBA Platform
 CVE-2025-32952 (Jmix is a set of libraries and tools to speed up Spring Boot data-cent ...)
-	TODO: check
+	NOT-FOR-US: Jmix
 CVE-2025-32951 (Jmix is a set of libraries and tools to speed up Spring Boot data-cent ...)
-	TODO: check
+	NOT-FOR-US: Jmix
 CVE-2025-32950 (Jmix is a set of libraries and tools to speed up Spring Boot data-cent ...)
-	TODO: check
+	NOT-FOR-US: Jmix
 CVE-2025-32788 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
 	TODO: check
 CVE-2025-31328 (SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSR ...)
@@ -107,9 +107,9 @@ CVE-2025-2092 (Insertion of Sensitive Information into Log File in Checkmk GmbH'
 CVE-2025-29743 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in ...)
 	NOT-FOR-US: D-Link
 CVE-2025-29621 (Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a conten ...)
-	TODO: check
+	NOT-FOR-US: RosarioSIS
 CVE-2025-29547 (In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allo ...)
-	TODO: check
+	NOT-FOR-US: Rollback Rx Professional
 CVE-2025-29339 (An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assert ...)
 	TODO: check
 CVE-2025-28039 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-au ...)
@@ -143,41 +143,41 @@ CVE-2025-28024 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a bu
 CVE-2025-27907 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-s ...)
 	NOT-FOR-US: IBM
 CVE-2025-26159 (Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in ...)
-	TODO: check
+	NOT-FOR-US: Laravel Starter
 CVE-2025-23253 (NVIDIA NvContainer service for Windows contains a vulnerability in its ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23251 (NVIDIA NeMo Framework contains a vulnerability where a user could caus ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23250 (NVIDIA NeMo Framework contains a vulnerability where an attacker could ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23249 (NVIDIA NeMo Framework contains a vulnerability where a user could caus ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23176 (CWE-89: Improper Neutralization of Special Elements used in an SQL Com ...)
-	TODO: check
+	NOT-FOR-US: Tecnick
 CVE-2025-23175 (Multiple XSS (CWE-79))
-	TODO: check
+	NOT-FOR-US: Tecnick
 CVE-2025-1951 (IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3 ...)
 	NOT-FOR-US: IBM
 CVE-2025-1950 (IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3 ...)
 	NOT-FOR-US: IBM
 CVE-2024-53569 (A stored cross-site scripting (XSS) vulnerability in the New Goal Crea ...)
-	TODO: check
+	NOT-FOR-US: Volmarg Personal Management System
 CVE-2024-53568 (A stored cross-site scripting (XSS) vulnerability in the Image Upload  ...)
-	TODO: check
+	NOT-FOR-US: Volmarg Personal Management System
 CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a sta ...)
-	TODO: check
+	NOT-FOR-US: NEXTU FLETA AX1500 WIFI6 Router
 CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a r ...)
 	TODO: check
 CVE-2024-11299 (The Memberpress plugin for WordPress is vulnerable to Sensitive Inform ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-44755 (Sacco Management system v1.0 was discovered to contain a SQL injection ...)
-	TODO: check
+	NOT-FOR-US: Sacco Management system
 CVE-2023-44753 (A stored cross-site scripting (XSS) vulnerability fin Student Manageme ...)
-	TODO: check
+	NOT-FOR-US: Student Management System
 CVE-2023-44752 (An issue in Student Study Center Desk Management System v1.0 allows at ...)
-	TODO: check
+	NOT-FOR-US: Student Study Center Desk Management System
 CVE-2023-43958 (An arbitrary file upload vulnerability in the component /jquery-file-u ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-43378 (A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows ...)
 	TODO: check
 CVE-2025-3856 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been cla ...)
@@ -207,7 +207,7 @@ CVE-2025-3616 (The Greenshift \u2013 animation and page builder blocks plugin fo
 CVE-2025-3577 (**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the we ...)
 	NOT-FOR-US: Zyxel
 CVE-2025-32958 (Adept is a language for general purpose programming. Prior to commit a ...)
-	TODO: check
+	NOT-FOR-US: Adept
 CVE-2025-32956 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Ve ...)
 	TODO: check
 CVE-2025-32955 (Harden-Runner is a CI/CD security agent that works like an EDR for Git ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634cabe68df9933fca5cf600dfdd1468929803c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634cabe68df9933fca5cf600dfdd1468929803c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250423/55ac32b0/attachment.htm>

More information about the debian-security-tracker-commits mailing list