[Git][security-tracker-team/security-tracker][master] Process several CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79690d6c by Salvatore Bonaccorso at 2025-02-11T09:23:04+01:00
Process several CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-25243 (SAP Supplier Relationship Management (Master Data Management Catalog)  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-25241 (Due to a missing authorization check, an attacker who is logged in to  ...)
 	TODO: check
 CVE-2025-25194 (Lemmy, a link aggregator and forum for the fediverse, is vulnerable to ...)
@@ -13,25 +13,25 @@ CVE-2025-25189 (The ZOO-Project is an open source processing platform. A reflect
 CVE-2025-24970 (Netty, an asynchronous, event-driven network application framework, ha ...)
 	TODO: check
 CVE-2025-24876 (The SAP Approuter Node.js package version v16.7.1 and before is vulner ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-24875 (SAP Commerce, by default, sets certain cookies with the SameSite attri ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-24874 (SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header t ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-24872 (The ABAP Build Framework in SAP ABAP Platform allows an authenticated  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-24870 (SAP GUI for Windows & RFC service credentials are incorrectly stored i ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-24869 (SAP NetWeaver Application Server Java allows an attacker to access an  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-24868 (The User Account and Authentication service (UAA) for SAP HANA extende ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-24867 (SAP BusinessObjects Platform (BI Launchpad) does not sufficiently hand ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-23193 (SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-23191 (Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-23190 (Due to missing authorization check, an authenticated attacker could ca ...)
 	TODO: check
 CVE-2025-23189 (Due to missing authorization check in an RFC enabled function module i ...)
@@ -103,9 +103,9 @@ CVE-2025-0181 (The WP Foodbakery plugin for WordPress is vulnerable to privilege
 CVE-2025-0180 (The WP Foodbakery plugin for WordPress is vulnerable to privilege esca ...)
 	TODO: check
 CVE-2025-0064 (Under specific conditions, the Central Management Console of the SAP B ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-0054 (SAP NetWeaver Application Server Java does not sufficiently handle use ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-9688
 	REJECTED
 CVE-2024-9625



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79690d6c579b8f1796f62c2a5eb6a874219b28ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79690d6c579b8f1796f62c2a5eb6a874219b28ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250211/2ea9d486/attachment-0001.htm>