[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 14 20:20:53 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3355af4d by Salvatore Bonaccorso at 2025-02-14T21:20:31+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,47 +1,47 @@
CVE-2025-26524 (This vulnerability exists in RupeeWeb trading platform due to missing ...)
- TODO: check
+ NOT-FOR-US: RupeeWeb
CVE-2025-26523 (This vulnerability exists in RupeeWeb trading platform due to insuffic ...)
- TODO: check
+ NOT-FOR-US: RupeeWeb
CVE-2025-26522 (This vulnerability exists in RupeeWeb trading platform due to improper ...)
- TODO: check
+ NOT-FOR-US: RupeeWeb
CVE-2025-26508 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Manag ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-26507 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Manag ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-26506 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Manag ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-26158 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in th ...)
- TODO: check
+ NOT-FOR-US: Kashipara Online Attendance Management System
CVE-2025-26157 (A SQL Injection vulnerability was found in /bpms/index.php in Source C ...)
- TODO: check
+ NOT-FOR-US: Source Code and Project Beauty Parlour Management System
CVE-2025-26156 (A SQL Injection vulnerability was found in /shopping/track-orders.php ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Shopping Portal
CVE-2025-25997 (Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: FeMiner wms
CVE-2025-25994 (SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote att ...)
- TODO: check
+ NOT-FOR-US: FeMiner wms
CVE-2025-25993 (SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote att ...)
- TODO: check
+ NOT-FOR-US: FeMiner wms
CVE-2025-25992 (SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacke ...)
- TODO: check
+ NOT-FOR-US: FeMiner wms
CVE-2025-25991 (SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attack ...)
- TODO: check
+ NOT-FOR-US: hooskcms
CVE-2025-25990 (Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote ...)
- TODO: check
+ NOT-FOR-US: hooskcms
CVE-2025-25988 (Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: hooskcms
CVE-2025-25745 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25740 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25304 (Vega is a visualization grammar, a declarative format for creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2025-25297 (Label Studio is an open source data labeling tool. Prior to version 1. ...)
- TODO: check
+ NOT-FOR-US: Label Studio
CVE-2025-25296 (Label Studio is an open source data labeling tool. Prior to version 1. ...)
- TODO: check
+ NOT-FOR-US: Label Studio
CVE-2025-25295 (Label Studio is an open source data labeling tool. A path traversal vu ...)
- TODO: check
+ NOT-FOR-US: Label Studio
CVE-2025-25290 (@octokit/request sends parameterized requests to GitHub\u2019s APIs wi ...)
TODO: check
CVE-2025-25289 (@octokit/request-error is an error class for Octokit request errors. S ...)
@@ -51,145 +51,145 @@ CVE-2025-25288 (@octokit/plugin-paginate-rest is the Octokit plugin to paginate
CVE-2025-25285 (@octokit/endpoint turns REST API endpoints into generic request option ...)
TODO: check
CVE-2025-25206 (eLabFTW is an open source electronic lab notebook for research labs. P ...)
- TODO: check
+ NOT-FOR-US: eLabFTW
CVE-2025-25204 (`gh` is GitHub\u2019s official command line tool. Starting in version ...)
TODO: check
CVE-2025-24700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24699 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Code ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24692 (Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Men ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24688 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24641 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24617 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24616 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24615 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24607 (Missing Authorization vulnerability in Northern Beaches Websites IdeaP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24567 (Insertion of Sensitive Information Into Sent Data vulnerability in bra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24565 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23857 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23853 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23851 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23788 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23787 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23771 (Missing Authorization vulnerability in Murali Push Notification for Po ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23766 (Missing Authorization vulnerability in ashamil OPSI Israel Domestic Sh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23751 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23750 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23742 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23658 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23657 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23655 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23651 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23650 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23648 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23647 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23646 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23534 (Missing Authorization vulnerability in Mark Winiarski WPLingo allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23523 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23492 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23474 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22705 (Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22702 (Missing Authorization vulnerability in EPC Photography. This issue aff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22698 (Missing Authorization vulnerability in Ability, Inc Accessibility Suit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1239 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Fireware OS
CVE-2025-1071 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Fireware OS
CVE-2025-0867 (The standard user uses the run as function to start the MEAC applicati ...)
TODO: check
CVE-2025-0821 (Bit Assist plugin for WordPress is vulnerable to time-based SQL Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0503 (Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the d ...)
TODO: check
CVE-2025-0178 (Improper Input Validation vulnerability in WatchGuard Fireware OS allo ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Fireware OS
CVE-2024-8893 (Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co. ...)
- TODO: check
+ NOT-FOR-US: GoodWe Technologies
CVE-2024-57790 (IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovere ...)
- TODO: check
+ NOT-FOR-US: IXON
CVE-2024-57778 (An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a r ...)
TODO: check
CVE-2024-57725 (An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote o ...)
- TODO: check
+ NOT-FOR-US: Arcadyan Livebox Fibra
CVE-2024-56973 (Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified ...)
- TODO: check
+ NOT-FOR-US: Alvaria
CVE-2024-56477 (IBM Power Hardware Management Console V10.3.1050.0 could allow an auth ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-56463 (IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulner ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-56180 (CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raftpl ...)
TODO: check
CVE-2024-52895 (IBM i 7.4 and 7.5 is vulnerable to a database access denial of service ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3355af4d3a861d6fa9ae3448f68b7fa21e0b22aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3355af4d3a861d6fa9ae3448f68b7fa21e0b22aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250214/a9db16ba/attachment.htm>
More information about the debian-security-tracker-commits
mailing list