[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Mar 11 08:41:03 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad164932 by Moritz Muehlenhoff at 2025-03-11T09:40:45+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-2174 (A vulnerability was found in libzvbi up to 0.2.43. It has been de
CVE-2025-2173 (A vulnerability was found in libzvbi up to 0.2.43. It has been classif ...)
TODO: check
CVE-2025-2169 (The The WPCS \u2013 WordPress Currency Switcher Professional plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2137 (Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allow ...)
TODO: check
CVE-2025-2136 (Use after free in Inspector in Google Chrome prior to 134.0.6998.88 al ...)
@@ -33,71 +33,71 @@ CVE-2025-27910 (tianti v2.3 was discovered to contain a Cross-Site Request Forge
CVE-2025-27610 (Rack provides an interface for developing web applications in Ruby. Pr ...)
TODO: check
CVE-2025-27436 (The Manage Bank Statements in SAP S/4HANA does not perform required ac ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27434 (Due to insufficient input validation, SAP Commerce (Swagger UI) allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27433 (The Manage Bank Statements in SAP S/4HANA allows authenticated attacke ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27432 (The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for B ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27431 (User management functionality in SAP NetWeaver Application Server Java ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27430 (Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26707 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26706 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26705 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26704 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26703 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26702 (Improper Input Validation vulnerability in ZTE GoldenDB allows Input D ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26661 (Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26660 (SAP Fiori applications using the posting library fail to properly conf ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26659 (SAP NetWeaver Application Server ABAP does not sufficiently encode use ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26658 (The Service Layer in SAP Business One, allows attackers to potentially ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26656 (OData Service in Manage Purchasing Info Records does not perform neces ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26655 (SAP Just In Time(JIT) does not perform necessary authorization checks ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-25908 (A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allow ...)
TODO: check
CVE-2025-25907 (tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
TODO: check
CVE-2025-25245 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-25244 (SAP Business Warehouse (Process Chains) allows an attacker to manipula ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-25242 (SAP NetWeaver Application Server ABAP allows malicious scripts to be e ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-23194 (SAP NetWeaver Enterprise Portal OBN does not perform proper authentica ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-23188 (An authenticated user with low privileges can exploit a missing author ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-23185 (Due to improper error handling in SAP Business Objects Business Intell ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-1920 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a ...)
TODO: check
CVE-2025-1661 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1434 (The Spreadsheet view is vulnerable to a XSS attack, where a remote una ...)
TODO: check
CVE-2025-0660 (Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS ...)
TODO: check
CVE-2025-0629 (The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0071 (SAP Web Dispatcher and Internet Communication Manager allow an attacke ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-0062 (SAP BusinessObjects Business Intelligence Platform allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-58102 (An issue was discovered in Datalust Seq before 2024.3.13545. An insecu ...)
TODO: check
CVE-2024-56192 (In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of b ...)
@@ -105,31 +105,31 @@ CVE-2024-56192 (In wl_notify_gscan_event of wl_cfgscan.c, there is a possible ou
CVE-2024-56191 (In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP ...)
TODO: check
CVE-2024-49823 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-41760 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could all ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22340 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-13864 (The Countdown Timer WordPress plugin through 1.0 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13862 (The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionalit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13853 (The SEO Tools WordPress plugin through 4.0.7 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13836 (The WP Login Control WordPress plugin through 2.0.0 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13615 (The Social Share Buttons, Social Sharing Icons, Click to Tweet \u2014 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13580 (The XV Random Quotes WordPress plugin through 1.40 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13574 (The XV Random Quotes WordPress plugin through 1.40 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13436 (The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13413 (The ProductDyno plugin for WordPress is vulnerable to Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13228 (The Qubely \u2013 Advanced Gutenberg Blocks plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12010 (A post-authentication command injection vulnerability in the \u201dzyU ...)
TODO: check
CVE-2024-12009 (A post-authentication command injection vulnerability in the "ZyEE" fu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad164932b3682a7a013378ce19698c70515cab3f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad164932b3682a7a013378ce19698c70515cab3f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/b5657f51/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list