[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 13 09:13:23 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2e99ec07 by security tracker role at 2025-05-13T08:13:16+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2025-4632 (Improper limitation of a pathname to a restricted directory vulnerabil ...)
TODO: check
CVE-2025-4474 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4473 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4396 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4339 (The TheGem theme for WordPress is vulnerable to unauthorized modificat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4317 (The TheGem theme for WordPress is vulnerable to arbitrary file uploads ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47864
REJECTED
CVE-2025-47863
@@ -27,179 +27,179 @@ CVE-2025-47858
CVE-2025-46825 (Kanboard is project management software that focuses on the Kanban met ...)
TODO: check
CVE-2025-43011 (Under certain conditions, SAP Landscape Transformation's PCL Basis mod ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43010 (SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43009 (SAP Service Parts Management (SPM) does not perform necessary authoriz ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43008 (Due to missing authorization check, an unauthorized user can view the ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43007 (SAP Service Parts Management (SPM) does not perform necessary authoriz ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43006 (SAP Supplier Relationship Management (Master Data Management Catalogue ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43005 (SAP GUI for Windows allows an unauthenticated attacker to exploit inse ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43004 (Due to a security misconfiguration vulnerability, customers can develo ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43003 (SAP S/4 HANA allows an authenticated attacker with user privileges to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43002 (SAP S4CORE OData meta-data property allows an authenticated attacker t ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-43000 (Under certain conditions Promotion Management Wizard (PMW) allows an a ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42999 (SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a p ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42997 (Under certain conditions, SAP Gateway Client allows a high-privileged ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-3659 (Improper authentication handling was identified in a set of HTTP POST ...)
TODO: check
CVE-2025-3107 (The Newsletters plugin for WordPress is vulnerable to time-based SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-35471 (conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsof ...)
TODO: check
CVE-2025-31329 (SAP NetWeaver is vulnerable to an Information Disclosure vulnerability ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-31260 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31259 (The issue was addressed with improved input sanitization. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31258 (This issue was addressed by removing the vulnerable code. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31257 (This issue was addressed with improved memory handling. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31256 (The issue was addressed with improved handling of caches. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31253 (This issue was addressed through improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31251 (The issue was addressed with improved input sanitization. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31250 (An information disclosure issue was addressed with improved privacy co ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31249 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31247 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31246 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31245 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31244 (A file quarantine bypass was addressed with additional checks. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31242 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31241 (A double free issue was addressed with improved memory management. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31240 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31239 (A use-after-free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31238 (The issue was addressed with improved checks. This issue is fixed in w ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31237 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31236 (An information disclosure issue was addressed with improved privacy co ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31235 (A double free issue was addressed with improved memory management. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31234 (The issue was addressed with improved input sanitization. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31233 (The issue was addressed with improved input sanitization. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31232 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31228 (The issue was addressed with improved authentication. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31227 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31226 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31225 (A privacy issue was addressed by removing sensitive data. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31224 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31223 (The issue was addressed with improved checks. This issue is fixed in w ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31222 (A correctness issue was addressed with improved checks. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31221 (An integer overflow was addressed with improved input validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31220 (A privacy issue was addressed by removing sensitive data. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31219 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31218 (This issue was addressed by removing the vulnerable code. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31217 (The issue was addressed with improved input validation. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31215 (The issue was addressed with improved checks. This issue is fixed in w ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31214 (This issue was addressed through improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31213 (A logging issue was addressed with improved data redaction. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31212 (This issue was addressed through improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31210 (The issue was addressed with improved UI. This issue is fixed in iPadO ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31209 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31208 (The issue was addressed with improved checks. This issue is fixed in w ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31207 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31206 (A type confusion issue was addressed with improved state handling. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31205 (The issue was addressed with improved checks. This issue is fixed in w ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31204 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31196 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31195 (The issue was addressed by adding additional logic. This issue is fixe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30453 (The issue was addressed with additional permissions checks. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30448 (This issue was addressed with additional entitlement checks. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30442 (The issue was addressed with improved input sanitization. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30440 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30436 (This issue was addressed by restricting options offered on a locked de ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30018 (The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-30012 (The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-30011 (The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-30010 (The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-30009 (he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26662 (The Data Services Management Console does not sufficiently encode user ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-24274 (An input validation issue was addressed by removing the vulnerable cod ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24258 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24225 (An injection issue was addressed with improved input validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24223 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24222 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24220 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24155 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24144 (An information disclosure issue was addressed by removing the vulnerab ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24142 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24111 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-22249 (VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) ...)
TODO: check
CVE-2025-22246 (Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e99ec078fc6c1c327775807846bd1e9f71f5987
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e99ec078fc6c1c327775807846bd1e9f71f5987
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250513/fbce2b1a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list