Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3355af4d by Salvatore Bonaccorso at 2025-02-14T21:20:31+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,47 +1,47 @@
CVE-2025-26524 (This vulnerability exists in RupeeWeb trading platform due to
missing ...)
- TODO: check
+ NOT-FOR-US: RupeeWeb
CVE-2025-26523 (This vulnerability exists in RupeeWeb trading platform due to
insuffic ...)
- TODO: check
+ NOT-FOR-US: RupeeWeb
CVE-2025-26522 (This vulnerability exists in RupeeWeb trading platform due to
improper ...)
- TODO: check
+ NOT-FOR-US: RupeeWeb
CVE-2025-26508 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP
LaserJet Manag ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-26507 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP
LaserJet Manag ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-26506 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP
LaserJet Manag ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-26158 (A Stored Cross-Site Scripting (XSS) vulnerability was
discovered in th ...)
- TODO: check
+ NOT-FOR-US: Kashipara Online Attendance Management System
CVE-2025-26157 (A SQL Injection vulnerability was found in /bpms/index.php in
Source C ...)
- TODO: check
+ NOT-FOR-US: Source Code and Project Beauty Parlour Management System
CVE-2025-26156 (A SQL Injection vulnerability was found in
/shopping/track-orders.php ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Shopping Portal
CVE-2025-25997 (Directory Traversal vulnerability in FeMiner wms v.1.0 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: FeMiner wms
CVE-2025-25994 (SQL Injection vulnerability in FeMiner wms wms 1.0 allows a
remote att ...)
- TODO: check
+ NOT-FOR-US: FeMiner wms
CVE-2025-25993 (SQL Injection vulnerability in FeMiner wms wms 1.0 allows a
remote att ...)
- TODO: check
+ NOT-FOR-US: FeMiner wms
CVE-2025-25992 (SQL Injection vulnerability in FeMiner wms 1.0 allows a remote
attacke ...)
- TODO: check
+ NOT-FOR-US: FeMiner wms
CVE-2025-25991 (SQL Injection vulnerability in hooskcms v.1.7.1 allows a
remote attack ...)
- TODO: check
+ NOT-FOR-US: hooskcms
CVE-2025-25990 (Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: hooskcms
CVE-2025-25988 (Cross Site Scripting vulnerability in hooskcms v.1.8 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: hooskcms
CVE-2025-25745 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25740 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25304 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2025-25297 (Label Studio is an open source data labeling tool. Prior to
version 1. ...)
- TODO: check
+ NOT-FOR-US: Label Studio
CVE-2025-25296 (Label Studio is an open source data labeling tool. Prior to
version 1. ...)
- TODO: check
+ NOT-FOR-US: Label Studio
CVE-2025-25295 (Label Studio is an open source data labeling tool. A path
traversal vu ...)
- TODO: check
+ NOT-FOR-US: Label Studio
CVE-2025-25290 (@octokit/request sends parameterized requests to GitHub\u2019s
APIs wi ...)
TODO: check
CVE-2025-25289 (@octokit/request-error is an error class for Octokit request
errors. S ...)
@@ -51,145 +51,145 @@ CVE-2025-25288 (@octokit/plugin-paginate-rest is the
Octokit plugin to paginate
CVE-2025-25285 (@octokit/endpoint turns REST API endpoints into generic
request option ...)
TODO: check
CVE-2025-25206 (eLabFTW is an open source electronic lab notebook for research
labs. P ...)
- TODO: check
+ NOT-FOR-US: eLabFTW
CVE-2025-25204 (`gh` is GitHub\u2019s official command line tool. Starting in
version ...)
TODO: check
CVE-2025-24700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24699 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company
WP Code ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24692 (Missing Authorization vulnerability in Michael Revellin-Clerc
Bulk Men ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24688 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24641 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24617 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24616 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24615 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24614 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24607 (Missing Authorization vulnerability in Northern Beaches
Websites IdeaP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24567 (Insertion of Sensitive Information Into Sent Data
vulnerability in bra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24565 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24564 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24558 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23905 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23857 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23853 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23851 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23790 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23789 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23788 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23787 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23786 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23771 (Missing Authorization vulnerability in Murali Push
Notification for Po ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23766 (Missing Authorization vulnerability in ashamil OPSI Israel
Domestic Sh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23751 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23750 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23748 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23742 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23658 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23657 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23655 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23653 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23652 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23651 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23650 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23648 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23647 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23646 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23571 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23568 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23534 (Missing Authorization vulnerability in Mark Winiarski WPLingo
allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23525 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23523 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23492 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23474 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23431 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23428 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22705 (Cross-Site Request Forgery (CSRF) vulnerability in godthor
Disqus Popu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22702 (Missing Authorization vulnerability in EPC Photography. This
issue aff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22698 (Missing Authorization vulnerability in Ability, Inc
Accessibility Suit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1239 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Fireware OS
CVE-2025-1071 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Fireware OS
CVE-2025-0867 (The standard user uses the run as function to start the MEAC
applicati ...)
TODO: check
CVE-2025-0821 (Bit Assist plugin for WordPress is vulnerable to time-based SQL
Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0503 (Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs
from the d ...)
TODO: check
CVE-2025-0178 (Improper Input Validation vulnerability in WatchGuard Fireware
OS allo ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Fireware OS
CVE-2024-8893 (Use of Hard-coded Credentials vulnerability in GoodWe
Technologies Co. ...)
- TODO: check
+ NOT-FOR-US: GoodWe Technologies
CVE-2024-57790 (IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was
discovere ...)
- TODO: check
+ NOT-FOR-US: IXON
CVE-2024-57778 (An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096
allows a r ...)
TODO: check
CVE-2024-57725 (An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a
remote o ...)
- TODO: check
+ NOT-FOR-US: Arcadyan Livebox Fibra
CVE-2024-56973 (Insecure Permissions vulnerability in Alvaria, Inc Unified IP
Unified ...)
- TODO: check
+ NOT-FOR-US: Alvaria
CVE-2024-56477 (IBM Power Hardware Management Console V10.3.1050.0 could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-56463 (IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting.
This vulner ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-56180 (CWE-502 Deserialization of Untrusted Data at the
eventmesh-meta-raftpl ...)
TODO: check
CVE-2024-52895 (IBM i 7.4 and 7.5 is vulnerable to a database access denial of
service ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3355af4d3a861d6fa9ae3448f68b7fa21e0b22aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3355af4d3a861d6fa9ae3448f68b7fa21e0b22aa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
