[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 22 Apr 2025 13:13:08 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4a715e49 by security tracker role at 2025-04-22T20:12:53+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-46254 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46253 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46252 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46251 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp 
VikRestaur ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46250 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        TODO: check
 CVE-2025-46249 (Cross-Site Request Forgery (CSRF) vulnerability in Michael 
Simple cale ...)
@@ -23,7 +23,7 @@ CVE-2025-46243 (Cross-Site Request Forgery (CSRF) 
vulnerability in sonalsinha21
 CVE-2025-46242 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        TODO: check
 CVE-2025-46241 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople 
Appointm ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46240 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        TODO: check
 CVE-2025-46239 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -51,7 +51,7 @@ CVE-2025-46227 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-46226 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        TODO: check
 CVE-2025-46225 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-43952 (A cross-site scripting (reflected XSS) vulnerability was found 
in Mett ...)
        TODO: check
 CVE-2025-43951 (LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. 
Authent ...)
@@ -73,11 +73,11 @@ CVE-2025-3519 (An authorization bypassinUnblu Spark allows 
aparticipant of a con
 CVE-2025-3518 (It technically possible for a user to upload a file to a 
conversation  ...)
        TODO: check
 CVE-2025-3472 (The Ocean Extra plugin for WordPress is vulnerable to arbitrary 
shortc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3458 (The Ocean Extra plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3457 (The Ocean Extra plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-34028 (A path traversal vulnerability in Commvault Command Center 
Innovation  ...)
        TODO: check
 CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage 
wikis. Pr ...)
@@ -99,13 +99,13 @@ CVE-2025-32950 (Jmix is a set of libraries and tools to 
speed up Spring Boot dat
 CVE-2025-32788 (OctoPrint provides a web interface for controlling consumer 3D 
printer ...)
        TODO: check
 CVE-2025-31328 (SAP Learning Solution is vulnerable to Cross-Site Request 
Forgery (CSR ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-31327 (SAP Field Logistics Manage Logistics application OData 
meta-data prope ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-2092 (Insertion of Sensitive Information into Log File in Checkmk 
GmbH's Che ...)
        TODO: check
 CVE-2025-29743 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command 
injection in ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-29621 (Francois Jacquet RosarioSIS v12.0.0 was discovered to contain 
a conten ...)
        TODO: check
 CVE-2025-29547 (In Rollback Rx Professional 12.8.0.0, the driver file 
shieldm.sys allo ...)
@@ -141,7 +141,7 @@ CVE-2025-28026 (TOTOLINK A830R V4.1.2cu.5182_B20201102, 
A950RG V4.1.2cu.5161_B20
 CVE-2025-28024 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a 
buffer o ...)
        TODO: check
 CVE-2025-27907 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to 
server-s ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-26159 (Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting 
(XSS) in ...)
        TODO: check
 CVE-2025-23253 (NVIDIA NvContainer service for Windows contains a 
vulnerability in its ...)
@@ -157,9 +157,9 @@ CVE-2025-23176 (CWE-89: Improper Neutralization of Special 
Elements used in an S
 CVE-2025-23175 (Multiple XSS (CWE-79))
        TODO: check
 CVE-2025-1951 (IBM Hardware Management Console - Power Systems V10.2.1030.0 
and V10.3 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-1950 (IBM Hardware Management Console - Power Systems V10.2.1030.0 
and V10.3 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-53569 (A stored cross-site scripting (XSS) vulnerability in the New 
Goal Crea ...)
        TODO: check
 CVE-2024-53568 (A stored cross-site scripting (XSS) vulnerability in the Image 
Upload  ...)
@@ -169,7 +169,7 @@ CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was 
discovered to contain
 CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before 
allows a r ...)
        TODO: check
 CVE-2024-11299 (The Memberpress plugin for WordPress is vulnerable to 
Sensitive Inform ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-44755 (Sacco Management system v1.0 was discovered to contain a SQL 
injection ...)
        TODO: check
 CVE-2023-44753 (A stored cross-site scripting (XSS) vulnerability fin Student 
Manageme ...)
@@ -219,13 +219,13 @@ CVE-2025-2839 (The WP Import Export Lite plugin for 
WordPress is vulnerable to S
 CVE-2025-2594 (The User Registration & Membership  WordPress plugin before 
4.1.3 does ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-2300 (Hitachi Ops Center Common Services within Hitachi Ops Center 
OVA conta ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2025-1732 (An improper privilege management vulnerability in the recovery 
functio ...)
        NOT-FOR-US: Zyxel
 CVE-2025-1731 (An incorrect permission assignment vulnerability in the 
PostgreSQL com ...)
        NOT-FOR-US: Zyxel
 CVE-2024-46899 (Hitachi Ops Center Common Services within Hitachi Ops Center 
Analyzer  ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2024-13569 (The Front End Users WordPress plugin through 3.2.32 does not 
sanitise  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-58250 (The passprompt plugin in pppd in ppp before 2.5.2 mishandles 
privilege ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a715e4927d013d2a63a483edf8a120e1280638a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a715e4927d013d2a63a483edf8a120e1280638a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to