[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 22 Apr 2025 22:52:08 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
634cabe6 by Salvatore Bonaccorso at 2025-04-23T07:51:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,11 +67,11 @@ CVE-2025-43947 (Codemers KLIMS 1.6.DEV lacks a proper 
access control mechanism,
 CVE-2025-43946 (TCPWave DDI 11.34P1C2 allows Remote Code Execution via 
Unrestricted Fi ...)
        NOT-FOR-US: TCPWave DDI
 CVE-2025-3767 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Centreon BAM (Boolean KPi Listing modules)
 CVE-2025-3519 (An authorization bypassinUnblu Spark allows aparticipant of a 
conversa ...)
-       TODO: check
+       NOT-FOR-US: Unblu
 CVE-2025-3518 (It technically possible for a user to upload a file to a 
conversation  ...)
-       TODO: check
+       NOT-FOR-US: Unblu
 CVE-2025-3472 (The Ocean Extra plugin for WordPress is vulnerable to arbitrary 
shortc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-3458 (The Ocean Extra plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
@@ -83,19 +83,19 @@ CVE-2025-34028 (A path traversal vulnerability in Commvault 
Command Center Innov
 CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage 
wikis. Pr ...)
        TODO: check
 CVE-2025-32963 (MinIO Operator STS is a native IAM Authentication for 
Kubernetes. Prio ...)
-       TODO: check
+       NOT-FOR-US: MinIO Operator
 CVE-2025-32961 (The Cuba JPA web API enables loading and saving any entities 
defined i ...)
-       TODO: check
+       NOT-FOR-US: Cuba JPA web API
 CVE-2025-32960 (The CUBA REST API add-on performs operations on data and 
entities. Pri ...)
-       TODO: check
+       NOT-FOR-US: CUBA REST API
 CVE-2025-32959 (CUBA Platform is a high level framework for enterprise 
applications de ...)
-       TODO: check
+       NOT-FOR-US: CUBA Platform
 CVE-2025-32952 (Jmix is a set of libraries and tools to speed up Spring Boot 
data-cent ...)
-       TODO: check
+       NOT-FOR-US: Jmix
 CVE-2025-32951 (Jmix is a set of libraries and tools to speed up Spring Boot 
data-cent ...)
-       TODO: check
+       NOT-FOR-US: Jmix
 CVE-2025-32950 (Jmix is a set of libraries and tools to speed up Spring Boot 
data-cent ...)
-       TODO: check
+       NOT-FOR-US: Jmix
 CVE-2025-32788 (OctoPrint provides a web interface for controlling consumer 3D 
printer ...)
        TODO: check
 CVE-2025-31328 (SAP Learning Solution is vulnerable to Cross-Site Request 
Forgery (CSR ...)
@@ -107,9 +107,9 @@ CVE-2025-2092 (Insertion of Sensitive Information into Log 
File in Checkmk GmbH'
 CVE-2025-29743 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command 
injection in ...)
        NOT-FOR-US: D-Link
 CVE-2025-29621 (Francois Jacquet RosarioSIS v12.0.0 was discovered to contain 
a conten ...)
-       TODO: check
+       NOT-FOR-US: RosarioSIS
 CVE-2025-29547 (In Rollback Rx Professional 12.8.0.0, the driver file 
shieldm.sys allo ...)
-       TODO: check
+       NOT-FOR-US: Rollback Rx Professional
 CVE-2025-29339 (An issue in UPF in Open5GS UPF versions up to v2.7.2 results 
an assert ...)
        TODO: check
 CVE-2025-28039 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain 
a pre-au ...)
@@ -143,41 +143,41 @@ CVE-2025-28024 (TOTOLINK A810R V4.1.2cu.5182_B20201026 
was found to contain a bu
 CVE-2025-27907 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to 
server-s ...)
        NOT-FOR-US: IBM
 CVE-2025-26159 (Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting 
(XSS) in ...)
-       TODO: check
+       NOT-FOR-US: Laravel Starter
 CVE-2025-23253 (NVIDIA NvContainer service for Windows contains a 
vulnerability in its ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23251 (NVIDIA NeMo Framework contains a vulnerability where a user 
could caus ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23250 (NVIDIA NeMo Framework contains a vulnerability where an 
attacker could ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23249 (NVIDIA NeMo Framework contains a vulnerability where a user 
could caus ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23176 (CWE-89: Improper Neutralization of Special Elements used in an 
SQL Com ...)
-       TODO: check
+       NOT-FOR-US: Tecnick
 CVE-2025-23175 (Multiple XSS (CWE-79))
-       TODO: check
+       NOT-FOR-US: Tecnick
 CVE-2025-1951 (IBM Hardware Management Console - Power Systems V10.2.1030.0 
and V10.3 ...)
        NOT-FOR-US: IBM
 CVE-2025-1950 (IBM Hardware Management Console - Power Systems V10.2.1030.0 
and V10.3 ...)
        NOT-FOR-US: IBM
 CVE-2024-53569 (A stored cross-site scripting (XSS) vulnerability in the New 
Goal Crea ...)
-       TODO: check
+       NOT-FOR-US: Volmarg Personal Management System
 CVE-2024-53568 (A stored cross-site scripting (XSS) vulnerability in the Image 
Upload  ...)
-       TODO: check
+       NOT-FOR-US: Volmarg Personal Management System
 CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to 
contain a sta ...)
-       TODO: check
+       NOT-FOR-US: NEXTU FLETA AX1500 WIFI6 Router
 CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before 
allows a r ...)
        TODO: check
 CVE-2024-11299 (The Memberpress plugin for WordPress is vulnerable to 
Sensitive Inform ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-44755 (Sacco Management system v1.0 was discovered to contain a SQL 
injection ...)
-       TODO: check
+       NOT-FOR-US: Sacco Management system
 CVE-2023-44753 (A stored cross-site scripting (XSS) vulnerability fin Student 
Manageme ...)
-       TODO: check
+       NOT-FOR-US: Student Management System
 CVE-2023-44752 (An issue in Student Study Center Desk Management System v1.0 
allows at ...)
-       TODO: check
+       NOT-FOR-US: Student Study Center Desk Management System
 CVE-2023-43958 (An arbitrary file upload vulnerability in the component 
/jquery-file-u ...)
-       TODO: check
+       NOT-FOR-US: Hospital Management System
 CVE-2023-43378 (A cross-site scripting (XSS) vulnerability in Hoteldruid 
v3.0.5 allows ...)
        TODO: check
 CVE-2025-3856 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has 
been cla ...)
@@ -207,7 +207,7 @@ CVE-2025-3616 (The Greenshift \u2013 animation and page 
builder blocks plugin fo
 CVE-2025-3577 (**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in 
the we ...)
        NOT-FOR-US: Zyxel
 CVE-2025-32958 (Adept is a language for general purpose programming. Prior to 
commit a ...)
-       TODO: check
+       NOT-FOR-US: Adept
 CVE-2025-32956 (ManageWiki is a MediaWiki extension allowing users to manage 
wikis. Ve ...)
        TODO: check
 CVE-2025-32955 (Harden-Runner is a CI/CD security agent that works like an EDR 
for Git ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634cabe68df9933fca5cf600dfdd1468929803c1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634cabe68df9933fca5cf600dfdd1468929803c1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to