Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad164932 by Moritz Muehlenhoff at 2025-03-11T09:40:45+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-2174 (A vulnerability was found in libzvbi up to
0.2.43. It has been de
CVE-2025-2173 (A vulnerability was found in libzvbi up to 0.2.43. It has been
classif ...)
TODO: check
CVE-2025-2169 (The The WPCS \u2013 WordPress Currency Switcher Professional
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2137 (Out of bounds read in V8 in Google Chrome prior to
134.0.6998.88 allow ...)
TODO: check
CVE-2025-2136 (Use after free in Inspector in Google Chrome prior to
134.0.6998.88 al ...)
@@ -33,71 +33,71 @@ CVE-2025-27910 (tianti v2.3 was discovered to contain a
Cross-Site Request Forge
CVE-2025-27610 (Rack provides an interface for developing web applications in
Ruby. Pr ...)
TODO: check
CVE-2025-27436 (The Manage Bank Statements in SAP S/4HANA does not perform
required ac ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27434 (Due to insufficient input validation, SAP Commerce (Swagger
UI) allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27433 (The Manage Bank Statements in SAP S/4HANA allows authenticated
attacke ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27432 (The eDocument Cockpit (Inbound NF-e) in SAP Electronic
Invoicing for B ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27431 (User management functionality in SAP NetWeaver Application
Server Java ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-27430 (Under certain conditions, an SSRF vulnerability in SAP CRM and
SAP S/4 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26707 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26706 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26705 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26704 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26703 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26702 (Improper Input Validation vulnerability in ZTE GoldenDB allows
Input D ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-26661 (Due to missing authorization check, SAP NetWeaver (ABAP Class
Builder) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26660 (SAP Fiori applications using the posting library fail to
properly conf ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26659 (SAP NetWeaver Application Server ABAP does not sufficiently
encode use ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26658 (The Service Layer in SAP Business One, allows attackers to
potentially ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26656 (OData Service in Manage Purchasing Info Records does not
perform neces ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-26655 (SAP Just In Time(JIT) does not perform necessary authorization
checks ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-25908 (A stored cross-site scripting (XSS) vulnerability in tianti
v2.3 allow ...)
TODO: check
CVE-2025-25907 (tianti v2.3 was discovered to contain a Cross-Site Request
Forgery (CS ...)
TODO: check
CVE-2025-25245 (SAP BusinessObjects Business Intelligence Platform (Web
Intelligence) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-25244 (SAP Business Warehouse (Process Chains) allows an attacker to
manipula ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-25242 (SAP NetWeaver Application Server ABAP allows malicious scripts
to be e ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-23194 (SAP NetWeaver Enterprise Portal OBN does not perform proper
authentica ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-23188 (An authenticated user with low privileges can exploit a
missing author ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-23185 (Due to improper error handling in SAP Business Objects
Business Intell ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-1920 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88
allowed a ...)
TODO: check
CVE-2025-1661 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1434 (The Spreadsheet view is vulnerable to a XSS attack, where a
remote una ...)
TODO: check
CVE-2025-0660 (Concrete CMS versions 9.0.0 through 9.3.9 are affected by a
stored XSS ...)
TODO: check
CVE-2025-0629 (The Coronavirus (COVID-19) Notice Message WordPress plugin
through 1.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0071 (SAP Web Dispatcher and Internet Communication Manager allow an
attacke ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-0062 (SAP BusinessObjects Business Intelligence Platform allows an
attacker ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-58102 (An issue was discovered in Datalust Seq before 2024.3.13545.
An insecu ...)
TODO: check
CVE-2024-56192 (In wl_notify_gscan_event of wl_cfgscan.c, there is a possible
out of b ...)
@@ -105,31 +105,31 @@ CVE-2024-56192 (In wl_notify_gscan_event of wl_cfgscan.c,
there is a possible ou
CVE-2024-56191 (In dhd_process_full_gscan_result of dhd_pno.c, there is a
possible EoP ...)
TODO: check
CVE-2024-49823 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-41760 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could all ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22340 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-13864 (The Countdown Timer WordPress plugin through 1.0 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13862 (The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo
Functionalit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13853 (The SEO Tools WordPress plugin through 4.0.7 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13836 (The WP Login Control WordPress plugin through 2.0.0 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13615 (The Social Share Buttons, Social Sharing Icons, Click to Tweet
\u2014 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13580 (The XV Random Quotes WordPress plugin through 1.40 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13574 (The XV Random Quotes WordPress plugin through 1.40 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13436 (The Appsero Helper plugin for WordPress is vulnerable to
Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13413 (The ProductDyno plugin for WordPress is vulnerable to
Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13228 (The Qubely \u2013 Advanced Gutenberg Blocks plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12010 (A post-authentication command injection vulnerability in the
\u201dzyU ...)
TODO: check
CVE-2024-12009 (A post-authentication command injection vulnerability in the
"ZyEE" fu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad164932b3682a7a013378ce19698c70515cab3f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad164932b3682a7a013378ce19698c70515cab3f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
