Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5970282b by Salvatore Bonaccorso at 2025-04-22T22:50:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,65 +7,65 @@ CVE-2025-46252 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-46251 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp
VikRestaur ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46250 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46249 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Simple cale ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46247 (Missing Authorization vulnerability in codepeople Appointment
Booking ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46246 (Cross-Site Request Forgery (CSRF) vulnerability in
CreativeMindsSoluti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46245 (Cross-Site Request Forgery (CSRF) vulnerability in
CreativeMindsSoluti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46244 (Missing Authorization vulnerability in Dotstore Advanced
Linked Variat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46243 (Cross-Site Request Forgery (CSRF) vulnerability in
sonalsinha21 Recove ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46242 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46241 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople
Appointm ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46240 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46239 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46238 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46236 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46235 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46233 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46232 (Missing Authorization vulnerability in alttextai Download Alt
Text AI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46231 (Cross-Site Request Forgery (CSRF) vulnerability in SERVIT
Software Sol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46229 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46228 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46227 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46226 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46225 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-43952 (A cross-site scripting (reflected XSS) vulnerability was found
in Mett ...)
- TODO: check
+ NOT-FOR-US: Mettler Toledo FreeWeight.Net Web Reports Viewer
CVE-2025-43951 (LabVantage before LV 8.8.0.13 HF6 allows local file inclusion.
Authent ...)
- TODO: check
+ NOT-FOR-US: LabVantage
CVE-2025-43950 (DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens
by plac ...)
- TODO: check
+ NOT-FOR-US: DPMAdirektPro
CVE-2025-43949 (MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3
is vuln ...)
- TODO: check
+ NOT-FOR-US: MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web)
CVE-2025-43948 (Codemers KLIMS 1.6.DEV allows Python code injection. A user
can provid ...)
- TODO: check
+ NOT-FOR-US: Codemers KLIMS
CVE-2025-43947 (Codemers KLIMS 1.6.DEV lacks a proper access control
mechanism, allowi ...)
- TODO: check
+ NOT-FOR-US: Codemers KLIMS
CVE-2025-43946 (TCPWave DDI 11.34P1C2 allows Remote Code Execution via
Unrestricted Fi ...)
- TODO: check
+ NOT-FOR-US: TCPWave DDI
CVE-2025-3767 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-3519 (An authorization bypassinUnblu Spark allows aparticipant of a
conversa ...)
@@ -79,7 +79,7 @@ CVE-2025-3458 (The Ocean Extra plugin for WordPress is
vulnerable to Stored Cros
CVE-2025-3457 (The Ocean Extra plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-34028 (A path traversal vulnerability in Commvault Command Center
Innovation ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Pr ...)
TODO: check
CVE-2025-32963 (MinIO Operator STS is a native IAM Authentication for
Kubernetes. Prio ...)
@@ -113,33 +113,33 @@ CVE-2025-29547 (In Rollback Rx Professional 12.8.0.0, the
driver file shieldm.sy
CVE-2025-29339 (An issue in UPF in Open5GS UPF versions up to v2.7.2 results
an assert ...)
TODO: check
CVE-2025-28039 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain
a pre-au ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28038 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain
a pre-au ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28037 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG
V4.1.2cu.5161_B20200 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28036 (TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a
pre-aut ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28035 (TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a
pre-auth ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28034 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R
V4.1.2cu.5182_B20201026, ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28033 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R
V4.1.2cu.5182_B20201026, ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28032 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R
V4.1.2cu.5182_B20201026, ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28031 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to
contain a har ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28030 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to
contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28029 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28027 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28026 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28024 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a
buffer o ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-27907 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
server-s ...)
NOT-FOR-US: IBM
CVE-2025-26159 (Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting
(XSS) in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5970282bc1fb1dc46973a40e4b0028998a95a5b1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5970282bc1fb1dc46973a40e4b0028998a95a5b1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
