[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Fri, 25 Apr 2025 01:13:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e3a614d3 by security tracker role at 2025-04-25T08:12:48+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-46545 (In Sherpa Orchestrator 141851, the 
functionality for adding or u
 CVE-2025-46544 (In Sherpa Orchestrator 141851, a low-privileged user can 
elevate their ...)
        TODO: check
 CVE-2025-46482 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46275 (WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that 
could   ...)
        TODO: check
 CVE-2025-46274 (UNI-NMS-Lite uses hard-coded credentials that could allow an  
unauthen ...)
@@ -35,45 +35,45 @@ CVE-2025-43864 (React Router is a router for React. 
Starting in version 7.2.0 an
 CVE-2025-43861 (ManageWiki is a MediaWiki extension allowing users to manage 
wikis. Pr ...)
        TODO: check
 CVE-2025-3923 (The Prevent Direct Access \u2013 Protect WordPress Files plugin 
for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3868 (The Custom Admin-Bar Favorites plugin for WordPress is 
vulnerable to R ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3867 (The Ajax Comment Form CST plugin for WordPress is vulnerable to 
Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3866 (The Add Google +1 (Plus one) social share Button plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3861 (The Prevent Direct Access \u2013 Protect WordPress Files plugin 
for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3775 (The ShopLentor \u2013 WooCommerce Builder for Elementor & 
Gutenberg +2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3752 (The Able Player, accessible HTML5 media player plugin for 
WordPress is ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3749 (The Breeze Display plugin for WordPress is vulnerable to Stored 
Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3743 (The Upsell Funnel Builder for WooCommerce plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3606 (Vestel AC Charger  version   3.75.0 contains a vulnerability 
that  cou ...)
        TODO: check
 CVE-2025-3511 (Improper Validation of Specified Quantity in Input 
vulnerability in Mi ...)
        TODO: check
 CVE-2025-2580 (The Contact Form by Bit Form plugin for WordPress is vulnerable 
to Sto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2238 (The Vikinger theme for WordPress is vulnerable to privilege in 
all ver ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2185 (ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) 
software ...)
        TODO: check
 CVE-2025-29529 (ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was 
discover ...)
        TODO: check
 CVE-2025-25777 (Insecure Direct Object Reference (IDOR) in Codeastro Bus 
Ticket Bookin ...)
-       TODO: check
+       NOT-FOR-US: CodeAstro
 CVE-2025-1294 (The eForm - WordPress Form Builder plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-0671 (The Icegram Express  WordPress plugin before 5.7.50 does not 
sanitise  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-30127 (Missing "no cache" headers in HCL Leap permits sensitive data 
to be ca ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-37516 (Missing "no cache" headers in HCL Leap permits user directory 
informat ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2025-3454
        - grafana <removed>
 CVE-2025-46542 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -214819,9 +214819,9 @@ CVE-2022-44762
 CVE-2022-44761
        RESERVED
 CVE-2022-44760 (Unsafe default file type filter policy in HCL Leap allows 
execution of ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2022-44759 (Improper sanitization of SVG files in HCL Leap allows 
client-side scri ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2022-44758 (BigFix Insights/IVR fixlet uses improper credential handling 
within ce ...)
        NOT-FOR-US: HCL
 CVE-2022-44757 (BigFix Insights for Vulnerability Remediation (IVR) uses weak 
cryptogr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3a614d3f2247f0943d40f671a81421f0bad2b8f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3a614d3f2247f0943d40f671a81421f0bad2b8f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to