[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 25 Apr 2025 01:22:43 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
abf4084a by Moritz Muehlenhoff at 2025-04-25T10:22:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2025-46617 (Quantum StorNext Web GUI API before 7.2.4 grants access to 
internal St ...)
-       TODO: check
+       NOT-FOR-US: Quantum StorNext
 CVE-2025-46616 (Quantum StorNext Web GUI API before 7.2.4 allows potential 
Arbitrary R ...)
-       TODO: check
+       NOT-FOR-US: Quantum StorNext
 CVE-2025-46613 (OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption 
because a t ...)
-       TODO: check
+       NOT-FOR-US: OpenPLC
 CVE-2025-46599 (CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet 
configur ...)
        TODO: check
 CVE-2025-46595 (An XSS issue was discovered in the Flag module before 
1.x-3.6.2 for Ba ...)
        TODO: check
 CVE-2025-46547 (In Sherpa Orchestrator 141851, the web application lacks 
protection ag ...)
-       TODO: check
+       NOT-FOR-US: Sherpa Orchestrator
 CVE-2025-46546 (In Sherpa Orchestrator 141851, multiple time-based blind SQL 
injection ...)
-       TODO: check
+       NOT-FOR-US: Sherpa Orchestrator
 CVE-2025-46545 (In Sherpa Orchestrator 141851, the functionality for adding or 
updatin ...)
-       TODO: check
+       NOT-FOR-US: Sherpa Orchestrator
 CVE-2025-46544 (In Sherpa Orchestrator 141851, a low-privileged user can 
elevate their ...)
-       TODO: check
+       NOT-FOR-US: Sherpa Orchestrator
 CVE-2025-46482 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46275 (WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that 
could   ...)
-       TODO: check
+       NOT-FOR-US: WGS-80HPT-V2 / WGS-4215-8T2S
 CVE-2025-46274 (UNI-NMS-Lite uses hard-coded credentials that could allow an  
unauthen ...)
-       TODO: check
+       NOT-FOR-US: UNI-NMS-Lite
 CVE-2025-46273 (UNI-NMS-Lite uses hard-coded credentials that could allow an  
unauthen ...)
-       TODO: check
+       NOT-FOR-US: UNI-NMS-Lite
 CVE-2025-46272 (WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command 
injection   ...)
-       TODO: check
+       NOT-FOR-US: WGS-80HPT-V2 / WGS-4215-8T2S
 CVE-2025-46271 (UNI-NMS-Lite is vulnerable to a command injection attack that 
could  a ...)
-       TODO: check
+       NOT-FOR-US: UNI-NMS-Lite
 CVE-2025-43865 (React Router is a router for React. In versions on the 7.0 
branch prio ...)
-       TODO: check
+       NOT-FOR-US: React Router
 CVE-2025-43864 (React Router is a router for React. Starting in version 7.2.0 
and prio ...)
-       TODO: check
+       NOT-FOR-US: React Router
 CVE-2025-43861 (ManageWiki is a MediaWiki extension allowing users to manage 
wikis. Pr ...)
-       TODO: check
+       NOT-FOR-US: ManageWiki MediaWiki extension
 CVE-2025-3923 (The Prevent Direct Access \u2013 Protect WordPress Files plugin 
for Wo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-3868 (The Custom Admin-Bar Favorites plugin for WordPress is 
vulnerable to R ...)
@@ -53,7 +53,7 @@ CVE-2025-3749 (The Breeze Display plugin for WordPress is 
vulnerable to Stored C
 CVE-2025-3743 (The Upsell Funnel Builder for WooCommerce plugin for WordPress 
is vuln ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-3606 (Vestel AC Charger  version   3.75.0 contains a vulnerability 
that  cou ...)
-       TODO: check
+       NOT-FOR-US: Vestel AC Charger
 CVE-2025-3511 (Improper Validation of Specified Quantity in Input 
vulnerability in Mi ...)
        TODO: check
 CVE-2025-2580 (The Contact Form by Bit Form plugin for WordPress is vulnerable 
to Sto ...)
@@ -61,7 +61,7 @@ CVE-2025-2580 (The Contact Form by Bit Form plugin for 
WordPress is vulnerable t
 CVE-2025-2238 (The Vikinger theme for WordPress is vulnerable to privilege in 
all ver ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-2185 (ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) 
software ...)
-       TODO: check
+       NOT-FOR-US: ALBEDO Telecom Net.Time
 CVE-2025-29529 (ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was 
discover ...)
        TODO: check
 CVE-2025-25777 (Insecure Direct Object Reference (IDOR) in Codeastro Bus 
Ticket Bookin ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf4084aabe028a5ca94f0904ec2c5958198f264

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf4084aabe028a5ca94f0904ec2c5958198f264
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to