Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b84d7f3 by security tracker role at 2025-05-01T08:13:54+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,85 +1,85 @@
CVE-2025-4156 (A vulnerability has been found in PHPGurukul Boat Booking
System 1.0 a ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4155 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4154 (A vulnerability, which was classified as critical, has been
found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4153 (A vulnerability classified as critical was found in PHPGurukul
Park Ti ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4152 (A vulnerability classified as critical has been found in
PHPGurukul On ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4151 (A vulnerability was found in PHPGurukul Curfew e-Pass
Management Syste ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4150 (A vulnerability was found in Netgear EX6200 1.0.3.94. It has
been decl ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4149 (A vulnerability was found in Netgear EX6200 1.0.3.94. It has
been clas ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4148 (A vulnerability was found in Netgear EX6200 1.0.3.94 and
classified as ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4147 (A vulnerability has been found in Netgear EX6200 1.0.3.94 and
classifi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4146 (A vulnerability, which was classified as critical, was found in
Netgea ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4145 (A vulnerability, which was classified as critical, has been
found in N ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4144 (PKCE was implemented in the OAuth implementation in
workers-oauth-prov ...)
TODO: check
CVE-2025-4143 (The OAuth implementation in workers-oauth-provider that is part
of MC ...)
TODO: check
CVE-2025-4142 (A vulnerability has been found in Netgear EX6200 1.0.3.94 and
classifi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4141 (A vulnerability, which was classified as critical, was found in
Netgea ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4140 (A vulnerability, which was classified as critical, has been
found in N ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4139 (A vulnerability classified as critical was found in Netgear
EX6120 1.0 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4100 (The Nautic Pages plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4099 (The List Children plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47154 (LibJS in Ladybird before f5a6704 mishandles the freeing of the
vector ...)
TODO: check
CVE-2025-3952 (The Projectopia \u2013 WordPress Project Management plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3521 (The Team Members \u2013 Best WordPress Team Plugin with Team
Slider, T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3504 (The WP Maps WordPress plugin before 4.7.2 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3503 (The WP Maps WordPress plugin before 4.7.2 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3502 (The WP Maps WordPress plugin before 4.7.2 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30422 (A buffer overflow was addressed with improved input
validation. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-2816 (The Page View Count plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2168 (The Ultimate Store Kit Elementor Addons, Woocommerce Builder,
EDD Buil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24132 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-1305 (The NewsBlogger theme for WordPress is vulnerable to Cross-Site
Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1304 (The NewsBlogger theme for WordPress is vulnerable to arbitrary
file up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30146 (Improper access control of endpoint in HCL Domino Leap allows
certain ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30145 (Multiple vectors in HCL Domino Volt and Domino Leap allow
client-side ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30115 (Insufficient sanitization policy in HCL Leap allows
client-side script ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-13845 (The Gravity Forms WebHooks plugin for WordPress is vulnerable
to Serve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13381 (The Calculated Fields Form WordPress plugin before 5.2.62 does
not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4533
REJECTED
CVE-2023-45721 (Insufficient default configuration in HCL Leap allows
anonymous access ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37535 (Insufficient URI protocol whitelist in HCL Domino Volt and
Domino Leap ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37517 (Missing "no cache" headers in HCL Leap permits sensitive data
to be ca ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-47153 (Certain build processes for libuv and Node.js for 32-bit
systems, such ...)
- nodejs <unfixed> (bug #922075; bug #1076350)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892601
@@ -225469,9 +225469,9 @@ CVE-2022-42452 (HCL Launch is vulnerable to HTML
injection. HTML code is stored
CVE-2022-42451 (Certain credentials within the BigFix Patch Management
Download Plug-i ...)
NOT-FOR-US: HCL
CVE-2022-42450 (Improper sanitization of SVG files in HCL Domino Volt allows
client-si ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-42449 (Unsafe default file type filter policy in HCL Domino Volt
allows uploa ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-42448
RESERVED
CVE-2022-42447 (HCL Compass is vulnerable to Cross-Origin Resource Sharing
(CORS). Thi ...)
@@ -267398,7 +267398,7 @@ CVE-2022-27564
CVE-2022-27563 (An unauthenticated user can overload a part of HCL
VersionVault Expres ...)
NOT-FOR-US: HCL
CVE-2022-27562 (Unsafe default file type filter policy in HCL Domino Volt
allows uploa ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-27561 (There is a reflected Cross-Site Scripting vulnerability in the
HCL Tra ...)
NOT-FOR-US: HCL
CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b84d7f3fb228cef82bf214bcabbb0629cdb762d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b84d7f3fb228cef82bf214bcabbb0629cdb762d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
