[Git][security-tracker-team/security-tracker][master] NFUs

Thu, 15 May 2025 14:07:54 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd677859 by Moritz Muehlenhoff at 2025-05-15T23:06:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-4762 (Insecure Direct Object Reference (IDOR) vulnerability in the 
eSignaVie ...)
-       TODO: check
+       NOT-FOR-US: eSigna
 CVE-2025-4717 (A vulnerability, which was classified as critical, was found in 
PHPGur ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4716 (A vulnerability was found in Campcodes Sales and Inventory 
System 1.0. ...)
@@ -33,7 +33,7 @@ CVE-2025-4703 (A vulnerability has been found in PHPGurukul 
Vehicle Parking Mana
 CVE-2025-4702 (A vulnerability, which was classified as critical, was found in 
PHPGur ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4701 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: VITA-MLLM Freeze-Omni
 CVE-2025-4699 (A vulnerability classified as critical was found in PHPGurukul 
Apartme ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4698 (A vulnerability classified as critical has been found in 
PHPGurukul Di ...)
@@ -49,7 +49,7 @@ CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin 
for WordPress is v
 CVE-2025-4516 (There is an issue in CPython when using 
`bytes.decode("unicode_escape" ...)
        TODO: check
 CVE-2025-48051 (powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in 
some ap ...)
-       TODO: check
+       NOT-FOR-US: Lichess Lila
 CVE-2025-48050 (In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js 
does not  ...)
        TODO: check
 CVE-2025-47789 (Horilla is a free and open source Human Resource Management 
System (HR ...)
@@ -73,13 +73,13 @@ CVE-2025-47285 (Vyper is the Pythonic Programming Language 
for the Ethereum Virt
 CVE-2025-47279 (Undici is an HTTP/1.1 client for Node.js. Prior to versions 
5.29.0, 6. ...)
        TODO: check
 CVE-2025-47161 (Microsoft Defender for Endpoint Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Lichess Lila
 CVE-2025-46834 (Alchemy's Modular Account is a smart contract account that is 
compatib ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-46053 (A SQL Injection vulnerability in WebERP v4.15.2 allows 
attackers to ex ...)
        TODO: check
 CVE-2025-46052 (An error-based SQL Injection (SQLi) vulnerability in WebERP 
v4.15.2 al ...)
-       TODO: check
+       NOT-FOR-US: WebERP
 CVE-2025-44185 (SourceCodester Best Employee Management System V1.0 is 
vulnerable to C ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-44183 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable 
to Cros ...)
@@ -91,11 +91,11 @@ CVE-2025-44181 (Phpgurukul Vehicle Record Management System 
v1.0 is vulnerable t
 CVE-2025-44180 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable 
to Cros ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-44110 (FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in 
via the F ...)
-       TODO: check
+       NOT-FOR-US: FluxBB
 CVE-2025-43853 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the 
executable ...)
        TODO: check
 CVE-2025-3446 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x 
<= 10.4 ...)
-       TODO: check
+       - mattermost-server <itp> (bug #823556)
 CVE-2025-3440 (IBM Security Guardium 11.5 is vulnerable to stored cross-site 
scriptin ...)
        NOT-FOR-US: IBM
 CVE-2025-32922 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias 
WP2LEADS all ...)
@@ -105,7 +105,7 @@ CVE-2025-32738 (Missing authentication for critical 
function issue exists in I-O
 CVE-2025-32002 (Improper neutralization of special elements used in an OS 
command ('OS ...)
        TODO: check
 CVE-2025-31947 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x 
<= 10.4 ...)
-       TODO: check
+       - mattermost-server <itp> (bug #823556)
 CVE-2025-30476 (Dell PowerScale InsightIQ, version 5.2, contains an 
uncontrolled resou ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-30475 (Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains 
an impro ...)
@@ -121,9 +121,9 @@ CVE-2025-30418 (There is a memory corruption vulnerability 
due to an out of boun
 CVE-2025-30417 (There is a memory corruption vulnerability due to an out of 
bounds wri ...)
        TODO: check
 CVE-2025-2570 (Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to 
check  ...)
-       TODO: check
+       - mattermost-server <itp> (bug #823556)
 CVE-2025-2527 (Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed 
to prop ...)
-       TODO: check
+       - mattermost-server <itp> (bug #823556)
 CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, 
contains an u ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
@@ -131,13 +131,13 @@ CVE-2025-1647 (Improper Neutralization of Input During 
Web Page Generation (XSS
 CVE-2024-56006 (Missing Authorization vulnerability in Automattic Jetpack 
Debug Tools. ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2024-52880 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before 
version  ...)
-       TODO: check
+       NOT-FOR-US: Insyde InsydeH2O
 CVE-2024-52879 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before 
version  ...)
-       TODO: check
+       NOT-FOR-US: Insyde InsydeH2O
 CVE-2024-52878 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before 
version  ...)
-       TODO: check
+       NOT-FOR-US: Insyde InsydeH2O
 CVE-2024-52877 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before 
version  ...)
-       TODO: check
+       NOT-FOR-US: Insyde InsydeH2O
 CVE-2024-51666 (Missing Authorization vulnerability in Automattic Tours.This 
issue aff ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-4737 (Insufficient encryption vulnerability in the mobile application 
(com.t ...)
@@ -151,7 +151,7 @@ CVE-2025-4579 (The WP Content Security Plugin plugin for 
WordPress is vulnerable
 CVE-2025-4126 (The EG-Series plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-48027 (The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows 
authenticati ...)
-       TODO: check
+       NOT-FOR-US: pGina.Fork
 CVE-2025-48024 (In BlueWave Checkmate before 2.1, an authenticated regular 
user can ac ...)
        TODO: check
 CVE-2025-47889 (In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication 
claims ar ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd677859c193dd3e5f8ee6025afe9805173fdca8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd677859c193dd3e5f8ee6025afe9805173fdca8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to