[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Apr 1 09:42:14 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad936de2 by Moritz Muehlenhoff at 2025-04-01T10:41:55+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
CVE-2025-3062 (Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drup ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3061 (Vulnerability in Drupal Material Admin.This issue affects Material Adm ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3060 (Vulnerability in Drupal Flattern \u2013 Multipurpose Bootstrap Busines ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3059 (Vulnerability in Drupal Profile Private.This issue affects Profile Pri ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3057 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3045 (A vulnerability, which was classified as critical, was found in oretno ...)
NOT-FOR-US: SourceCodester
CVE-2025-3043 (A vulnerability, which was classified as critical, has been found in G ...)
- TODO: check
+ NOT-FOR-US: GuoMinJim PersonManage
CVE-2025-3042 (A vulnerability classified as critical was found in Project Worlds Onl ...)
- TODO: check
+ NOT-FOR-US: Project Worlds Online Time Table Generator
CVE-2025-3041 (A vulnerability classified as critical has been found in Project World ...)
- TODO: check
+ NOT-FOR-US: Project Worlds Online Time Table Generator
CVE-2025-3040 (A vulnerability was found in Project Worlds Online Time Table Generato ...)
- TODO: check
+ NOT-FOR-US: Project Worlds Online Time Table Generator
CVE-2025-3039 (A vulnerability was found in code-projects Payroll Management System 1 ...)
NOT-FOR-US: code-projects
CVE-2025-3038 (A vulnerability was found in code-projects Payroll Management System 1 ...)
NOT-FOR-US: code-projects
CVE-2025-3037 (A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0 ...)
- TODO: check
+ NOT-FOR-US: yzk2356911358 StudentServlet-JSP
CVE-2025-3036 (A vulnerability, which was classified as problematic, was found in yzk ...)
- TODO: check
+ NOT-FOR-US: yzk2356911358 StudentServlet-JSP
CVE-2025-3018 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester
CVE-2025-3017 (A vulnerability, which was classified as critical, has been found in T ...)
@@ -35,55 +35,55 @@ CVE-2025-3016 (A vulnerability classified as problematic was found in Open Asset
CVE-2025-3015 (A vulnerability classified as critical has been found in Open Asset Im ...)
TODO: check
CVE-2025-31697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31694 (Incorrect Authorization vulnerability in Drupal Two-factor Authenticat ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31693 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31692 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31691 (Missing Authorization vulnerability in Drupal OAuth2 Server allows For ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31690 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utilit ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31689 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31688 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuratio ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31687 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31686 (Missing Authorization vulnerability in Drupal Open Social allows Force ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31685 (Missing Authorization vulnerability in Drupal Open Social allows Force ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31684 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Clien ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31683 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag a ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31682 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31681 (Missing Authorization vulnerability in Drupal Authenticator Login allo ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31680 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analy ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31679 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31678 (Missing Authorization vulnerability in Drupal AI (Artificial Intellige ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31677 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artifici ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31676 (Weak Authentication vulnerability in Drupal Email TFA allows Brute For ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31675 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31674 (Improperly Controlled Modification of Dynamically-Determined Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31673 (Incorrect Authorization vulnerability in Drupal Drupal core allows For ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-31523
REJECTED
CVE-2025-31522
@@ -103,7 +103,7 @@ CVE-2025-31516
CVE-2025-31515
REJECTED
CVE-2025-31415 (Missing Authorization vulnerability in YayCommerce YayExtra allows Exp ...)
- TODO: check
+ NOT-FOR-US: YayCommerce
CVE-2025-31409 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31194 (An authentication issue was addressed with improved state management. ...)
@@ -123,11 +123,11 @@ CVE-2025-31183 (The issue was addressed with improved restriction of data contai
CVE-2025-31182 (This issue was addressed with improved handling of symlinks. This issu ...)
NOT-FOR-US: Apple
CVE-2025-31095 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31087 (Deserialization of Untrusted Data vulnerability in silverplugins217 Mu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31084 (Deserialization of Untrusted Data vulnerability in sunshinephotocart S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31074 (Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Man ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31024 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -195,7 +195,7 @@ CVE-2025-30782 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-30774 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30622 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30613 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -203,7 +203,7 @@ CVE-2025-30613 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-30607 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30594 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30589 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -305,7 +305,7 @@ CVE-2025-2008 (The Import Export Suite for CSV and XML Datafeed plugin for WordP
CVE-2025-2007 (The Import Export Suite for CSV and XML Datafeed plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-26683 (Improper authorization in Azure Playwright allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24283 (A logging issue was addressed with improved data redaction. This issue ...)
NOT-FOR-US: Apple
CVE-2025-24282 (A library injection issue was addressed with additional restrictions. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad936de243e2efe4aca2b4c9f4644b221f689c7c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad936de243e2efe4aca2b4c9f4644b221f689c7c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250401/2d74bbac/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list