[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 8 21:16:13 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab3ea7ee by Salvatore Bonaccorso at 2025-04-08T22:15:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2025-3437 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3436 (The coreActivity: Activity Logging for WordPress plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3433 (The Advanced Advertising System plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3432 (The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3416 (A flaw was found in OpenSSL's handling of the properties argument in c ...)
TODO: check
CVE-2025-3289 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3288 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3287 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3286 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3285 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3064 (The WPFront User Role Editor plugin for WordPress is vulnerable to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32406 (An XXE issue in the Director NBR component in NAKIVO Backup & Replicat ...)
TODO: check
CVE-2025-32279 (Missing Authorization vulnerability in Shahjada Live Forms. This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32211 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32164 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32036 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
TODO: check
CVE-2025-32035 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
@@ -49,47 +49,47 @@ CVE-2025-32018 (Cursor is a code editor built for programming with AI. In versio
CVE-2025-32017 (Umbraco is a free and open source .NET content management system. Auth ...)
TODO: check
CVE-2025-30671 (Null pointer dereference in some Zoom Workplace Apps for Windows may a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-30670 (Null pointer dereference in some Zoom Workplace Apps for Windows may a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-30309 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30308 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30307 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30306 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30305 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30304 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30303 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30302 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30301 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30300 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30299 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30298 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30297 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30296 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30295 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30291 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30286 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30285 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30280 (A vulnerability has been identified in Mendix Runtime V10 (All version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30166 (Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An H ...)
TODO: check
CVE-2025-30151 (Shopware is an open commerce platform. It's possible to pass long pass ...)
@@ -97,35 +97,35 @@ CVE-2025-30151 (Shopware is an open commerce platform. It's possible to pass lon
CVE-2025-30150 (Shopware 6 is an open commerce platform based on Symfony Framework and ...)
TODO: check
CVE-2025-30000 (A vulnerability has been identified in Siemens License Server (SLS) (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-2883 (The Accept SagePay Payments Using Contact Form 7 plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2876 (The MelaPress Login Security and MelaPress Login Security Premium plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2829 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2808 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2807 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2568 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2293 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2288 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2287 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2286 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2285 (A local code execution vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-29999 (A vulnerability has been identified in Siemens License Server (SLS) (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-29986 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-29985 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initi ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-29824 (Use after free in Windows Common Log File System Driver allows an auth ...)
TODO: check
CVE-2025-29823 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
@@ -267,57 +267,57 @@ CVE-2025-27469 (Uncontrolled resource consumption in Windows LDAP - Lightweight
CVE-2025-27467 (Use after free in Windows Digital Media allows an authorized attacker ...)
TODO: check
CVE-2025-27443 (Insecure default variable initialization in some Zoom Workplace Apps f ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-27442 (Cross site scripting in some Zoom Workplace Apps may allow an unauthen ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-27441 (Cross site scripting in some Zoom Workplace Apps may allow an unauthen ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-27205 (Adobe Experience Manager Screens versions FP11.3 and earlier are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27204 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27202 (Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27201 (Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27200 (Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use Aft ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27199 (Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-ba ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27198 (Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27196 (Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27195 (Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27194 (Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27193 (Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-base ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27187 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27186 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27185 (After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27184 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27183 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27182 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27085 (Multiple vulnerabilities exist in the web-based management interface o ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27084 (A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Contro ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27083 (Authenticated command injection vulnerabilities exist in the AOS-10 GW ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27082 (Arbitrary File Write vulnerabilities exist in the web-based management ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27079 (A vulnerability in the file creation process on the command line inter ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27078 (A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP coul ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-26688 (Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an ...)
TODO: check
CVE-2025-26687 (Use after free in Windows Win32K - GRFX allows an unauthorized attacke ...)
@@ -389,11 +389,11 @@ CVE-2025-26635 (Weak authentication in Windows Hello allows an authorized attack
CVE-2025-26628 (Insufficiently protected credentials in Azure Local Cluster allows an ...)
TODO: check
CVE-2025-25254 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-25227 (Insufficient state checks lead to a vector that allows to bypass 2FA c ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-25226 (Improper handling of identifiers lead to a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-25002 (Insertion of sensitive information into log file in Azure Local Cluste ...)
TODO: check
CVE-2025-24074 (Improper input validation in Windows DWM Core Library allows an author ...)
@@ -407,19 +407,19 @@ CVE-2025-24060 (Improper input validation in Windows DWM Core Library allows an
CVE-2025-24058 (Improper input validation in Windows DWM Core Library allows an author ...)
TODO: check
CVE-2025-22855 (An improper neutralization of input during web page generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-22466 (Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22465 (Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22464 (An untrusted pointer dereference vulnerability in Ivanti Endpoint Mana ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22461 (SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22459 (Improper certificate validation in Ivanti Endpoint Manager before vers ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22458 (DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-21222 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
TODO: check
CVE-2025-21221 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
@@ -437,13 +437,13 @@ CVE-2025-21191 (Time-of-check time-of-use (toctou) race condition in Windows Loc
CVE-2025-21174 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
TODO: check
CVE-2025-1095 (IBM Personal Communications v14 and v15 include a Windows service that ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-54092 (A vulnerability has been identified in Industrial Edge Device Kit - ar ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-54025 (An improper neutralization of special elements used in an OS command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-54024 (An improper neutralization of special elements used in an OS command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-52981 (An issue was discovered in Elasticsearch, where a large recursion usin ...)
TODO: check
CVE-2024-52980 (A flaw was discovered in Elasticsearch, where a large recursion using ...)
@@ -451,37 +451,37 @@ CVE-2024-52980 (A flaw was discovered in Elasticsearch, where a large recursion
CVE-2024-52974 (An issue has been identified where a specially crafted request sent to ...)
TODO: check
CVE-2024-52962 (AnImproper Output Neutralization for Logs vulnerability [CWE-117] in F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-50565 (A improper restriction of communication channel to intended endpoints ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-48887 (A unverified password change vulnerability in Fortinet FortiSwitch GU ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46671 (An Incorrect User Management vulnerability [CWE-286] in FortiWeb versi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-41796 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41795 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41794 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41793 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41792 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41791 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41790 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41789 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41788 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-32122 (A storing passwords in a recoverable format in Fortinet FortiOS versio ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-26013 (A improper restriction of communication channel to intended endpoints ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-37930 (Multiple issues including the use of uninitialized ressources [CWE-908 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-XXXX [Heap-buffer-overflow in ImportViewPixelArea()]
- graphicsmagick 1.4+really1.3.45+hg17696-1
NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3ea7ee165ec31cfef08fe37074447970d0e03d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3ea7ee165ec31cfef08fe37074447970d0e03d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250408/e042e56e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list