[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 9 21:42:06 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d86d812a by Salvatore Bonaccorso at 2025-04-09T22:41:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,23 +5,23 @@ CVE-2025-3474 (Missing Authentication for Critical Function vulnerability in Dru
CVE-2025-3131 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-3115 (Injection Vulnerabilities: Attackers can inject malicious code, potent ...)
- TODO: check
+ NOT-FOR-US: Spotfire
CVE-2025-3114 (Code Execution via Malicious Files:Attackers can create specially craf ...)
- TODO: check
+ NOT-FOR-US: Spotfire
CVE-2025-32695 (Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32694 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32693 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32692 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32691 (Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato Pow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32685 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32684 (Missing Authorization vulnerability in RomanCode MapSVG Lite allows Ex ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32683 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -127,25 +127,25 @@ CVE-2025-32497 (Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoil
CVE-2025-32496 (Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32495 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32494 (Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Je ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32493 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32492 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32489 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32488 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32487 (Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32485 (Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32484 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32483 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32482 (Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32481 (Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Soci ...)
@@ -161,25 +161,25 @@ CVE-2025-32477 (Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord
CVE-2025-32476 (Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advance ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32381 (XGrammar is an open-source library for efficient, flexible, and portab ...)
- TODO: check
+ NOT-FOR-US: XGrammar
CVE-2025-32380 (The Apollo Router Core is a configurable, high-performance graph route ...)
- TODO: check
+ NOT-FOR-US: Apollo Router Core
CVE-2025-32379 (Koa is expressive middleware for Node.js using ES2017 async functions. ...)
- TODO: check
+ NOT-FOR-US: Koa
CVE-2025-32378 (Shopware is an open source e-commerce software platform. Prior to 6.6. ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2025-32375 (BentoML is a Python library for building online serving systems optimi ...)
- TODO: check
+ NOT-FOR-US: BentoML
CVE-2025-32374 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2025-32373 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2025-32372 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2025-32371 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2025-32016 (Microsoft Identity Web is a library which contains a set of reusable c ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-31404 (Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31402 (Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin Ne ...)
@@ -211,17 +211,17 @@ CVE-2025-31383 (Cross-Site Request Forgery (CSRF) vulnerability in FrescoChat L
CVE-2025-31382 (Cross-Site Request Forgery (CSRF) vulnerability in theode Language Fie ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31377 (Missing Authorization vulnerability in Asaquzzaman mishu Woo Product F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31375 (Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31042 (Missing Authorization vulnerability in rtakao Sandwich Adsense allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31038 (Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31036 (Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31035 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31034 (Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Cus ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31033 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypre ...)
@@ -233,15 +233,15 @@ CVE-2025-31026 (Cross-Site Request Forgery (CSRF) vulnerability in Austin Commen
CVE-2025-31023 (Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31020 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31017 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31012 (Missing Authorization vulnerability in Phil Age Gate allows Accessing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31009 (Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31008 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31005 (Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31004 (Missing Authorization vulnerability in Croover.inc Rich Table of Conte ...)
@@ -251,7 +251,7 @@ CVE-2025-31003 (Exposure of Sensitive System Information to an Unauthorized Cont
CVE-2025-31002 (Unrestricted Upload of File with Dangerous Type vulnerability in Bogda ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30677 (Apache Pulsar contains multiple connectors for integrating with Apache ...)
- TODO: check
+ NOT-FOR-US: Apache Pulsar
CVE-2025-30656 (An Improper Handling of Additional Special Element vulnerability in th ...)
NOT-FOR-US: Juniper
CVE-2025-30655 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
@@ -277,13 +277,13 @@ CVE-2025-30645 (A NULL Pointer Dereference vulnerability in the flow daemon (flo
CVE-2025-30644 (A Heap-based Buffer Overflow vulnerability in the flexible PIC concent ...)
NOT-FOR-US: Juniper
CVE-2025-2632 (Out of bounds write vulnerability due to improper bounds checking in N ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2025-2631 (Out of bounds write vulnerability due to improper bounds checking in N ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2025-2630 (There is a DLL hijacking vulnerability due to an uncontrolled search p ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2025-2629 (There is a DLL hijacking vulnerability due to an uncontrolled search p ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2025-2442 (CWE-1188: Initialization of a Resource with an Insecure Default vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2025-2441 (CWE-1188: Initialization of a Resource with an Insecure Default vulner ...)
@@ -297,21 +297,21 @@ CVE-2025-2222 (CWE-552: Files or Directories Accessible to External Parties vuln
CVE-2025-29870 (Missing authentication for critical function vulnerability exists in W ...)
TODO: check
CVE-2025-29394 (An insecure permissions vulnerability in verydows v2.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: verydows
CVE-2025-29391 (horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Co ...)
- TODO: check
+ NOT-FOR-US: horvey Library-Manager
CVE-2025-29390 (jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password ...)
- TODO: check
+ NOT-FOR-US: jerryhanjj ERP
CVE-2025-29389 (PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/i ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2025-29189 (Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName paramet ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-27934 (Information disclosure of authentication information in the specific s ...)
- TODO: check
+ NOT-FOR-US: AC-WPS-11ac series
CVE-2025-27797 (OS command injection vulnerability in the specific service exists in W ...)
- TODO: check
+ NOT-FOR-US: AC-WPS-11ac series
CVE-2025-27722 (Cleartext transmission of sensitive information issue exists in Wi-Fi ...)
- TODO: check
+ NOT-FOR-US: AC-WPS-11ac series
CVE-2025-27391 (Insertion of Sensitive Information into Log File vulnerability in Apac ...)
TODO: check
CVE-2025-26902 (Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro all ...)
@@ -321,15 +321,15 @@ CVE-2025-26901 (Missing Authorization vulnerability in Brizy Brizy Pro allows Ex
CVE-2025-26888 (Missing Authorization vulnerability in OnTheGoSystems WooCommerce Mult ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-25213 (Improper restriction of rendered UI layers or frames issue exists in W ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-25056 (Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-W ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-25053 (OS command injection vulnerability in the WEB UI (the setting page) ex ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-25023 (IBM Security Guardium 11.4 and 12.1 could allow a privileged user to r ...)
NOT-FOR-US: IBM
CVE-2025-23407 (Incorrect privilege assignment vulnerability in the WEB UI (the settin ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-21601 (An Improper Following of Specification by Caller vulnerability in web ...)
NOT-FOR-US: Juniper
CVE-2025-21597 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
@@ -343,11 +343,11 @@ CVE-2025-21591 (A Buffer Access with Incorrect Length Value vulnerability in the
CVE-2025-1968 (Insufficient Session Expiration vulnerability in Progress Software Cor ...)
NOT-FOR-US: Progress Software
CVE-2024-55210 (An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attacker ...)
- TODO: check
+ NOT-FOR-US: TOTVS Framework (Linha Protheus)
CVE-2023-33844 (IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scri ...)
NOT-FOR-US: IBM
CVE-2017-20197 (A vulnerability was found in propanetank Roommate-Bill-Tracking up to ...)
- TODO: check
+ NOT-FOR-US: Roommate-Bill-Tracking
CVE-2025-30215
- nats-server <unfixed>
NOTE: https://advisories.nats.io/CVE/secnote-2025-01.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86d812a2f4bdb87ceed35452dfad17012f29ed7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86d812a2f4bdb87ceed35452dfad17012f29ed7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250409/59427e06/attachment.htm>
More information about the debian-security-tracker-commits
mailing list