[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 10 21:18:11 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c13fa99 by Salvatore Bonaccorso at 2025-04-10T22:17:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2025-32755 (In jenkins/ssh-slave Docker images based on Debian, SSH host keys are ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-32754 (In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-32743 (In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c ...)
TODO: check
CVE-2025-32687 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-32668 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32395 (Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6 ...)
TODO: check
CVE-2025-32391 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
@@ -17,83 +17,83 @@ CVE-2025-32383 (MaxKB (Max Knowledge Base) is an open source knowledge base ques
CVE-2025-32382 (Metabase is an open source Business Intelligence and Embedded Analytic ...)
TODO: check
CVE-2025-32282 (Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32275 (Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Make ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32260 (Missing Authorization vulnerability in Detheme DethemeKit For Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32259 (Missing Authorization vulnerability in Alimir WP ULike. This issue aff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32244 (Missing Authorization vulnerability in QuantumCloud SEO Help allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32243 (Missing Authorization vulnerability in Toast Plugins Internal Link Opt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32242 (Missing Authorization vulnerability in Hive Support Hive Support allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32240 (Missing Authorization vulnerability in NotFound Site Notify allows Exp ...)
TODO: check
CVE-2025-32236 (Missing Authorization vulnerability in Vagonic Woocommerce Products Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32230 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32228 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32227 (Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32221 (Missing Authorization vulnerability in Spider Themes EazyDocs allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32216 (Missing Authorization vulnerability in Spider Themes Spider Elements \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32215 (Unrestricted Upload of File with Dangerous Type vulnerability in Abili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32214 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32213 (Missing Authorization vulnerability in flothemesplugins Flo Forms allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32212 (Missing Authorization vulnerability in Specia Theme Specia Companion a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32210 (Missing Authorization vulnerability in CreativeMindsSolutions CM Regis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32209 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32208 (Missing Authorization vulnerability in Hive Support Hive Support allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32206 (Unrestricted Upload of File with Dangerous Type vulnerability in LABCA ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32205 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32202 (Unrestricted Upload of File with Dangerous Type vulnerability in Brian ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32199 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32198 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32160 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32158 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32145 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpEv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32140 (Unrestricted Upload of File with Dangerous Type vulnerability in Nirma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32139 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32128 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32119 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32116 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32115 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32114 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32027 (Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii ...)
TODO: check
CVE-2025-31524 (Incorrect Privilege Assignment vulnerability in NotFound WP User Profi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31411 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30582 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-30148 (Silverstripe Framework is a PHP framework which powers the Silverstrip ...)
@@ -103,15 +103,15 @@ CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the id para
CVE-2025-29088 (An issue in sqlite v.3.49.0 allows an attacker to cause a denial of se ...)
TODO: check
CVE-2025-29017 (A Remote Code Execution (RCE) vulnerability exists in Code Astro Inter ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-27813 (MSI Center before 2.0.52.0 has Missing PE Signature Validation.)
TODO: check
CVE-2025-27812 (MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.)
TODO: check
CVE-2025-27350 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27081 (A potential security vulnerability in HPE NonStop OSM Service Connecti ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-25197 (Silverstripe Elemental extends a page type to swap the content area fo ...)
TODO: check
CVE-2025-24866 (Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper access con ...)
@@ -119,27 +119,27 @@ CVE-2025-24866 (Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper acce
CVE-2025-23386 (A Incorrect Default Permissions vulnerability in the openSUSE Tumblewe ...)
TODO: check
CVE-2025-23010 (An Improper Link Resolution Before File Access ('Link Following') vuln ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-23009 (A local privilege escalation vulnerability in SonicWall NetExtender Wi ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-23008 (An improper privilege management vulnerability in the SonicWall NetExt ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-22375 (An authentication bypass vulnerability was found in Videx's CyberAudit ...)
TODO: check
CVE-2025-22374 (A Server-Side Request Forgery (SSRF) vulnerability was discovered in t ...)
TODO: check
CVE-2025-22279 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22232 (Spring Cloud Config Server may not use Vault token sent by clients usi ...)
TODO: check
CVE-2025-1073 (Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may al ...)
TODO: check
CVE-2023-43037 (IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-43035 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-42007 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to c ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32700 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- mediawiki 1:1.43.1+dfsg-1
CVE-2025-32699 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation ...)
@@ -206,7 +206,7 @@ CVE-2025-23378 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contai
CVE-2025-22471 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an ...)
NOT-FOR-US: Dell / EMC
CVE-2025-0539 (In affected Microsoft Windows versions of Octopus Deploy, the server c ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2024-58136 (Yii 2 before 2.0.52 mishandles the attaching of behavior that is defin ...)
- yii <itp> (bug #597899)
CVE-2024-38865 (Improper neutralization of livestatus command delimiters in a specific ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c13fa99c7e1091cffe072ebb1f8019101fa148f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c13fa99c7e1091cffe072ebb1f8019101fa148f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250410/8a5f6b11/attachment.htm>
More information about the debian-security-tracker-commits
mailing list