[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 11 21:28:19 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a22a8ceb by Salvatore Bonaccorso at 2025-04-11T22:26:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,103 +1,103 @@
CVE-2025-3439 (The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & Paym ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3434 (The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3422 (The The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3421 (The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & Paym ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32681 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32672 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32671 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32663 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32656 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32654 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32650 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32633 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32631 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32629 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32627 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32618 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32614 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32607 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpBo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32603 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32601 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32600 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32589 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32587 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32585 (Path Traversal vulnerability in Trusty Plugins Shop Products Filter al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32579 (Unrestricted Upload of File with Dangerous Type vulnerability in SoftC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32577 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32569 (Deserialization of Untrusted Data vulnerability in RealMag777 TableOn ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32568 (Deserialization of Untrusted Data vulnerability in empik EmpikPlace fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32567 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32565 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32558 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32542 (Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32524 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32523 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32519 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32517 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32509 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32491 (Incorrect Privilege Assignment vulnerability in Rankology Rankology SE ...)
TODO: check
CVE-2025-32427 (Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when ...)
@@ -107,9 +107,9 @@ CVE-2025-32426 (Formie is a Craft CMS plugin for creating forms. Prior to versio
CVE-2025-32367 (The Oz Forensics face recognition application before 4.0.8 late 2023 a ...)
TODO: check
CVE-2025-32144 (Deserialization of Untrusted Data vulnerability in PickPlugins Job Boa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32143 (Deserialization of Untrusted Data vulnerability in PickPlugins Accordi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32107 (OS command injection vulnerability exists in Deco BE65 Pro firmware ve ...)
TODO: check
CVE-2025-32080 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -145,13 +145,13 @@ CVE-2025-31935 (Subnet Solutions PowerSYSTEM Center is affected by a mishandli
CVE-2025-31932 (Deserialization of untrusted data issue exists in BizRobo! all version ...)
TODO: check
CVE-2025-31599 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31565 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31379 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31378 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31362 (Use of hard-coded cryptographic key issue exists in BizRobo! all versi ...)
TODO: check
CVE-2025-31354 (Subnet Solutions PowerSYSTEM Center's SMTPS notification service can b ...)
@@ -163,17 +163,17 @@ CVE-2025-31040 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-31028 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31021 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31015 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-31014 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-2575 (The Z Companion plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2541 (The WP Project Manager plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2128 (The Cost Calculator Builder plugin for WordPress is vulnerable to time ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23391 (A Incorrect Privilege Assignment vulnerability in SUSE rancher allows ...)
TODO: check
CVE-2025-23389 (A Improper Access Control vulnerability in SUSE rancher allows a local ...)
@@ -183,9 +183,9 @@ CVE-2025-23388 (A Stack-based Buffer Overflow vulnerability in SUSE rancher allo
CVE-2025-23387 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
TODO: check
CVE-2025-0123 (A vulnerability in the Palo Alto Networks PAN-OS\xae software enables ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0119 (A command injection vulnerabilityin the Palo Alto Networks Cortex XDR\ ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-52282 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
TODO: check
CVE-2024-52280 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
@@ -195,27 +195,27 @@ CVE-2024-13861 (A code injection vulnerability in the Debian package component o
CVE-2024-11679 (An input validation weakness was reported in the TpmSetup module for s ...)
TODO: check
CVE-2023-42983 (Processing a file may lead to a denial-of-service or potentially discl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42982 (Processing a file may lead to a denial-of-service or potentially discl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42981 (Processing a file may lead to a denial-of-service or potentially discl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42977 (A path handling issue was addressed with improved validation. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42973 (Private Browsing tabs may be accessed without authentication. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42970 (A use-after-free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42969 (An app may be able to break out of its sandbox. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42961 (A path handling issue was addressed with improved validation. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42875 (Processing web content may lead to arbitrary code execution. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41076 (An app may be able to elevate privileges. This issue is fixed in macOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38614 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-3512 (There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownIm ...)
TODO: check
CVE-2025-32816 (CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payme ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a22a8cebda33013ab1d621533c1e357b43f3fcaf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a22a8cebda33013ab1d621533c1e357b43f3fcaf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250411/b9434cd1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list