[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 11 22:16:59 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
01c29099 by Salvatore Bonaccorso at 2025-04-11T23:16:37+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99,19 +99,19 @@ CVE-2025-32517 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-32509 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32491 (Incorrect Privilege Assignment vulnerability in Rankology Rankology SE ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-32427 (Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when ...)
-	TODO: check
+	NOT-FOR-US: Formie Craft CMS plugin
 CVE-2025-32426 (Formie is a Craft CMS plugin for creating forms. Prior to version 2.1. ...)
-	TODO: check
+	NOT-FOR-US: Formie Craft CMS plugin
 CVE-2025-32367 (The Oz Forensics face recognition application before 4.0.8 late 2023 a ...)
-	TODO: check
+	NOT-FOR-US: Oz Forensics face recognition application
 CVE-2025-32144 (Deserialization of Untrusted Data vulnerability in PickPlugins Job Boa ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32143 (Deserialization of Untrusted Data vulnerability in PickPlugins Accordi ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32107 (OS command injection vulnerability exists in Deco BE65 Pro firmware ve ...)
-	TODO: check
+	NOT-FOR-US: Deco BE65 Pro firmware
 CVE-2025-32080 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	TODO: check
 CVE-2025-32079 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
@@ -141,9 +141,9 @@ CVE-2025-32068 (Incorrect Authorization vulnerability in The Wikimedia Foundatio
 CVE-2025-32067 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
 	TODO: check
 CVE-2025-31935 (Subnet Solutions   PowerSYSTEM Center is affected by a mishandling of  ...)
-	TODO: check
+	NOT-FOR-US: Subnet Solutions PowerSYSTEM Center
 CVE-2025-31932 (Deserialization of untrusted data issue exists in BizRobo! all version ...)
-	TODO: check
+	NOT-FOR-US: BizRobo!
 CVE-2025-31599 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31565 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -153,21 +153,21 @@ CVE-2025-31379 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-31378 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31362 (Use of hard-coded cryptographic key issue exists in BizRobo! all versi ...)
-	TODO: check
+	NOT-FOR-US: BizRobo!
 CVE-2025-31354 (Subnet Solutions PowerSYSTEM Center's SMTPS notification service can b ...)
-	TODO: check
+	NOT-FOR-US: Subnet Solutions PowerSYSTEM Center
 CVE-2025-31041 (Missing Authorization vulnerability in NotFound AnyTrack Affiliate Lin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-31040 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-31028 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-31021 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31015 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-31014 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2575 (The Z Companion plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2541 (The WP Project Manager plugin for WordPress is vulnerable to Stored Cr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01c290999707dde82e4da69593b811df012ca28d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01c290999707dde82e4da69593b811df012ca28d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250411/1d6edf40/attachment.htm>

More information about the debian-security-tracker-commits mailing list