[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 16 09:13:41 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
15460680 by Salvatore Bonaccorso at 2025-04-16T10:13:20+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,11 +21,11 @@ CVE-2025-3663 (A vulnerability, which was classified as critical, has been found
CVE-2025-3495 (Delta Electronics COMMGR v1 and v2uses insufficiently randomized value ...)
TODO: check
CVE-2025-3247 (The Contact Form 7 plugin for WordPress is vulnerable to Order Replay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3077 (The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32784 (conda-forge-webservices is the web app deployed to run conda-forge adm ...)
TODO: check
CVE-2025-32782 (Ash Authentication provides authentication for the Ash framework. The ...)
@@ -61,15 +61,15 @@ CVE-2025-31357 (An unauthenticated attacker can obtain a user's plant list by kn
CVE-2025-31147 (Unauthenticated attackers can query information about total energy con ...)
TODO: check
CVE-2025-30984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30982 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30970 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30967 (Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30966 (Path Traversal vulnerability in NotFound WPJobBoard allows Path Traver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30740 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
TODO: check
CVE-2025-30737 (Vulnerability in the Oracle Smart View for Office product of Oracle Hy ...)
@@ -197,11 +197,11 @@ CVE-2025-30257 (Unauthenticated attackers can retrieve serial number of smart me
CVE-2025-30254 (An unauthenticated attacker can obtain a serial number of a smart mete ...)
TODO: check
CVE-2025-30100 (Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-2497 (A maliciously crafted DWG file, when parsed through Autodesk Revit, ca ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-2314 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29471 (Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 a ...)
TODO: check
CVE-2025-27939 (An attacker can change registered email addresses of other users and t ...)
@@ -229,53 +229,53 @@ CVE-2025-27561 (Unauthenticated attackers can rename "rooms" of arbitrary users.
CVE-2025-27538 (Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce ...)
TODO: check
CVE-2025-27011 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27008 (Missing Authorization vulnerability in NotFound Unlimited Timeline all ...)
TODO: check
CVE-2025-26998 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26996 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26953 (Missing Authorization vulnerability in NotFound JetMenu allows Accessi ...)
TODO: check
CVE-2025-26951 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26927 (Unrestricted Upload of File with Dangerous Type vulnerability in EPC A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26908 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26906 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26903 (Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26880 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26870 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26857 (Unauthenticated attackers can rename arbitrary devices of arbitrary us ...)
TODO: check
CVE-2025-26749 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26748 (Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26730 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-25458 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in Adv ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25453 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in Adv ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25276 (An unauthenticated attacker can hijack other users' devices and potent ...)
TODO: check
CVE-2025-24850 (An attacker can export other users' plant information.)
@@ -291,11 +291,11 @@ CVE-2025-24297 (Due to lack of server-side input validation, attackers can injec
CVE-2025-22911 (RE11S v1.11 was discovered to contain a stack overflow via the rootAPm ...)
TODO: check
CVE-2025-22269 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22268 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22263 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-21588 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-21587 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
@@ -329,17 +329,17 @@ CVE-2025-21574 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-21573 (Vulnerability in the Oracle Financial Services Revenue Management and ...)
TODO: check
CVE-2025-1656 (A maliciously crafted PDF file, when linked or imported into Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1277 (A maliciously crafted PDF file, when parsed through Autodesk applicati ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1276 (A maliciously crafted DWG file, when parsed through certain Autodesk a ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1275 (A maliciously crafted JPG file, when linked or imported into certain A ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1274 (A maliciously crafted RCS file, when parsed through Autodesk Revit, ca ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1273 (A maliciously crafted PDF file, when linked or imported into Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-0101 (A low privileged user can set the date of the devices to the 19th of J ...)
TODO: check
CVE-2024-49200 (An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde I ...)
@@ -347,9 +347,9 @@ CVE-2024-49200 (An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in In
CVE-2024-44843 (An issue in the web socket handshake process of SteVe v3.7.1 allows at ...)
TODO: check
CVE-2024-13452 (The Contact Form by Supsystic plugin for WordPress is vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10680 (The Form Maker by 10Web WordPress plugin before 1.15.32 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3620
- chromium 135.0.7049.95-1
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15460680ca512c22529cbf9520a5388678e71664
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15460680ca512c22529cbf9520a5388678e71664
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250416/e3da0094/attachment.htm>
More information about the debian-security-tracker-commits
mailing list