Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5dc34a67 by Salvatore Bonaccorso at 2025-04-16T22:17:20+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-3739 (Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3738 (Vulnerability in Drupal Google Optimize.This issue affects Google Opti ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3737 (Vulnerability in Drupal Google Maps: Store Locator.This issue affects ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3736 (Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3735 (Vulnerability in Drupal Panelizer (obsolete).This issue affects Paneli ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3734 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3733 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3726 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated ...)
TODO: check
CVE-2025-3725 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been decla ...)
@@ -21,21 +21,21 @@ CVE-2025-3724 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been
CVE-2025-3723 (A vulnerability was found in PCMan FTP Server 2.0.7 and classified as ...)
TODO: check
CVE-2025-3697 (A vulnerability, which was classified as critical, has been found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-3696 (A vulnerability classified as critical was found in SourceCodester Web ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-3694 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-3693 (A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as c ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-3692 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-3691 (A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It ...)
TODO: check
CVE-2025-3690 (A vulnerability was found in PHPGurukul Men Salon Management System 1. ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-3689 (A vulnerability has been found in PHPGurukul Men Salon Management Syst ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-3688 (A vulnerability, which was classified as problematic, was found in mir ...)
TODO: check
CVE-2025-3687 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -43,7 +43,7 @@ CVE-2025-3687 (A vulnerability, which was classified as problematic, has been fo
CVE-2025-3686 (A vulnerability classified as problematic was found in misstt123 oasys ...)
TODO: check
CVE-2025-3685 (A vulnerability classified as critical has been found in code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3684 (A vulnerability was found in Xianqi Kindergarten Management System 2.0 ...)
TODO: check
CVE-2025-3683 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been decla ...)
@@ -61,11 +61,11 @@ CVE-2025-3678 (A vulnerability, which was classified as critical, has been found
CVE-2025-3677 (A vulnerability classified as critical was found in lm-sys fastchat up ...)
TODO: check
CVE-2025-3104 (The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39602 (Missing Authorization vulnerability in WC Product Table WooCommerce Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39601 (Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39600 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
TODO: check
CVE-2025-39599 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...)
@@ -121,41 +121,41 @@ CVE-2025-39564 (Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Condi
CVE-2025-39563 (Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional ...)
TODO: check
CVE-2025-39560 (Missing Authorization vulnerability in Shahjada Live Forms allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39557 (Unrestricted Upload of File with Dangerous Type vulnerability in Ben R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39556 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39555 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39552 (Missing Authorization vulnerability in Dylan James Zephyr Project Mana ...)
TODO: check
CVE-2025-39549 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-39548 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Cli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39547 (Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Inter ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39546 (Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft Element ...)
TODO: check
CVE-2025-39545 (Missing Authorization vulnerability in miniOrange WordPress REST API A ...)
TODO: check
CVE-2025-39544 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Too ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39538 (Unrestricted Upload of File with Dangerous Type vulnerability in Mathi ...)
TODO: check
CVE-2025-39531 (Missing Authorization vulnerability in slazzercom Slazzer Background C ...)
TODO: check
CVE-2025-39530 (Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 36 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39529 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-39528 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-39524 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
@@ -167,7 +167,7 @@ CVE-2025-39520 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-39518 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-39517 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39516 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-39515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -179,163 +179,163 @@ CVE-2025-39513 (Missing Authorization vulnerability in ActiveDEMAND Online Agenc
CVE-2025-39512 (Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk T ...)
TODO: check
CVE-2025-39472 (Cross-Site Request Forgery (CSRF) vulnerability in WPWeb WooCommerce S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32872 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32871 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32870 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32869 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32868 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32867 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32866 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32865 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32864 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32863 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32862 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32861 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32860 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32859 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32858 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32857 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32856 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32855 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32854 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32853 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32852 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32851 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32850 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32849 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32848 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32847 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32846 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32845 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32844 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32843 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32842 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32841 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32840 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32839 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32838 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32837 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32836 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32835 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32834 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32833 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32832 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32831 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32830 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32829 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32828 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32827 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32826 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32825 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32824 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32823 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32822 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32817 (A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Con ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-32475 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31363 (Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11 ...)
TODO: check
CVE-2025-31353 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31352 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31351 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31350 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31349 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31343 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31201 (This issue was addressed by removing the vulnerable code. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31200 (A memory corruption issue was addressed with improved bounds checking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30960 (Missing Authorization vulnerability in NotFound FS Poster. This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30032 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30031 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30030 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30003 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30002 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-2564 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11 ...)
TODO: check
CVE-2025-2291 (Password can be used past expiry in PgBouncer due to auth_query not ta ...)
TODO: check
CVE-2025-29905 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-29650 (SQL Injection vulnerability exists in the TP-Link M7200 4G LTE Mobile ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-29649 (SQL Injection vulnerability exists in the TP-Link TL-WR840N router s l ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-29648 (SQL Injection vulnerability exists in the TP-Link EAP120 router s logi ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-27936 (Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Serverversion ...)
TODO: check
CVE-2025-27540 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-27539 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-27495 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-22872 (The tokenizer incorrectly interprets tags with unquoted attribute valu ...)
TODO: check
CVE-2025-20236 (A vulnerability in the custom URL parser of Cisco Webex App could allo ...)
@@ -369,21 +369,21 @@ CVE-2024-52281 (A: Improper Neutralization of Input During Web Page Generation v
CVE-2024-46915
REJECTED
CVE-2024-40074 (Sourcecodester Online ID Generator System 1.0 was discovered to contai ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-40073 (Sourcecodester Online ID Generator System 1.0 was discovered to contai ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-40072 (Sourcecodester Online ID Generator System 1.0 was discovered to contai ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-40071 (Sourcecodester Online ID Generator System 1.0 was discovered to contai ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-40070 (Sourcecodester Online ID Generator System 1.0 was discovered to contai ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-40069 (Sourcecodester Online ID Generator System 1.0 was discovered to contai ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-40068 (Sourcecodester Online ID Generator System 1.0 was discovered to contai ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-22314 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses we ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22036 (A vulnerability has been identified within Rancher where a cluster or ...)
TODO: check
CVE-2023-32197 (A Improper Privilege Management vulnerability in SUSE rancher in RoleT ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dc34a674a955b8c8a7f0d90f148b93b7fb3af45
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dc34a674a955b8c8a7f0d90f148b93b7fb3af45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250416/2d104512/attachment.htm>