[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 13 20:32:35 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28e8502f by Salvatore Bonaccorso at 2025-02-13T21:31:48+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,119 +1,119 @@
 CVE-2025-26582 (Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Ad ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26580 (Cross-Site Request Forgery (CSRF) vulnerability in CompleteWebResource ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26578 (Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26577 (Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-pub ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26572 (Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPLis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26571 (Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolb ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26570 (Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That al ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26569 (Cross-Site Request Forgery (CSRF) vulnerability in callmeforsox Post T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26568 (Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Am ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26562 (Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26552 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26550 (Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Globa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26549 (Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26547 (Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Lo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26545 (Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Post ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26511 (Systems running the Instaclustr  fork of Stratio's Cassandra-Lucene-In ...)
-	TODO: check
+	NOT-FOR-US: Instaclustr
 CVE-2025-25901 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-25900 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-25899 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-25898 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-25897 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-25389 (A SQL Injection vulnerability was found in /admin/forgot-password.php  ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Land Record System
 CVE-2025-25388 (A SQL Injection vulnerability was found in /admin/edit-propertytype.ph ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Land Record System
 CVE-2025-25387 (A SQL Injection vulnerability was found in /admin/manage-propertytype. ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Land Record System
 CVE-2025-25357 (A SQL Injection vulnerability was found in /admin/contactus.php in PHP ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Land Record System
 CVE-2025-25356 (A SQL Injection vulnerability was found in /admin/bwdates-reports-deta ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Land Record System
 CVE-2025-25355 (A SQL Injection vulnerability was found in /admin/bwdates-reports-deta ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Land Record System
 CVE-2025-25354 (A SQL Injection was found in /admin/admin-profile.php in PHPGurukul La ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Land Record System
 CVE-2025-25352 (A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGu ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Land Record System
 CVE-2025-25287 (Lakeus is a simple skin made for MediaWiki. Starting in version 1.8.0  ...)
-	TODO: check
+	NOT-FOR-US: Lakeus MediaWiki skin
 CVE-2025-24904 (libsignal-service-rs is a Rust version of the libsignal-service-java l ...)
-	TODO: check
+	NOT-FOR-US: libsignal-service-rs
 CVE-2025-24903 (libsignal-service-rs is a Rust version of the libsignal-service-java l ...)
-	TODO: check
+	NOT-FOR-US: libsignal-service-rs
 CVE-2025-24889 (The SecureDrop Client is a desktop application for journalists to comm ...)
-	TODO: check
+	NOT-FOR-US: SecureDrop Client
 CVE-2025-24888 (The SecureDrop Client is a desktop application for journalists to comm ...)
-	TODO: check
+	NOT-FOR-US: SecureDrop Client
 CVE-2025-22480 (Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a sy ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2025-1271 (Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This secu ...)
-	TODO: check
+	NOT-FOR-US: Anapi Group's h6web
 CVE-2025-1270 (Insecure direct object reference (IDOR) vulnerability in Anapi Group's ...)
-	TODO: check
+	NOT-FOR-US: Anapi Group's h6web
 CVE-2025-1127 (The vulnerability can be leveraged by an attacker to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2025-0426 (A security issue was discovered in Kubernetes where a large number of  ...)
 	TODO: check
 CVE-2024-13867 (The Listivo - Classified Ads WordPress Theme theme for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-13639 (The Read More & Accordion plugin for WordPress is vulnerable to unauth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13606 (The JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13182 (The WP Directorybox Manager plugin for WordPress is vulnerable to Auth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12013 (A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affec ...)
-	TODO: check
+	NOT-FOR-US: 30.8005 TCP/IP Gateway
 CVE-2024-12012 (A CWE-598 \u201cUse of GET Request Method with Sensitive Query Strings ...)
-	TODO: check
+	NOT-FOR-US: 130.8005 TCP/IP Gateway
 CVE-2024-12011 (A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 13 ...)
-	TODO: check
+	NOT-FOR-US: 130.8005 TCP/IP Gateway
 CVE-2024-11347 (Integer Overflow or Wraparound vulnerability in Lexmark International  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2024-11346 (: Access of Resource Using Incompatible Type ('Type Confusion') vulner ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2024-11345 (A heap-based memory vulnerability has been identified in the Postscrip ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2024-11344 (A type confusion vulnerability has been identified in the Postscript i ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2025-1094 (Improper neutralization of quoting syntax in PostgreSQL libpq function ...)
 	{DLA-4052-1}
 	- postgresql-17 17.3-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8502f96337baa0514eafb1409640abc2e0c8b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8502f96337baa0514eafb1409640abc2e0c8b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250213/ec79060d/attachment.htm>

More information about the debian-security-tracker-commits mailing list