[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 4 21:34:10 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
256844fc by Salvatore Bonaccorso at 2025-07-04T22:33:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20,15 +20,15 @@ CVE-2025-7067 (A vulnerability classified as problematic was found in HDF5 1.14.
- hdf5 <unfixed>
NOTE: https://github.com/HDFGroup/hdf5/issues/5577
CVE-2025-7066 (Jirafeau normally prevents browser preview for text files due to the p ...)
- TODO: check
+ NOT-FOR-US: Jirafeau
CVE-2025-7061 (A vulnerability was found in Intelbras InControl up to 2.21.60.9. It h ...)
NOT-FOR-US: Intelbras
CVE-2025-7060 (A vulnerability was found in Monitorr up to 1.7.6m. It has been classi ...)
- TODO: check
+ NOT-FOR-US: Monitorr
CVE-2025-6740 (The Contact Form 7 Database Addon plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6056 (Timing difference in password reset in Ergon Informatik AG's Airlock I ...)
- TODO: check
+ NOT-FOR-US: Ergon Informatik AG's Airlock IAM
CVE-2025-5920 (The Sharable Password Protected Posts before version 1.1.1 allows acce ...)
NOT-FOR-US: WordPress plugin
CVE-2025-53569 (Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trus ...)
@@ -48,45 +48,45 @@ CVE-2025-53482 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2025-53481 (Uncontrolled Resource Consumption vulnerability in Wikimedia Foundatio ...)
TODO: check
CVE-2025-52833 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52832 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52831 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52828 (Deserialization of Untrusted Data vulnerability in designthemes Red Ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52813 (Missing Authorization vulnerability in pietro MobiLoud allows Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52807 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52805 (Path Traversal vulnerability in VaultDweller Leyka allows PHP Local Fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52798 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52796 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52776 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52718 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52497 (Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer und ...)
TODO: check
CVE-2025-52496 (Mbed TLS before 3.6.4 has a race condition in AESNI detection if certa ...)
TODO: check
CVE-2025-50039 (Missing Authorization vulnerability in vgwort VG WORT METIS allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-50032 (Missing Authorization vulnerability in Paytiko - Payment Orchestration ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4414 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-49870 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49867 (Incorrect Privilege Assignment vulnerability in InspiryThemes RealHome ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49866 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49809 (mtr through 0.95, in certain privileged contexts, mishandles execution ...)
TODO: check
CVE-2025-49601 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not ...)
@@ -94,17 +94,17 @@ CVE-2025-49601 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key doe
CVE-2025-49600 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid s ...)
TODO: check
CVE-2025-49431 (Missing Authorization vulnerability in Gnuget MF Plus WPML allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49418 (Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49417 (Deserialization of Untrusted Data vulnerability in BestWpDeveloper Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49414 (Unrestricted Upload of File with Dangerous Type vulnerability in Fastw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49303 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49302 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49274 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -112,19 +112,19 @@ CVE-2025-49247 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-49245 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49070 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48231 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48172 (CHMLib through 2bef8d0, as used in SumatraPDF and other products, has ...)
TODO: check
CVE-2025-47634 (Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47627 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47565 (Missing Authorization vulnerability in ashanjay EventON allows Exploit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47479 (Weak Authentication vulnerability in AresIT WP Compress allows Authent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46733 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...)
TODO: check
CVE-2025-39487 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/256844fc8f752e74b9eda9b314c7a53a8ec9f2bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/256844fc8f752e74b9eda9b314c7a53a8ec9f2bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250704/107d1782/attachment.htm>
More information about the debian-security-tracker-commits
mailing list