[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 17 22:20:30 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bdd38f72 by Moritz Muehlenhoff at 2025-06-17T23:20:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -120,27 +120,27 @@ CVE-2025-49312 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-49266 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49261 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49260 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49259 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49258 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49257 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49256 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49255 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49254 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49253 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49252 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49251 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49234 (Missing Authorization vulnerability in Deepak anand WP Dummy Content G ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49220 (An insecure deserialization operation in Trend Micro Apex Central belo ...)
@@ -158,15 +158,15 @@ CVE-2025-49155 (An uncontrolled search path vulnerability in the Trend Micro Ape
 CVE-2025-49154 (An insecure access control vulnerability in Trend Micro Apex One and T ...)
 	NOT-FOR-US: Trend Micro
 CVE-2025-49071 (Unrestricted Upload of File with Dangerous Type vulnerability in NasaT ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48333 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48274 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48145 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48118 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48111 (Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPa ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47867 (A Local File Inclusion vulnerability in a Trend Micro Apex Central wid ...)
@@ -178,15 +178,15 @@ CVE-2025-47865 (A Local File Inclusion vulnerability in a Trend Micro Apex Centr
 CVE-2025-47573 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47572 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47559 (Unrestricted Upload of File with Dangerous Type vulnerability in Roman ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47452 (Unrestricted Upload of File with Dangerous Type vulnerability in RexTh ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-45880 (A cross-site scripting (XSS) vulnerability in the data resource manage ...)
-	TODO: check
+	NOT-FOR-US: Miliaris Amigdala
 CVE-2025-45879 (A cross-site scripting (XSS) vulnerability in the e-mail manager funct ...)
-	TODO: check
+	NOT-FOR-US: Miliaris Amigdala
 CVE-2025-45878 (A cross-site scripting (XSS) vulnerability in the report manager funct ...)
 	TODO: check
 CVE-2025-45526 (A denial of service (DoS) vulnerability has been identified in the Jav ...)
@@ -206,23 +206,23 @@ CVE-2025-39486 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-39479 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-34511 (Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manag ...)
-	TODO: check
+	NOT-FOR-US: Sitecore
 CVE-2025-34510 (Sitecore Experience Manager (XM), Experience Platform (XP), and Experi ...)
-	TODO: check
+	NOT-FOR-US: Sitecore
 CVE-2025-34509 (Sitecore Experience Manager (XM) and Experience Platform (XP) versions ...)
-	TODO: check
+	NOT-FOR-US: Sitecore
 CVE-2025-34508 (A path traversal vulnerability exists in the file dropoff functionalit ...)
-	TODO: check
+	NOT-FOR-US: ZendTo
 CVE-2025-33122 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated  ...)
 	NOT-FOR-US: IBM
 CVE-2025-32549 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32510 (Unrestricted Upload of File with Dangerous Type vulnerability in ovath ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31919 (Deserialization of Untrusted Data vulnerability in themeton Spare allo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30680 (A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex ...)
 	NOT-FOR-US: Trend Micro
 CVE-2025-30679 (A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex ...)
@@ -246,7 +246,7 @@ CVE-2025-24761 (Improper Control of Filename for Include/Require Statement in PH
 CVE-2025-0320 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...)
 	NOT-FOR-US: Citrix
 CVE-2024-40570 (SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker  ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2025-6019 [LPE from allow_active to root in libblockdev via udisks]
 	- libblockdev 3.3.0-2.1
 	NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdd38f721f089bffe362da29af1ac0c3db48d820

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdd38f721f089bffe362da29af1ac0c3db48d820
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250617/820a16c8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list