[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 24 20:17:30 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74a3529f by Salvatore Bonaccorso at 2025-03-24T21:17:05+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-30623 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30621 (Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30620 (Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30619 (Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe ...)
TODO: check
CVE-2025-30617 (Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite allo ...)
TODO: check
CVE-2025-30615 (Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30612 (Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30610 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-30609 (Insertion of Sensitive Information Into Sent Data vulnerability in App ...)
@@ -19,21 +19,21 @@ CVE-2025-30609 (Insertion of Sensitive Information Into Sent Data vulnerability
CVE-2025-30608 (Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress S ...)
TODO: check
CVE-2025-30606 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30605 (Missing Authorization vulnerability in ldwin79 sourceplay-navermap all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30604 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30603 (Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30602 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30601 (Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30600 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30598 (Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload all ...)
TODO: check
CVE-2025-30597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -49,23 +49,23 @@ CVE-2025-30591 (Missing Authorization vulnerability in tuyennv Music Press Pro a
CVE-2025-30590 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-30588 (Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo Map Con ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30587 (Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30586 (Cross-Site Request Forgery (CSRF) vulnerability in bbodine1 cTabs allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30585 (Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate ...)
TODO: check
CVE-2025-30584 (Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30583 (Cross-Site Request Forgery (CSRF) vulnerability in ProRankTracker Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30581 (Missing Authorization vulnerability in PluginOps Top Bar allows Exploi ...)
TODO: check
CVE-2025-30578 (Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod AdSense P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30577 (Cross-Site Request Forgery (CSRF) vulnerability in mendibass Browser A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30576 (Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hack ...)
TODO: check
CVE-2025-30575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -75,7 +75,7 @@ CVE-2025-30574 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-30573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-30572 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30571 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-30570 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -87,79 +87,79 @@ CVE-2025-30568 (Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super S
CVE-2025-30566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-30565 (Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-man ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30564 (Cross-Site Request Forgery (CSRF) vulnerability in wpwox Custom Script ...)
TODO: check
CVE-2025-30561 (Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30560 (Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30558 (Cross-Site Request Forgery (CSRF) vulnerability in EnzoCostantini55 AN ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30557 (Cross-Site Request Forgery (CSRF) vulnerability in odihost Easy 301 Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30556 (Cross-Site Request Forgery (CSRF) vulnerability in flyaga Fix Rss Feed ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30555 (Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres \u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30552 (Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30550 (Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru CallPhone ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30549 (Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30546 (Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30543 (Missing Authorization vulnerability in swayam.tejwani Menu Duplicator ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30542 (Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions SoundCl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30541 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Info Boxe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30538 (Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Simple O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-30536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30535 (Cross-Site Request Forgery (CSRF) vulnerability in muro External image ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30534 (Cross-Site Request Forgery (CSRF) vulnerability in captcha.soft Image ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30533 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30531 (Cross-Site Request Forgery (CSRF) vulnerability in GBS Developer WP Ri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30530 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30529 (Cross-Site Request Forgery (CSRF) vulnerability in S\xe9bastien Dumont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30528 (Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30527 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30526 (Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30525 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30523 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30522 (Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30521 (Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30208 (Vite, a provider of frontend development tooling, has a vulnerability ...)
TODO: check
CVE-2025-30205 (kanidim-provision is a helper utility that uses kanidm's API to provis ...)
@@ -209,13 +209,13 @@ CVE-2025-22223 (Spring Security 6.4.0 - 6.4.3 may not correctly locate method se
CVE-2025-1558 (Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF ...)
TODO: check
CVE-2025-0835 (Software installed and run as a non-privileged user may conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-0478 (Software installed and run as a non-privileged user may conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-0256 (HCL DevOps Deploy / HCL Launch could allow an authenticated user to ob ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-0255 (HCL DevOps Deploy / HCL Launch could allow a remote privileged authent ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-9103 (Improper Neutralization of Script in Attributes in a Web Page vulnerab ...)
TODO: check
CVE-2024-8774 (The SIMPLE.ERP client stores superuser password in a recoverable forma ...)
@@ -180415,7 +180415,7 @@ CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It h
CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vulnerabil ...)
NOT-FOR-US: Fortinet
CVE-2023-25610 (A buffer underwrite ('buffer underflow') vulnerability in the administ ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...)
NOT-FOR-US: Fortinet
CVE-2023-25608 (An incomplete filtering of one or more instances of special elements v ...)
@@ -328898,7 +328898,7 @@ CVE-2021-26107 (An improper access control vulnerability [CWE-284] in FortiManag
CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...)
NOT-FOR-US: Fortiguard
CVE-2021-26105 (A stack-based buffer overflow vulnerability (CWE-121) in the profile p ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the command ...)
NOT-FOR-US: Fortiguard
CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...)
@@ -328926,7 +328926,7 @@ CVE-2021-26093 (An access of uninitialized pointer (CWE-824) vulnerabilityin For
CVE-2021-26092 (Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 ...)
NOT-FOR-US: FortiGuard
CVE-2021-26091 (A use of a cryptographically weak pseudo-random number generator vulne ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...)
NOT-FOR-US: FortiMail
CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74a3529fbf2b16bf060b69e64ea41c5d5cde116d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74a3529fbf2b16bf060b69e64ea41c5d5cde116d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250324/d8de433a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list