[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 26 21:02:26 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d7043f70 by Salvatore Bonaccorso at 2025-03-26T22:01:54+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-30524 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30353 (Directus is a real-time API and App dashboard for managing SQL databas ...)
TODO: check
CVE-2025-30352 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -23,79 +23,79 @@ CVE-2025-2820 (An authenticated attacker can compromise the availability of the
CVE-2025-2819 (There is a risk of unauthorized file uploads in GT-SoftControl and pot ...)
TODO: check
CVE-2025-2600 (Improper authorization in the variable component in Devolutions Remote ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-2596 (Session logout could be overwritten in Checkmk GmbH's Checkmk versions ...)
TODO: check
CVE-2025-2562 (Insufficient logging in the autotyping feature in Devolutions Remote D ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-2528 (Improper authorization in application password policy in Devolutions R ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-2499 (Client side access control bypass in the permission component in Devo ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-2257 (The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2228 (The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2167 (The Event post plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2110 (The WP Compress \u2013 Instant Performance & Speed Optimization plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2098 (Fast CAD Reader application on MacOS was found to be installed with in ...)
TODO: check
CVE-2025-2009 (The Newsletters plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29322 (A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.0 ...)
TODO: check
CVE-2025-28942 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28939 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28924 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28916 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28911 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28903 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28899 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28893 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28890 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28885 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28882 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28880 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28877 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28873 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28869 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28865 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28858 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28855 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28361 (Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v. ...)
TODO: check
CVE-2025-27609 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
@@ -107,63 +107,63 @@ CVE-2025-27405 (Icinga Web 2 is an open source monitoring web interface, framewo
CVE-2025-27404 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
TODO: check
CVE-2025-27267 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27015 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27014 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26986 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26941 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26922 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26869 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26739 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26565 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26560 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-26542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26011 (Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulner ...)
TODO: check
CVE-2025-26010 (Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification ...)
@@ -189,79 +189,79 @@ CVE-2025-26001 (Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclo
CVE-2025-25535 (HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a re ...)
TODO: check
CVE-2025-25134 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24972 (Discourse is an open-source discussion platform. Prior to versions `3. ...)
TODO: check
CVE-2025-24808 (Discourse is an open-source discussion platform. Prior to versions `3. ...)
TODO: check
CVE-2025-24690 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23964 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23952 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23937 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23735 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23728 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23714 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23704 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23680 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23666 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23612 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23466 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23460 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23459 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23203 (Icinga Director is an Icinga config deployment tool. A Security vulner ...)
TODO: check
CVE-2025-22283 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-1913 (The Product Import Export for WooCommerce \u2013 Import Export Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1912 (The Product Import Export for WooCommerce \u2013 Import Export Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1911 (The Product Import Export for WooCommerce \u2013 Import Export Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1769 (The Product Import Export for WooCommerce \u2013 Import Export Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1703 (The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1542 (Improper permission controlvulnerability in the OXARIServiceDeskapplic ...)
TODO: check
CVE-2025-1514 (The Active Products Tables for WooCommerce. Use constructor to create ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1440 (The Advanced iFrame plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1439 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1437 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1312 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1310 (The Jobs for WordPress plugin for WordPress is vulnerable to Directory ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55964 (An issue was discovered in Appsmith before 1.52. An incorrectly config ...)
TODO: check
CVE-2024-55963 (An issue was discovered in Appsmith before 1.51. A user on Appsmith th ...)
@@ -271,13 +271,13 @@ CVE-2024-45351 (A code execution vulnerability exists in the Xiaomi Game center
CVE-2024-41643 (An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate att ...)
TODO: check
CVE-2024-13889 (The WordPress Importer plugin for WordPress is vulnerable to PHP Objec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13801 (The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13702 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13411 (The Zapier for WordPress plugin for WordPress is vulnerable to Server- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9773
- gitlab <not-affected> (Specific to EE)
CVE-2024-10307
@@ -221467,7 +221467,7 @@ CVE-2022-39165 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged
CVE-2022-39164 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...)
NOT-FOR-US: IBM
CVE-2022-39163 (IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client- ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-39162
RESERVED
CVE-2022-39161 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7043f709e2cf4d2e4344d1b350dee39f9b8d51b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7043f709e2cf4d2e4344d1b350dee39f9b8d51b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250326/b3e4214e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list