[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 27 20:50:26 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e81a6531 by Salvatore Bonaccorso at 2025-03-27T21:48:56+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -209,55 +209,55 @@ CVE-2025-30792 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-30791 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30790 (Missing Authorization vulnerability in alexvtn Chatbox Manager allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30788 (Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30787 (Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30785 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30784 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30783 (Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30781 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30780 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30779 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30777 (Authorization Bypass Through User-Controlled Key vulnerability in Pals ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30776 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30775 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30773 (Deserialization of Untrusted Data vulnerability in Cozmoslabs Translat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30772 (Missing Authorization vulnerability in WPClever WPC Smart Upsell Funne ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30769 (Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCaro ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30767 (Missing Authorization vulnerability in add-ons.org PDF for WPForms all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30764 (Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football P ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30763 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30367 (WeGIA is a Web manager for charitable institutions. A SQL Injection vu ...)
NOT-FOR-US: WeGIA
CVE-2025-30366 (WeGIA is a Web manager for charitable institutions. Versions prior to ...)
@@ -297,7 +297,7 @@ CVE-2025-2846 (A vulnerability classified as critical was found in SourceCodeste
CVE-2025-2516 (The use of a weak cryptographic key pair in the signature verification ...)
TODO: check
CVE-2025-29993 (The affected versions of PowerCMS allow HTTP header injection. This vu ...)
- TODO: check
+ NOT-FOR-US: PowerCMS
CVE-2025-29497 (libming v0.4.8 was discovered to contain a memory leak via the parseSW ...)
TODO: check
CVE-2025-29496 (libming v0.4.8 was discovered to contain a segmentation fault via the ...)
@@ -327,7 +327,7 @@ CVE-2025-29484 (An out-of-memory error in the parseABC_NS_SET_INFO function of l
CVE-2025-29483 (libming v0.4.8 was discovered to contain a memory leak via the parseSW ...)
TODO: check
CVE-2025-29306 (An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitra ...)
- TODO: check
+ NOT-FOR-US: FoxCMS
CVE-2025-29072 (An integer overflow in Nethermind Juno before v.12.05 within the Sierr ...)
TODO: check
CVE-2025-28138 (TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e81a65310373c4d66bf1aeffa6c7fbdb908c3cc5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e81a65310373c4d66bf1aeffa6c7fbdb908c3cc5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250327/454c4771/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list