[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 28 08:15:17 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ef086aa by Salvatore Bonaccorso at 2025-03-28T09:14:52+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-31101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31031 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-2894 (The Go1also known as "The World's First Intelligence Bionic Quadruped  ...)
 	TODO: check
 CVE-2025-2888 (During a snapshot rollback, the client incorrectly caches the timestam ...)
@@ -17,71 +17,71 @@ CVE-2025-2885 (Missing validation of the root metatdata version number could all
 CVE-2025-2878 (A vulnerability was found in Kentico CMS up to 13.0.178. It has been d ...)
 	TODO: check
 CVE-2025-2804 (The tagDiv Composer plugin for WordPress, used by the Newspaper theme, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2578 (The Booking for Appointments and Events Calendar – Amelia plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2485 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2328 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2294 (The Kubio AI Page Builder plugin for WordPress is vulnerable to Local  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2074 (The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to ge ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2027 (A double free vulnerability has been identified in the ASUS System Ana ...)
 	TODO: check
 CVE-2025-28253 (Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5 ...)
 	TODO: check
 CVE-2025-26956 (Missing Authorization vulnerability in Shinetheme Traveler.This issue  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26890 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26873 (Deserialization of Untrusted Data vulnerability in Shinetheme Traveler ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26733 (Missing Authorization vulnerability in Shinetheme Traveler.This issue  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24386 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24385 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24383 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24382 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24381 (Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24380 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24379 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24378 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24377 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-23383 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-22740 (Missing Authorization vulnerability in Automattic Sensei LMS allows Ex ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-22739 (Missing Authorization vulnerability in ThimPress LearnPress allows Exp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-22398 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-1860 (Data::Entropy for Perl 0.007 and earlier use the rand() function as th ...)
 	TODO: check
 CVE-2025-1762 (The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 do ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-49601 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2024-49565 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2024-49564 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2024-49563 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is vulnerable to  ...)
 	TODO: check
 CVE-2024-56325



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ef086aa6d41a602fafea8d2c9cfcc547acbc151

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ef086aa6d41a602fafea8d2c9cfcc547acbc151
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/43604a54/attachment.htm>

More information about the debian-security-tracker-commits mailing list