[Git][security-tracker-team/security-tracker][master] Review batch of NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 28 20:15:32 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7bedc098 by Salvatore Bonaccorso at 2025-03-28T21:14:45+01:00
Review batch of NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,15 +19,15 @@ CVE-2025-31464 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-31463 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31460 (Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl Omni ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31459 (Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31458 (Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31457 (Cross-Site Request Forgery (CSRF) vulnerability in Aur\xe9lien LWS LWS ...)
TODO: check
CVE-2025-31456 (Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Sec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -37,17 +37,17 @@ CVE-2025-31451 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-31450 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31449 (Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31448 (Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Tr ...)
TODO: check
CVE-2025-31447 (Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks ...)
TODO: check
CVE-2025-31444 (Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Sli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31443 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31440 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Ter ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31439 (Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browse ...)
TODO: check
CVE-2025-31438 (Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP ...)
@@ -55,7 +55,7 @@ CVE-2025-31438 (Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boe
CVE-2025-31437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31435 (Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31433 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -69,7 +69,7 @@ CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an attacke
CVE-2025-31162 (Floating point exception in fig2dev in version 3.2.9aallows an attacke ...)
TODO: check
CVE-2025-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31099 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-31096 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -85,17 +85,17 @@ CVE-2025-31088 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-31083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31079 (Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31076 (Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31075 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31073 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31010 (Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro versions pr ...)
TODO: check
CVE-2025-30371 (Metabase is a business intelligence and embedded analytics tool. Versi ...)
@@ -165,15 +165,15 @@ CVE-2025-2859 (An attacker with access to the network where the vulnerable devic
CVE-2025-2858 (Privilege escalation vulnerability in the saTECH BCU firmware version ...)
TODO: check
CVE-2025-2815 (The Administrator Z plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2713 (Google gVisor's runsc component exhibited a local privilege escalation ...)
TODO: check
CVE-2025-29928 (authentik is an open-source identity provider. Prior to versions 2024. ...)
TODO: check
CVE-2025-28221 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-28220 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-28219 (Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in ...)
TODO: check
CVE-2025-27932 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
@@ -189,37 +189,37 @@ CVE-2025-27574 (Cross-site scripting vulnerability exists in the USB storage fil
CVE-2025-27567 (Cross-site scripting vulnerability exists in the NickName registration ...)
TODO: check
CVE-2025-27001 (Insertion of Sensitive Information Into Sent Data vulnerability in Shi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22526 (Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22523 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22501 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22360 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22356 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-1781 (There is a XXE in W3CSS Validator versions beforecssval-20250226 that ...)
TODO: check
CVE-2025-1705 (The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0986 (IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 throu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-7407 (Use of a custom password encoding algorithmin Streamsoft Presti\u017c ...)
TODO: check
CVE-2024-54362 (Path Traversal vulnerability in NotFound GetShop ecommerce allows Path ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-54291 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-51624 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-48615 (Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier ...)
TODO: check
CVE-2024-39311 (Publify is a self hosted Web publishing platform on Rails. Prior to ve ...)
@@ -335897,7 +335897,7 @@ CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vuln
CVE-2021-24009 (Multiple improper neutralization of special elements used in an OS com ...)
NOT-FOR-US: FortiWAN
CVE-2021-24008 (An exposure of sensitive system information to an unauthorized control ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...)
NOT-FOR-US: Fortiguard
CVE-2021-24006 (An improper access control vulnerability in FortiManager versions 6.4. ...)
@@ -437881,7 +437881,7 @@ CVE-2019-16151 (An improper neutralization of input during web page generation v
CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensitive da ...)
NOT-FOR-US: Fortiguard
CVE-2019-16149 (An Improper Neutralization of Input During Web Page Generation in Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)
{DLA-2340-1}
- sqlite3 3.29.0-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bedc0984d9442d80595b77103cd53b897f81eb1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bedc0984d9442d80595b77103cd53b897f81eb1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/0ccbf7a4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list