[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 28 20:20:47 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d4a4974 by Salvatore Bonaccorso at 2025-03-28T21:20:22+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2025-31474 (Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31473 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31472 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31471 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31470 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31469 (Missing Authorization vulnerability in webrangers Clear Sucuri Cache a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31466 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31465 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31464 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31463 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31460 (Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl Omni ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31459 (Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login ...)
@@ -25,23 +25,23 @@ CVE-2025-31459 (Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio
CVE-2025-31458 (Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embe ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31457 (Cross-Site Request Forgery (CSRF) vulnerability in Aur\xe9lien LWS LWS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31456 (Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Sec ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31451 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31450 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31449 (Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor C ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31448 (Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31447 (Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31444 (Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Sli ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31443 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK ...)
@@ -49,19 +49,19 @@ CVE-2025-31443 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Fur
CVE-2025-31440 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Ter ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31439 (Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31438 (Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31435 (Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts M ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31433 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31432 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31164 (heap-buffer overflow in fig2dev in version 3.2.9aallows an attacker to ...)
TODO: check
CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an attacker to a ...)
@@ -71,19 +71,19 @@ CVE-2025-31162 (Floating point exception in fig2dev in version 3.2.9aallows an a
CVE-2025-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31099 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31096 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31090 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31088 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31079 (Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -93,7 +93,7 @@ CVE-2025-31076 (Server-Side Request Forgery (SSRF) vulnerability in WP Compress
CVE-2025-31075 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31073 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31010 (Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers Si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro versions pr ...)
@@ -119,9 +119,9 @@ CVE-2025-2920 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has been
CVE-2025-2919 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has been decl ...)
TODO: check
CVE-2025-2917 (A vulnerability, which was classified as problematic, was found in Che ...)
- TODO: check
+ NOT-FOR-US: ChestnutCMS
CVE-2025-2916 (A vulnerability, which was classified as critical, has been found in A ...)
- TODO: check
+ NOT-FOR-US: Aishida Call Center System
CVE-2025-2915 (A vulnerability classified as problematic was found in HDF5 up to 1.14 ...)
TODO: check
CVE-2025-2914 (A vulnerability classified as problematic has been found in HDF5 up to ...)
@@ -131,35 +131,35 @@ CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been rated
CVE-2025-2912 (A vulnerability was found in HDF5 up to 1.14.6. It has been declared a ...)
TODO: check
CVE-2025-2911 (Unauthorised access to the call forwarding service system in MeetMe pr ...)
- TODO: check
+ NOT-FOR-US: MeetMe
CVE-2025-2910 (User enumeration in the password reset module of the MeetMe authentica ...)
- TODO: check
+ NOT-FOR-US: MeetMe
CVE-2025-2909 (The lack of encryption in the DuoxMe (formerly Blue) application binar ...)
- TODO: check
+ NOT-FOR-US: DuoxMe
CVE-2025-2908 (The exposure of credentials in the call forwarding configuration modul ...)
- TODO: check
+ NOT-FOR-US: MeetMe
CVE-2025-2901 (A flaw was found in the JBoss EAP Management Console, where a stored C ...)
TODO: check
CVE-2025-2877 (A flaw was found in the Ansible Automation Platform's Event-Driven Ans ...)
TODO: check
CVE-2025-2870 (Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of t ...)
- TODO: check
+ NOT-FOR-US: Clinic Queuing System
CVE-2025-2869 (Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of t ...)
- TODO: check
+ NOT-FOR-US: Clinic Queuing System
CVE-2025-2868 (Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of t ...)
- TODO: check
+ NOT-FOR-US: Clinic Queuing System
CVE-2025-2865 (SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and ...)
- TODO: check
+ NOT-FOR-US: SaTECH BCU
CVE-2025-2864 (SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject ...)
- TODO: check
+ NOT-FOR-US: SaTECH BCU
CVE-2025-2863 (Cross-site request forgery (CSRF) vulnerability in the web application ...)
- TODO: check
+ NOT-FOR-US: SaTECH BCU
CVE-2025-2862 (SaTECH BCU, in its firmware version 2.1.3, performs weak password encr ...)
- TODO: check
+ NOT-FOR-US: SaTECH BCU
CVE-2025-2861 (SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The u ...)
- TODO: check
+ NOT-FOR-US: SaTECH BCU
CVE-2025-2860 (SaTECH BCU in its firmware version 2.1.3, allows an authenticated atta ...)
- TODO: check
+ NOT-FOR-US: SaTECH BCU
CVE-2025-2859 (An attacker with access to the network where the vulnerable device is ...)
TODO: check
CVE-2025-2858 (Privilege escalation vulnerability in the saTECH BCU firmware version ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d4a4974d488cd32a9d92f8907064d0cb746eaa3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d4a4974d488cd32a9d92f8907064d0cb746eaa3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/e100d3c4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list