[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 31 21:20:31 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d280d176 by Salvatore Bonaccorso at 2025-03-31T22:17:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-3048 (After completing a build with AWS Serverless Application Model Command ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-3047 (When running the AWS Serverless Application Model Command Line Interfa ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-3027 (The vulnerability exists in the EJBCA service, version 8.0 Enterprise. ...)
TODO: check
CVE-2025-3026 (The vulnerability exists in the EJBCA service, version 8.0 Enterprise. ...)
@@ -19,13 +19,13 @@ CVE-2025-3008 (A vulnerability classified as critical has been found in Novastar
CVE-2025-3007 (A vulnerability was found in Novastar CX40 up to 2.44.0. It has been r ...)
TODO: check
CVE-2025-3006 (A vulnerability was found in PHPGurukul e-Diary Management System 1.0. ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-3005 (A vulnerability was found in Sayski ForestBlog up to 20250321 and clas ...)
TODO: check
CVE-2025-3004 (A vulnerability has been found in Sayski ForestBlog up to 20250321 and ...)
TODO: check
CVE-2025-3003 (A vulnerability, which was classified as critical, was found in ESAFEN ...)
- TODO: check
+ NOT-FOR-US: ESAFENET
CVE-2025-3002 (A vulnerability, which was classified as critical, has been found in D ...)
TODO: check
CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch 2.6.0. Thi ...)
@@ -33,159 +33,159 @@ CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch 2.6.0
CVE-2025-3000 (A vulnerability classified as critical has been found in PyTorch 2.6.0 ...)
TODO: check
CVE-2025-31629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31627 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31625 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31624 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31623 (Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31618 (Missing Authorization vulnerability in Jaap Jansma Connector to CiviCR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31617 (Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh Po ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31616 (Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31615 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31613 (Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Goog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31611 (Missing Authorization vulnerability in Shaharia Azam Auto Post After I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31610 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31609 (Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31608 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31607 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31606 (Missing Authorization vulnerability in softpulseinfotech SP Blog Desig ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31605 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31604 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31603 (Missing Authorization vulnerability in moshensky CF7 Spreadsheets allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31602 (Cross-Site Request Forgery (CSRF) vulnerability in apimofficiel Apimo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31601 (Cross-Site Request Forgery (CSRF) vulnerability in appointy Appointy A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31600 (Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31596 (Missing Authorization vulnerability in Chatwee Chat by Chatwee allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31589 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31588 (Cross-Site Request Forgery (CSRF) vulnerability in elfsight Elfsight T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31587 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31585 (Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31584 (Missing Authorization vulnerability in elfsight Elfsight Testimonials ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31583 (Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Cop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31577 (Unrestricted Upload of File with Dangerous Type vulnerability in appoi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31576 (Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Em ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31575 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31572 (Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Day ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31570 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31569 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31566 (Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Vid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31555 (Missing Authorization vulnerability in ContentMX ContentMX Content Pub ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31549 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31547 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31546 (Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31545 (Missing Authorization vulnerability in WP Messiah Safe Ai Malware Prot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31544 (Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31542 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31540 (Missing Authorization vulnerability in acmemediakits ACME Divi Modules ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31539 (Missing Authorization vulnerability in Blocksera Cryptocurrency Widget ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31533 (Missing Authorization vulnerability in Salesmate.io Salesmate Add-On f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31530 (Missing Authorization vulnerability in smackcoders Google SEO Pressor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31529 (Missing Authorization vulnerability in Rashid Slider Path for Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31528 (Missing Authorization vulnerability in wokamoto StaticPress allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31527 (Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Pre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31526 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31419 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31410 (Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Chu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31406 (Subscriber Broken Access Control in ELEX WooCommerce Request a Quote < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31386 (Missing Authorization vulnerability in Simplepress Simple:Press allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31376 (Missing Authorization vulnerability in Mayeenul Islam NanoSupport allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31129 (Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.inter ...)
TODO: check
CVE-2025-31128 (gifplayer is a customizable jquery plugin to play and stop animated gi ...)
@@ -199,13 +199,13 @@ CVE-2025-31123 (Zitadel is open-source identity infrastructure software. A vulne
CVE-2025-31122 (scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-bet ...)
TODO: check
CVE-2025-31117 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-31116 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
TODO: check
CVE-2025-30963 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30369 (Zulip is an open-source team collaboration tool. The API for deleting ...)
TODO: check
CVE-2025-30368 (Zulip is an open-source team collaboration tool. The API for deleting ...)
@@ -213,15 +213,15 @@ CVE-2025-30368 (Zulip is an open-source team collaboration tool. The API for del
CVE-2025-30223 (Beego is an open-source web framework for the Go programming language. ...)
TODO: check
CVE-2025-30209 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-30203 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-30161 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-30155 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-30149 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-30095 (VyOS 1.3 through 1.5 or any Debian-based system using dropbear in comb ...)
TODO: check
CVE-2025-30006 (Xorcom CompletePBX is vulnerable to a reflected cross-site scripting ( ...)
@@ -237,25 +237,25 @@ CVE-2025-2998 (A vulnerability was found in PyTorch 2.6.0. It has been declared
CVE-2025-2997 (A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been ...)
TODO: check
CVE-2025-2996 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2995 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and class ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2994 (A vulnerability, which was classified as critical, was found in Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2993 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2992 (A vulnerability classified as critical was found in Tenda FH1202 1.2.0 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2991 (A vulnerability classified as critical has been found in Tenda FH1202 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2990 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been r ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2989 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been d ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2985 (A vulnerability was found in code-projects Payroll Management System 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2984 (A vulnerability was found in code-projects Payroll Management System 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2794 (An unsafe reflection vulnerability in Kentico Xperience allows an unau ...)
TODO: check
CVE-2025-2586 (A flaw was found in the OpenShift Lightspeed Service, which is vulnera ...)
@@ -267,13 +267,13 @@ CVE-2025-2072 (A Reflected Cross-Site Scripting (XSS) vulnerability has been dis
CVE-2025-2071 (A critical OS Command Injection vulnerability has been identified in t ...)
TODO: check
CVE-2025-29929 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-29908 (Netty QUIC codec is a QUIC codec for netty which makes use of quiche. ...)
TODO: check
CVE-2025-29772 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-29766 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-29266 (Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid Web ...)
TODO: check
CVE-2025-27149 (Zulip server provides an open-source team chat that helps teams stay p ...)
@@ -281,7 +281,7 @@ CVE-2025-27149 (Zulip server provides an open-source team chat that helps teams
CVE-2025-27095 (JumpServer is an open source bastion host and an operation and mainten ...)
TODO: check
CVE-2025-23995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22941 (A command injection vulnerability in the web interface of Adtran 411 O ...)
TODO: check
CVE-2025-22940 (Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unaut ...)
@@ -297,9 +297,9 @@ CVE-2025-1449 (A vulnerability exists in the Rockwell Automation Verve Asset Man
CVE-2024-55093 (phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulne ...)
TODO: check
CVE-2024-12021 (Coverity versions prior to 2024.9.0 are vulnerable to stored cross-sit ...)
- TODO: check
+ NOT-FOR-US: Black Duck
CVE-2023-33302 (A buffer copy without checking size of input ('classic buffer overflow ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-21893 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.21-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d280d17648e42b806e048ebccb1bf3e32f5c31cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d280d17648e42b806e048ebccb1bf3e32f5c31cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250331/a1decc03/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list