[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 7 21:13:29 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6d845b6 by security tracker role at 2025-05-07T20:13:22+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2025-4104 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47692 (Missing Authorization vulnerability in contentstudio ContentStudio all ...)
TODO: check
CVE-2025-47691 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47688 (Missing Authorization vulnerability in Saad Iqbal Advanced File Manage ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47686 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47684 (Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for W ...)
TODO: check
CVE-2025-47683 (Deserialization of Untrusted Data vulnerability in Florent Maillefaud ...)
@@ -47,7 +47,7 @@ CVE-2025-47657 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-47656 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47655 (Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47653 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-47649 (Path Traversal vulnerability in ilmosys Open Close WooCommerce Store a ...)
@@ -61,7 +61,7 @@ CVE-2025-47644 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
CVE-2025-47643 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-47639 (Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47636 (Path Traversal vulnerability in Fernando Briano List category posts al ...)
@@ -69,7 +69,7 @@ CVE-2025-47636 (Path Traversal vulnerability in Fernando Briano List category po
CVE-2025-47635 (Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem We ...)
TODO: check
CVE-2025-47633 (Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin \u2013 Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -91,7 +91,7 @@ CVE-2025-47622 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-47621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47620 (Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47617 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47616 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -99,7 +99,7 @@ CVE-2025-47616 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-47615 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47614 (Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessBut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47612 (Missing Authorization vulnerability in flowdee ClickWhale allows Explo ...)
TODO: check
CVE-2025-47609 (Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Co ...)
@@ -135,7 +135,7 @@ CVE-2025-47589 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-47587 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-47551 (Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47550 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
TODO: check
CVE-2025-47549 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
@@ -161,7 +161,7 @@ CVE-2025-47538 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-47537 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-47533 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graph ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47531 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-47528 (Missing Authorization vulnerability in pewilliams Ovation Elements all ...)
@@ -185,13 +185,13 @@ CVE-2025-47519 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterso
CVE-2025-47518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47517 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47516 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47514 (Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47510 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-47509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -245,7 +245,7 @@ CVE-2025-47483 (Server-Side Request Forgery (SSRF) vulnerability in Iulia Cazan
CVE-2025-47482 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-47481 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47480 (Missing Authorization vulnerability in Iqonic Design Graphina allows E ...)
TODO: check
CVE-2025-47476 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -259,7 +259,7 @@ CVE-2025-47472 (Missing Authorization vulnerability in codepeople Music Player f
CVE-2025-47471 (Missing Authorization vulnerability in EnvoThemes Envo Extra allows Ex ...)
TODO: check
CVE-2025-47470 (Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Cont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47469 (Missing Authorization vulnerability in slui Media Hygiene allows Explo ...)
TODO: check
CVE-2025-47468 (Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash For ...)
@@ -273,7 +273,7 @@ CVE-2025-47465 (Missing Authorization vulnerability in CreativeThemes Blocksy al
CVE-2025-47464 (Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Ex ...)
TODO: check
CVE-2025-47462 (Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47460 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-47459 (Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fund ...)
@@ -287,7 +287,7 @@ CVE-2025-47455 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
CVE-2025-47454 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
TODO: check
CVE-2025-47451 (Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47450 (Missing Authorization vulnerability in Mitchell Bennis Simple File Lis ...)
TODO: check
CVE-2025-47449 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -313,7 +313,7 @@ CVE-2025-47423 (Personal Weather Station Dashboard 12_lts allows unauthenticated
CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88 allows command injection via a ...)
TODO: check
CVE-2025-46828 (WeGIA is a web manager for charitable institutions. An unauthenticate ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-46827 (Graylog is a free and open log management platform. Prior to versions ...)
TODO: check
CVE-2025-46824 (The Discourse Code Review Plugin allows users to review GitHub commits ...)
@@ -321,23 +321,23 @@ CVE-2025-46824 (The Discourse Code Review Plugin allows users to review GitHub c
CVE-2025-46551 (JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSS ...)
TODO: check
CVE-2025-45514 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the functio ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-45388 (Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) ...)
TODO: check
CVE-2025-3476 (Incorrect Authorization vulnerability in OpenText\u2122 Operations Bri ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-3272 (Incorrect Authorization vulnerability in OpenText\u2122 Operations Bri ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-39361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-33093 (IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32821 (A vulnerability in SMA100 allows a remote authenticated attacker with ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-32820 (A vulnerability in SMA100 allows a remote authenticated attacker with ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-32819 (A vulnerability in SMA100 allows a remote authenticated attacker with ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-30147 (Besu Native contains scripts and tooling that is used to build and pac ...)
TODO: check
CVE-2025-2778
@@ -365,65 +365,65 @@ CVE-2025-26169 (IXON VPN Client before 1.4.4 on Windows allows Local Privilege E
CVE-2025-26168 (IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege ...)
TODO: check
CVE-2025-20980 (Out-of-bounds write in libsavscmn prior to Android 15 allows local att ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20979 (Out-of-bounds write in libsavscmn prior to Android 15 allows local att ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20978 (Improper access control in PENUP prior to version 3.9.19.32 allows loc ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20977 (Use of implicit intent for sensitive communication in translation in S ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20976 (Out-of-bounds read in applying binary of text content in Samsung Notes ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20975 (Improper Export of Android Application Components in AODService prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20974 (Improper handling of insufficient permission in PackageInstallerCN pri ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20973 (Improper authentication in Secure Folder prior to version 1.8.12.0 in ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20972 (Improper verification of intent by broadcast receiver in Samsung Flow ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20971 (Improper input validation in Samsung Flow prior to version 4.9.17.6 al ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20970 (Improper access control in Bixby Vision prior to version 3.8.1 in Andr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20969 (Improper input validation in Samsung Gallery prior to version 14.5.10. ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20968 (Improper access control in Samsung Gallery prior to version 14.5.10.3 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20967 (Improper access control in Samsung Gallery prior to version 14.5.10.3 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20966 (Improper access control in Samsung Gallery prior to version 14.5.10.3 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20965 (Improper handling of insufficient permission in Bixby wakeup prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20964 (Out-of-bounds write in parsing media files in libsavsvc.so prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20963 (Out-of-bounds write in memory initialization in libsavsvc.so prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20962 (Improper handling of insufficient permission in SpenGesture service pr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20961 (Improper handling of insufficient permission or privileges in sepunion ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20960 (Improper handling of insufficient permission in CocktailBarService pri ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20959 (Use of implicit intent for sensitive communication in Wi-Fi P2P servic ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20958 (Improper verification of intent by broadcast receiver in UnifiedWFC pr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20957 (Improper access control in SmartManagerCN prior to SMR May-2025 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20956 (Improper export of android application components in Settings in Galax ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20955 (Improper Export of Android Application Components in NotificationHisto ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20954 (Use of implicit intent for sensitive communication in EnrichedCall pri ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20953 (Improper access control in SmartManagerCN prior to SMR May-2025 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20949 (Path traversal vulnerability in Samsung Members prior to version 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20937 (Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20223 (A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, c ...)
TODO: check
CVE-2025-20221 (A vulnerability in the packet filtering features of Cisco IOS XE SD-WA ...)
@@ -473,9 +473,9 @@ CVE-2025-20186 (A vulnerability in the web-based management interface of the Wir
CVE-2025-20182 (A vulnerability in the Internet Key Exchange version 2 (IKEv2) protoco ...)
TODO: check
CVE-2025-20181 (A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20164 (A vulnerability in the Cisco Industrial Ethernet Switch Device Manager ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20162 (A vulnerability in the DHCP snooping security feature of Cisco IOS XE ...)
TODO: check
CVE-2025-20157 (A vulnerability in certificate validation processing of Cisco Catalyst ...)
@@ -491,7 +491,7 @@ CVE-2025-20147 (A vulnerability in the web-based management interface of Cisco C
CVE-2025-20140 (A vulnerability in the Wireless Network Control daemon (wncd) of Cisco ...)
TODO: check
CVE-2025-20137 (A vulnerability in the access control list (ACL) programming of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...)
TODO: check
CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6d845b6836a2d0894937b57fd83ce952c6635e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6d845b6836a2d0894937b57fd83ce952c6635e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250507/8530c9fa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list