[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 23 21:12:58 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bfcf0369 by security tracker role at 2025-05-23T20:12:52+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2025-5099 (An Out of Bounds Write occurs when the native library attempts PD
CVE-2025-5098 (PrinterShare Android application allows the capture of Gmail authentic ...)
TODO: check
CVE-2025-5096 (The TablePress plugin for WordPress is vulnerable to DOM-Based Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4975 (When a notification relating to low battery appears for a user with wh ...)
TODO: check
CVE-2025-4692 (Actors can use a maliciously crafted JavaScript object notation (JSON) ...)
@@ -31,7 +31,7 @@ CVE-2025-4692 (Actors can use a maliciously crafted JavaScript object notation (
CVE-2025-4642
REJECTED
CVE-2025-4594 (The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4562
REJECTED
CVE-2025-4379 (DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Si ...)
@@ -67,13 +67,13 @@ CVE-2025-48372 (Schule is open-source school management system software. The gen
CVE-2025-48371 (OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 ...)
TODO: check
CVE-2025-48292 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48289 (Deserialization of Untrusted Data vulnerability in AncoraThemes Kids P ...)
TODO: check
CVE-2025-48287 (Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem ...)
TODO: check
CVE-2025-48286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48283 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-48275 (Missing Authorization vulnerability in dastan800 Visual Header allows ...)
@@ -83,19 +83,19 @@ CVE-2025-48273 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2025-48271 (Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploi ...)
TODO: check
CVE-2025-48245 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48241 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47690 (Missing Authorization vulnerability in smackcoders Lead Form Data Coll ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47687 (Unrestricted Upload of File with Dangerous Type vulnerability in Store ...)
TODO: check
CVE-2025-47680 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47678 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47673 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47672 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-47671 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -103,7 +103,7 @@ CVE-2025-47671 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-47670 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-47663 (Unrestricted Upload of File with Dangerous Type vulnerability in mojoo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47660 (Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC A ...)
TODO: check
CVE-2025-47658 (Unrestricted Upload of File with Dangerous Type vulnerability in ELEXt ...)
@@ -119,25 +119,25 @@ CVE-2025-47640 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-47637 (Unrestricted Upload of File with Dangerous Type vulnerability in STAGG ...)
TODO: check
CVE-2025-47631 (Incorrect Privilege Assignment vulnerability in mojoomla Hospital Mana ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47619 (Missing Authorization vulnerability in 6Storage 6Storage Rentals allow ...)
TODO: check
CVE-2025-47618 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47613 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47611 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47603 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-47599 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-47575 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47568 (Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47558 (Missing Authorization vulnerability in RomanCode MapSVG allows Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47541 (Insertion of Sensitive Information Into Sent Data vulnerability in WPF ...)
TODO: check
CVE-2025-47539 (Incorrect Privilege Assignment vulnerability in Themewinter Eventin al ...)
@@ -149,23 +149,23 @@ CVE-2025-47532 (Deserialization of Untrusted Data vulnerability in CoinPayments
CVE-2025-47530 (Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels ...)
TODO: check
CVE-2025-47529 (Missing Authorization vulnerability in UX Design Experts Experto CTA W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47513 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47512 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47492 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-47478 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-47461 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47458 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47453 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-47438 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47181 (Improper link resolution before file access ('link following') in Micr ...)
TODO: check
CVE-2025-47149 (The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an is ...)
@@ -173,23 +173,23 @@ CVE-2025-47149 (The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains
CVE-2025-46539 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-46537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46527 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46493 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46490 (Unrestricted Upload of File with Dangerous Type vulnerability in wordw ...)
TODO: check
CVE-2025-46488 (Missing Authorization vulnerability in dastan800 Visual Builder allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46487 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46486 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-46474 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -201,9 +201,9 @@ CVE-2025-46463 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-46460 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-46458 (Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46456 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46455 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-46454 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -213,19 +213,19 @@ CVE-2025-46448 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-46446 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46444 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46440 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46176 (Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B0 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-44998 (A stored cross-site scripting (XSS) vulnerability in the component /ti ...)
TODO: check
CVE-2025-43860 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-41407 (Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-41380 (Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerabi ...)
TODO: check
CVE-2025-41379 (The Intellian C700 web panel allows you to add firewall rules. Each of ...)
@@ -245,39 +245,39 @@ CVE-2025-3580 (An access control vulnerability was discovered in Grafana OSS whe
CVE-2025-39536 (Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts ...)
TODO: check
CVE-2025-39506 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39503 (Deserialization of Untrusted Data vulnerability in GoodLayers Goodlaye ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39501 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39500 (Deserialization of Untrusted Data vulnerability in GoodLayers Goodlaye ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39499 (Deserialization of Untrusted Data vulnerability in BoldThemes Medicare ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39495 (Deserialization of Untrusted Data vulnerability in BoldThemes Avantage ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39494 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39490 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-39489 (Incorrect Privilege Assignment vulnerability in pebas CouponXL allows ...)
TODO: check
CVE-2025-39485 (Deserialization of Untrusted Data vulnerability in ThemeGoods Grand To ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39480 (Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dea ...)
TODO: check
CVE-2025-36527 (Zohocorp ManageEngineADAudit Plus versions below 8511 are vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-32967 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-32794 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-32309 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-32302 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -293,7 +293,7 @@ CVE-2025-32289 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-32286 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-32285 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32284 (Deserialization of Untrusted Data vulnerability in designthemes Pet Wo ...)
TODO: check
CVE-2025-31927 (Deserialization of Untrusted Data vulnerability in themeton Acerola al ...)
@@ -303,17 +303,17 @@ CVE-2025-31924 (Deserialization of Untrusted Data vulnerability in designthemes
CVE-2025-31918 (Incorrect Privilege Assignment vulnerability in quantumcloud Simple Bu ...)
TODO: check
CVE-2025-31916 (Unrestricted Upload of File with Dangerous Type vulnerability in joy20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31914 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-31913 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-31912 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31636 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31633 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31632 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-31631 (Deserialization of Untrusted Data vulnerability in AncoraThemes Fish H ...)
@@ -323,15 +323,15 @@ CVE-2025-31430 (Deserialization of Untrusted Data vulnerability in themeton The
CVE-2025-31423 (Deserialization of Untrusted Data vulnerability in AncoraThemes Umbert ...)
TODO: check
CVE-2025-31397 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31069 (Deserialization of Untrusted Data vulnerability in themeton HotStar \u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31064 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-31060 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-31056 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31053 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-31049 (Deserialization of Untrusted Data vulnerability in themeton Dash allow ...)
@@ -343,7 +343,7 @@ CVE-2025-24917 (In Tenable Network Monitor versions prior to 6.5.1 on a Windows
CVE-2025-24916 (When installing Tenable Network Monitor to a non-default location on a ...)
TODO: check
CVE-2025-1123 (The Solid Mail \u2013 SMTP email and logging made by SolidWP plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9163 (A business logic error in GitLab CE/EE affecting all versions starting ...)
TODO: check
CVE-2024-7803 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
@@ -351,23 +351,23 @@ CVE-2024-7803 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2024-51360 (An issue in Hospital Management System In PHP V4.0 allows a remote att ...)
TODO: check
CVE-2024-51108 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51107 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51103 (PHPGURUKUL Student Management System using PHP and MySQL v1 was discov ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51102 (PHPGURUKUL Student Management System using PHP and MySQL v1 was discov ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51101 (PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 wa ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51099 (A reflected cross-site scripting (XSS) vulnerability in the component ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-48704 (Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML I ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-48702 (PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML I ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-13945 (Stored Absolute Path Traversal vulnerabilities in ASPECT could expose ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2023-53154 (parse_string in cJSON before 1.7.18 has a heap-based buffer over-read ...)
TODO: check
CVE-2023-34873 (On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5 ...)
@@ -263227,7 +263227,7 @@ CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forward
NOTE: https://github.com/apache/httpd/commit/956f708b094698ac9ad570d640d4f30eb0df7305
NOTE: https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
CVE-2022-31812 (A vulnerability has been identified in SiPass integrated (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-31811
RESERVED
CVE-2022-31810 (A vulnerability has been identified in SiPass integrated (All versions ...)
@@ -263237,7 +263237,7 @@ CVE-2022-31809
CVE-2022-31808 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
NOT-FOR-US: SiPass
CVE-2022-31807 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...)
NOT-FOR-US: CODESYS
CVE-2022-31805 (In the CODESYS Development System multiple components in multiple vers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfcf03698a7d207bffe4ccbd0e310e81c0ccd63d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfcf03698a7d207bffe4ccbd0e310e81c0ccd63d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250523/24c17896/attachment.htm>
More information about the debian-security-tracker-commits
mailing list