Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d86d812a by Salvatore Bonaccorso at 2025-04-09T22:41:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,23 +5,23 @@ CVE-2025-3474 (Missing Authentication for Critical Function
vulnerability in Dru
CVE-2025-3131 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA:
Event - ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-3115 (Injection Vulnerabilities: Attackers can inject malicious code,
potent ...)
- TODO: check
+ NOT-FOR-US: Spotfire
CVE-2025-3114 (Code Execution via Malicious Files:Attackers can create
specially craf ...)
- TODO: check
+ NOT-FOR-US: Spotfire
CVE-2025-32695 (Incorrect Privilege Assignment vulnerability in Mestres do WP
Checkout ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32694 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32693 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32692 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32691 (Server-Side Request Forgery (SSRF) vulnerability in Angelo
Mandato Pow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32690 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32685 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32684 (Missing Authorization vulnerability in RomanCode MapSVG Lite
allows Ex ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32683 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -127,25 +127,25 @@ CVE-2025-32497 (Cross-Site Request Forgery (CSRF)
vulnerability in squiter Spoil
CVE-2025-32496 (Cross-Site Request Forgery (CSRF) vulnerability in
Uncodethemes Ultra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32495 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32494 (Cross-Site Request Forgery (CSRF) vulnerability in bozdoz
reCAPTCHA Je ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32493 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32492 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32489 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32488 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32487 (Server-Side Request Forgery (SSRF) vulnerability in Joe
Waymark allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32485 (Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP
Performan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32484 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu
Chartier WP ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32483 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32482 (Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo
Custom S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32481 (Cross-Site Request Forgery (CSRF) vulnerability in ninotheme
Nino Soci ...)
@@ -161,25 +161,25 @@ CVE-2025-32477 (Cross-Site Request Forgery (CSRF)
vulnerability in Jordi Salord
CVE-2025-32476 (Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle
Advance ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32381 (XGrammar is an open-source library for efficient, flexible,
and portab ...)
- TODO: check
+ NOT-FOR-US: XGrammar
CVE-2025-32380 (The Apollo Router Core is a configurable, high-performance
graph route ...)
- TODO: check
+ NOT-FOR-US: Apollo Router Core
CVE-2025-32379 (Koa is expressive middleware for Node.js using ES2017 async
functions. ...)
- TODO: check
+ NOT-FOR-US: Koa
CVE-2025-32378 (Shopware is an open source e-commerce software platform. Prior
to 6.6. ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2025-32375 (BentoML is a Python library for building online serving
systems optimi ...)
- TODO: check
+ NOT-FOR-US: BentoML
CVE-2025-32374 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2025-32373 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2025-32372 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2025-32371 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2025-32016 (Microsoft Identity Web is a library which contains a set of
reusable c ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-31404 (Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw
Madejczyk ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31402 (Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard
Plugin Ne ...)
@@ -211,17 +211,17 @@ CVE-2025-31383 (Cross-Site Request Forgery (CSRF)
vulnerability in FrescoChat L
CVE-2025-31382 (Cross-Site Request Forgery (CSRF) vulnerability in theode
Language Fie ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31377 (Missing Authorization vulnerability in Asaquzzaman mishu Woo
Product F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31375 (Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp
Scheduled ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31042 (Missing Authorization vulnerability in rtakao Sandwich Adsense
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31038 (Cross-Site Request Forgery (CSRF) vulnerability in Essential
Marketer ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31036 (Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free
WPSolr ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31035 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31034 (Cross-Site Request Forgery (CSRF) vulnerability in AboZain
Albanna Cus ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31033 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak
Buddypre ...)
@@ -233,15 +233,15 @@ CVE-2025-31026 (Cross-Site Request Forgery (CSRF)
vulnerability in Austin Commen
CVE-2025-31023 (Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo
Meta Tags ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31020 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31017 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31012 (Missing Authorization vulnerability in Phil Age Gate allows
Accessing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31009 (Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez
IndieBl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31008 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31005 (Cross-Site Request Forgery (CSRF) vulnerability in Uzair
Easyfonts all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31004 (Missing Authorization vulnerability in Croover.inc Rich Table
of Conte ...)
@@ -251,7 +251,7 @@ CVE-2025-31003 (Exposure of Sensitive System Information to
an Unauthorized Cont
CVE-2025-31002 (Unrestricted Upload of File with Dangerous Type vulnerability
in Bogda ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30677 (Apache Pulsar contains multiple connectors for integrating
with Apache ...)
- TODO: check
+ NOT-FOR-US: Apache Pulsar
CVE-2025-30656 (An Improper Handling of Additional Special Element
vulnerability in th ...)
NOT-FOR-US: Juniper
CVE-2025-30655 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
@@ -277,13 +277,13 @@ CVE-2025-30645 (A NULL Pointer Dereference vulnerability
in the flow daemon (flo
CVE-2025-30644 (A Heap-based Buffer Overflow vulnerability in the flexible PIC
concent ...)
NOT-FOR-US: Juniper
CVE-2025-2632 (Out of bounds write vulnerability due to improper bounds
checking in N ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2025-2631 (Out of bounds write vulnerability due to improper bounds
checking in N ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2025-2630 (There is a DLL hijacking vulnerability due to an uncontrolled
search p ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2025-2629 (There is a DLL hijacking vulnerability due to an uncontrolled
search p ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2025-2442 (CWE-1188: Initialization of a Resource with an Insecure Default
vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2025-2441 (CWE-1188: Initialization of a Resource with an Insecure Default
vulner ...)
@@ -297,21 +297,21 @@ CVE-2025-2222 (CWE-552: Files or Directories Accessible
to External Parties vuln
CVE-2025-29870 (Missing authentication for critical function vulnerability
exists in W ...)
TODO: check
CVE-2025-29394 (An insecure permissions vulnerability in verydows v2.0 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: verydows
CVE-2025-29391 (horvey Library-Manager v1.0 is vulnerable to SQL Injection in
Admin/Co ...)
- TODO: check
+ NOT-FOR-US: horvey Library-Manager
CVE-2025-29390 (jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the
set_password ...)
- TODO: check
+ NOT-FOR-US: jerryhanjj ERP
CVE-2025-29389 (PbootCMS v3.2.9 contains a XSS vulnerability in
admin.php?p=/Content/i ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2025-29189 (Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName
paramet ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-27934 (Information disclosure of authentication information in the
specific s ...)
- TODO: check
+ NOT-FOR-US: AC-WPS-11ac series
CVE-2025-27797 (OS command injection vulnerability in the specific service
exists in W ...)
- TODO: check
+ NOT-FOR-US: AC-WPS-11ac series
CVE-2025-27722 (Cleartext transmission of sensitive information issue exists
in Wi-Fi ...)
- TODO: check
+ NOT-FOR-US: AC-WPS-11ac series
CVE-2025-27391 (Insertion of Sensitive Information into Log File vulnerability
in Apac ...)
TODO: check
CVE-2025-26902 (Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy
Pro all ...)
@@ -321,15 +321,15 @@ CVE-2025-26901 (Missing Authorization vulnerability in
Brizy Brizy Pro allows Ex
CVE-2025-26888 (Missing Authorization vulnerability in OnTheGoSystems
WooCommerce Mult ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-25213 (Improper restriction of rendered UI layers or frames issue
exists in W ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-25056 (Cross-site request forgery vulnerability exists in Wi-Fi AP
UNIT 'AC-W ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-25053 (OS command injection vulnerability in the WEB UI (the setting
page) ex ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-25023 (IBM Security Guardium 11.4 and 12.1 could allow a privileged
user to r ...)
NOT-FOR-US: IBM
CVE-2025-23407 (Incorrect privilege assignment vulnerability in the WEB UI
(the settin ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-21601 (An Improper Following of Specification by Caller vulnerability
in web ...)
NOT-FOR-US: Juniper
CVE-2025-21597 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
@@ -343,11 +343,11 @@ CVE-2025-21591 (A Buffer Access with Incorrect Length
Value vulnerability in the
CVE-2025-1968 (Insufficient Session Expiration vulnerability in Progress
Software Cor ...)
NOT-FOR-US: Progress Software
CVE-2024-55210 (An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: TOTVS Framework (Linha Protheus)
CVE-2023-33844 (IBM Security Verify Governance 10.0.2 is vulnerable to
cross-site scri ...)
NOT-FOR-US: IBM
CVE-2017-20197 (A vulnerability was found in propanetank
Roommate-Bill-Tracking up to ...)
- TODO: check
+ NOT-FOR-US: Roommate-Bill-Tracking
CVE-2025-30215
- nats-server <unfixed>
NOTE: https://advisories.nats.io/CVE/secnote-2025-01.txt
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86d812a2f4bdb87ceed35452dfad17012f29ed7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86d812a2f4bdb87ceed35452dfad17012f29ed7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
