Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfcf0369 by security tracker role at 2025-05-23T20:12:52+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2025-5099 (An Out of Bounds Write occurs when the native
library attempts PD
CVE-2025-5098 (PrinterShare Android application allows the capture of Gmail
authentic ...)
TODO: check
CVE-2025-5096 (The TablePress plugin for WordPress is vulnerable to DOM-Based
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4975 (When a notification relating to low battery appears for a user
with wh ...)
TODO: check
CVE-2025-4692 (Actors can use a maliciously crafted JavaScript object notation
(JSON) ...)
@@ -31,7 +31,7 @@ CVE-2025-4692 (Actors can use a maliciously crafted
JavaScript object notation (
CVE-2025-4642
REJECTED
CVE-2025-4594 (The Tournamatch plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4562
REJECTED
CVE-2025-4379 (DobryCMS in versions 2.* and lower is vulnerable to Reflected
Cross-Si ...)
@@ -67,13 +67,13 @@ CVE-2025-48372 (Schule is open-source school management
system software. The gen
CVE-2025-48371 (OpenFGA is an authorization/permission engine. OpenFGA
versions 1.8.0 ...)
TODO: check
CVE-2025-48292 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48289 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Kids P ...)
TODO: check
CVE-2025-48287 (Deserialization of Untrusted Data vulnerability in Pagaleve
Pix 4x sem ...)
TODO: check
CVE-2025-48286 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48283 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-48275 (Missing Authorization vulnerability in dastan800 Visual Header
allows ...)
@@ -83,19 +83,19 @@ CVE-2025-48273 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2025-48271 (Missing Authorization vulnerability in Leadinfo Leadinfo
allows Exploi ...)
TODO: check
CVE-2025-48245 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48241 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47690 (Missing Authorization vulnerability in smackcoders Lead Form
Data Coll ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47687 (Unrestricted Upload of File with Dangerous Type vulnerability
in Store ...)
TODO: check
CVE-2025-47680 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47678 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47673 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47672 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-47671 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -103,7 +103,7 @@ CVE-2025-47671 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-47670 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-47663 (Unrestricted Upload of File with Dangerous Type vulnerability
in mojoo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47660 (Deserialization of Untrusted Data vulnerability in Codexpert,
Inc WC A ...)
TODO: check
CVE-2025-47658 (Unrestricted Upload of File with Dangerous Type vulnerability
in ELEXt ...)
@@ -119,25 +119,25 @@ CVE-2025-47640 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2025-47637 (Unrestricted Upload of File with Dangerous Type vulnerability
in STAGG ...)
TODO: check
CVE-2025-47631 (Incorrect Privilege Assignment vulnerability in mojoomla
Hospital Mana ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47619 (Missing Authorization vulnerability in 6Storage 6Storage
Rentals allow ...)
TODO: check
CVE-2025-47618 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47613 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47611 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47603 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-47599 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-47575 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47568 (Deserialization of Untrusted Data vulnerability in ZoomIt
ZoomSounds a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47558 (Missing Authorization vulnerability in RomanCode MapSVG allows
Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47541 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPF ...)
TODO: check
CVE-2025-47539 (Incorrect Privilege Assignment vulnerability in Themewinter
Eventin al ...)
@@ -149,23 +149,23 @@ CVE-2025-47532 (Deserialization of Untrusted Data
vulnerability in CoinPayments
CVE-2025-47530 (Deserialization of Untrusted Data vulnerability in WPFunnels
WPFunnels ...)
TODO: check
CVE-2025-47529 (Missing Authorization vulnerability in UX Design Experts
Experto CTA W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47513 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47512 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47492 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-47478 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-47461 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47458 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47453 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-47438 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47181 (Improper link resolution before file access ('link following')
in Micr ...)
TODO: check
CVE-2025-47149 (The optional feature 'Anti-Virus & Sandbox' of i-FILTER
contains an is ...)
@@ -173,23 +173,23 @@ CVE-2025-47149 (The optional feature 'Anti-Virus &
Sandbox' of i-FILTER contains
CVE-2025-46539 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-46537 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46527 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46526 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-46515 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46493 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-46490 (Unrestricted Upload of File with Dangerous Type vulnerability
in wordw ...)
TODO: check
CVE-2025-46488 (Missing Authorization vulnerability in dastan800 Visual
Builder allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46487 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46486 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-46474 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -201,9 +201,9 @@ CVE-2025-46463 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-46460 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-46458 (Cross-Site Request Forgery (CSRF) vulnerability in x000x
occupancyplan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46456 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46455 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-46454 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -213,19 +213,19 @@ CVE-2025-46448 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-46446 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-46444 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46440 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46437 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46176 (Hardcoded credentials in the Telnet service in D-Link DIR-605L
v2.13B0 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-44998 (A stored cross-site scripting (XSS) vulnerability in the
component /ti ...)
TODO: check
CVE-2025-43860 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-41407 (Zohocorp ManageEngine ADAudit Plus versions below 8511 are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-41380 (Iridium Certus 700 version 1.0.1 has an embedded credentials
vulnerabi ...)
TODO: check
CVE-2025-41379 (The Intellian C700 web panel allows you to add firewall rules.
Each of ...)
@@ -245,39 +245,39 @@ CVE-2025-3580 (An access control vulnerability was
discovered in Grafana OSS whe
CVE-2025-39536 (Missing Authorization vulnerability in Chimpstudio JobHunt Job
Alerts ...)
TODO: check
CVE-2025-39506 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39504 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39503 (Deserialization of Untrusted Data vulnerability in GoodLayers
Goodlaye ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39502 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39501 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39500 (Deserialization of Untrusted Data vulnerability in GoodLayers
Goodlaye ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39499 (Deserialization of Untrusted Data vulnerability in BoldThemes
Medicare ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39495 (Deserialization of Untrusted Data vulnerability in BoldThemes
Avantage ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39494 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39490 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-39489 (Incorrect Privilege Assignment vulnerability in pebas CouponXL
allows ...)
TODO: check
CVE-2025-39485 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Grand To ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39480 (Deserialization of Untrusted Data vulnerability in ThemeMakers
Car Dea ...)
TODO: check
CVE-2025-36527 (Zohocorp ManageEngineADAudit Plus versions below 8511 are
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-32967 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-32794 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-32309 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-32302 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -293,7 +293,7 @@ CVE-2025-32289 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-32286 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-32285 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32284 (Deserialization of Untrusted Data vulnerability in
designthemes Pet Wo ...)
TODO: check
CVE-2025-31927 (Deserialization of Untrusted Data vulnerability in themeton
Acerola al ...)
@@ -303,17 +303,17 @@ CVE-2025-31924 (Deserialization of Untrusted Data
vulnerability in designthemes
CVE-2025-31918 (Incorrect Privilege Assignment vulnerability in quantumcloud
Simple Bu ...)
TODO: check
CVE-2025-31916 (Unrestricted Upload of File with Dangerous Type vulnerability
in joy20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31914 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-31913 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-31912 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31636 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31633 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31632 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-31631 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Fish H ...)
@@ -323,15 +323,15 @@ CVE-2025-31430 (Deserialization of Untrusted Data
vulnerability in themeton The
CVE-2025-31423 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Umbert ...)
TODO: check
CVE-2025-31397 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31069 (Deserialization of Untrusted Data vulnerability in themeton
HotStar \u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31064 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-31060 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-31056 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31053 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-31049 (Deserialization of Untrusted Data vulnerability in themeton
Dash allow ...)
@@ -343,7 +343,7 @@ CVE-2025-24917 (In Tenable Network Monitor versions prior
to 6.5.1 on a Windows
CVE-2025-24916 (When installing Tenable Network Monitor to a non-default
location on a ...)
TODO: check
CVE-2025-1123 (The Solid Mail \u2013 SMTP email and logging made by SolidWP
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9163 (A business logic error in GitLab CE/EE affecting all versions
starting ...)
TODO: check
CVE-2024-7803 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
@@ -351,23 +351,23 @@ CVE-2024-7803 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2024-51360 (An issue in Hospital Management System In PHP V4.0 allows a
remote att ...)
TODO: check
CVE-2024-51108 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51107 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51103 (PHPGURUKUL Student Management System using PHP and MySQL v1
was discov ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51102 (PHPGURUKUL Student Management System using PHP and MySQL v1
was discov ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51101 (PHPGURUKUL Restaurant Table Booking System using PHP and MySQL
v1.0 wa ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51099 (A reflected cross-site scripting (XSS) vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-48704 (Phpgurukul Medical Card Generation System v1.0 is vulnerable
to HTML I ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-48702 (PHPGurukul Old Age Home Management System v1.0 is vulnerable
to HTML I ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-13945 (Stored Absolute Path Traversal vulnerabilities in ASPECT could
expose ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2023-53154 (parse_string in cJSON before 1.7.18 has a heap-based buffer
over-read ...)
TODO: check
CVE-2023-34873 (On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras
before MX-V5 ...)
@@ -263227,7 +263227,7 @@ CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier
may not send the X-Forward
NOTE:
https://github.com/apache/httpd/commit/956f708b094698ac9ad570d640d4f30eb0df7305
NOTE:
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
CVE-2022-31812 (A vulnerability has been identified in SiPass integrated (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-31811
RESERVED
CVE-2022-31810 (A vulnerability has been identified in SiPass integrated (All
versions ...)
@@ -263237,7 +263237,7 @@ CVE-2022-31809
CVE-2022-31808 (A vulnerability has been identified in SiPass integrated
AC5102 (ACC-G ...)
NOT-FOR-US: SiPass
CVE-2022-31807 (A vulnerability has been identified in SiPass integrated
AC5102 (ACC-G ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions
prior to V2. ...)
NOT-FOR-US: CODESYS
CVE-2022-31805 (In the CODESYS Development System multiple components in
multiple vers ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfcf03698a7d207bffe4ccbd0e310e81c0ccd63d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfcf03698a7d207bffe4ccbd0e310e81c0ccd63d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
