Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
256844fc by Salvatore Bonaccorso at 2025-07-04T22:33:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20,15 +20,15 @@ CVE-2025-7067 (A vulnerability classified as problematic
was found in HDF5 1.14.
- hdf5 <unfixed>
NOTE: https://github.com/HDFGroup/hdf5/issues/5577
CVE-2025-7066 (Jirafeau normally prevents browser preview for text files due
to the p ...)
- TODO: check
+ NOT-FOR-US: Jirafeau
CVE-2025-7061 (A vulnerability was found in Intelbras InControl up to
2.21.60.9. It h ...)
NOT-FOR-US: Intelbras
CVE-2025-7060 (A vulnerability was found in Monitorr up to 1.7.6m. It has been
classi ...)
- TODO: check
+ NOT-FOR-US: Monitorr
CVE-2025-6740 (The Contact Form 7 Database Addon plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6056 (Timing difference in password reset in Ergon Informatik AG's
Airlock I ...)
- TODO: check
+ NOT-FOR-US: Ergon Informatik AG's Airlock IAM
CVE-2025-5920 (The Sharable Password Protected Posts before version 1.1.1
allows acce ...)
NOT-FOR-US: WordPress plugin
CVE-2025-53569 (Cross-Site Request Forgery (CSRF) vulnerability in Trust
Payments Trus ...)
@@ -48,45 +48,45 @@ CVE-2025-53482 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2025-53481 (Uncontrolled Resource Consumption vulnerability in Wikimedia
Foundatio ...)
TODO: check
CVE-2025-52833 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52832 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52831 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52830 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52828 (Deserialization of Untrusted Data vulnerability in
designthemes Red Ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52813 (Missing Authorization vulnerability in pietro MobiLoud allows
Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52807 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52805 (Path Traversal vulnerability in VaultDweller Leyka allows PHP
Local Fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52798 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52796 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52776 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52718 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52497 (Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based
buffer und ...)
TODO: check
CVE-2025-52496 (Mbed TLS before 3.6.4 has a race condition in AESNI detection
if certa ...)
TODO: check
CVE-2025-50039 (Missing Authorization vulnerability in vgwort VG WORT METIS
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-50032 (Missing Authorization vulnerability in Paytiko - Payment
Orchestration ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4414 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-49870 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49867 (Incorrect Privilege Assignment vulnerability in InspiryThemes
RealHome ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49866 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49809 (mtr through 0.95, in certain privileged contexts, mishandles
execution ...)
TODO: check
CVE-2025-49601 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key
does not ...)
@@ -94,17 +94,17 @@ CVE-2025-49601 (In MbedTLS 3.3.0 before 3.6.4,
mbedtls_lms_import_public_key doe
CVE-2025-49600 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept
invalid s ...)
TODO: check
CVE-2025-49431 (Missing Authorization vulnerability in Gnuget MF Plus WPML
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49418 (Server-Side Request Forgery (SSRF) vulnerability in
TeconceTheme Allma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49417 (Deserialization of Untrusted Data vulnerability in
BestWpDeveloper Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49414 (Unrestricted Upload of File with Dangerous Type vulnerability
in Fastw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49303 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49302 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49274 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49247 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -112,19 +112,19 @@ CVE-2025-49247 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-49245 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49070 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48231 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48172 (CHMLib through 2bef8d0, as used in SumatraPDF and other
products, has ...)
TODO: check
CVE-2025-47634 (Missing Authorization vulnerability in Keylor Mendoza WC
Pickup Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47627 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47565 (Missing Authorization vulnerability in ashanjay EventON allows
Exploit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47479 (Weak Authentication vulnerability in AresIT WP Compress allows
Authent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46733 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
TODO: check
CVE-2025-39487 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/256844fc8f752e74b9eda9b314c7a53a8ec9f2bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/256844fc8f752e74b9eda9b314c7a53a8ec9f2bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
