Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d7043f70 by Salvatore Bonaccorso at 2025-03-26T22:01:54+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-30524 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30353 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
TODO: check
CVE-2025-30352 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
@@ -23,79 +23,79 @@ CVE-2025-2820 (An authenticated attacker can compromise the
availability of the
CVE-2025-2819 (There is a risk of unauthorized file uploads in GT-SoftControl
and pot ...)
TODO: check
CVE-2025-2600 (Improper authorization in the variable component in Devolutions
Remote ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-2596 (Session logout could be overwritten in Checkmk GmbH's Checkmk
versions ...)
TODO: check
CVE-2025-2562 (Insufficient logging in the autotyping feature in Devolutions
Remote D ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-2528 (Improper authorization in application password policy in
Devolutions R ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-2499 (Client side access control bypass in the permission component
in Devo ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-2257 (The Total Upkeep \u2013 WordPress Backup Plugin plus Restore &
Migrate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2228 (The Responsive Addons for Elementor \u2013 Free Elementor
Addons Plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2167 (The Event post plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2110 (The WP Compress \u2013 Instant Performance & Speed Optimization
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2098 (Fast CAD Reader application on MacOS was found to be installed
with in ...)
TODO: check
CVE-2025-2009 (The Newsletters plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29322 (A cross-site scripting (XSS) vulnerability in ScriptCase
before v1.0.0 ...)
TODO: check
CVE-2025-28942 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28939 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28935 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28934 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28928 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28924 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28921 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28917 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28916 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28911 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28903 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28899 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28898 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28893 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28890 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28889 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28885 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28882 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28880 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28877 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28873 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28869 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28865 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28858 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28855 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28361 (Unauthorized stack overflow vulnerability in Telesquare
TLR-2005KSH v. ...)
TODO: check
CVE-2025-27609 (Icinga Web 2 is an open source monitoring web interface,
framework and ...)
@@ -107,63 +107,63 @@ CVE-2025-27405 (Icinga Web 2 is an open source monitoring
web interface, framewo
CVE-2025-27404 (Icinga Web 2 is an open source monitoring web interface,
framework and ...)
TODO: check
CVE-2025-27267 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27015 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27014 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26986 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26941 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26929 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26923 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26922 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26869 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26747 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26739 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26584 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26583 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26581 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26579 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26576 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26575 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26565 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26564 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26560 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26559 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26546 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26544 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-26542 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26541 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26537 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26011 (Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack
overflow vulner ...)
TODO: check
CVE-2025-26010 (Telesquare TLR-2005KSH 1.1.4 allows unauthorized password
modification ...)
@@ -189,79 +189,79 @@ CVE-2025-26001 (Telesquare TLR-2005KSH 1.1.4 is
vulnerable to Information Disclo
CVE-2025-25535 (HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7
allows a re ...)
TODO: check
CVE-2025-25134 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24972 (Discourse is an open-source discussion platform. Prior to
versions `3. ...)
TODO: check
CVE-2025-24808 (Discourse is an open-source discussion platform. Prior to
versions `3. ...)
TODO: check
CVE-2025-24690 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23964 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23952 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23937 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23735 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23728 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23714 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23704 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23680 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23666 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23638 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23633 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23632 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23612 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23546 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23543 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23542 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23466 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23460 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23459 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23203 (Icinga Director is an Icinga config deployment tool. A
Security vulner ...)
TODO: check
CVE-2025-22283 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-1913 (The Product Import Export for WooCommerce \u2013 Import Export
Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1912 (The Product Import Export for WooCommerce \u2013 Import Export
Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1911 (The Product Import Export for WooCommerce \u2013 Import Export
Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1769 (The Product Import Export for WooCommerce \u2013 Import Export
Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1703 (The Ultimate Blocks plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1542 (Improper permission controlvulnerability in the
OXARIServiceDeskapplic ...)
TODO: check
CVE-2025-1514 (The Active Products Tables for WooCommerce. Use constructor to
create ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1440 (The Advanced iFrame plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1439 (The Advanced iFrame plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1437 (The Advanced iFrame plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1312 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1310 (The Jobs for WordPress plugin for WordPress is vulnerable to
Directory ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55964 (An issue was discovered in Appsmith before 1.52. An
incorrectly config ...)
TODO: check
CVE-2024-55963 (An issue was discovered in Appsmith before 1.51. A user on
Appsmith th ...)
@@ -271,13 +271,13 @@ CVE-2024-45351 (A code execution vulnerability exists in
the Xiaomi Game center
CVE-2024-41643 (An issue in Arris NVG443B 9.3.0h3d36 allows a physically
proximate att ...)
TODO: check
CVE-2024-13889 (The WordPress Importer plugin for WordPress is vulnerable to
PHP Objec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13801 (The BWL Advanced FAQ Manager plugin for WordPress is
vulnerable to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13702 (The CRM and Lead Management by vcita plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13411 (The Zapier for WordPress plugin for WordPress is vulnerable to
Server- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9773
- gitlab <not-affected> (Specific to EE)
CVE-2024-10307
@@ -221467,7 +221467,7 @@ CVE-2022-39165 (IBM AIX 7.1, 7.2, 7.3, and VIOS
3.1could allow a non-privileged
CVE-2022-39164 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a
non-privileged local ...)
NOT-FOR-US: IBM
CVE-2022-39163 (IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a
Client- ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-39162
RESERVED
CVE-2022-39161 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM
WebSphere ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7043f709e2cf4d2e4344d1b350dee39f9b8d51b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7043f709e2cf4d2e4344d1b350dee39f9b8d51b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
