[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) Fri, 28 Mar 2025 13:20:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6d4a4974 by Salvatore Bonaccorso at 2025-03-28T21:20:22+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2025-31474 (Cross-Site Request Forgery (CSRF) vulnerability in 
matthewprice1178 WP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31473 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31472 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31471 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31470 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31469 (Missing Authorization vulnerability in webrangers Clear Sucuri 
Cache a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31466 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31465 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31464 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31463 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31460 (Cross-Site Request Forgery (CSRF) vulnerability in 
danielmuldernl Omni ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31459 (Cross-Site Request Forgery (CSRF) vulnerability in 
PasqualePuzio Login ...)
@@ -25,23 +25,23 @@ CVE-2025-31459 (Cross-Site Request Forgery (CSRF) 
vulnerability in PasqualePuzio
 CVE-2025-31458 (Cross-Site Request Forgery (CSRF) vulnerability in forsgren 
Video Embe ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31457 (Cross-Site Request Forgery (CSRF) vulnerability in Aur\xe9lien 
LWS LWS ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31456 (Cross-Site Request Forgery (CSRF) vulnerability in bsndev 
Ultimate Sec ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31453 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31452 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31451 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31450 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31449 (Cross-Site Request Forgery (CSRF) vulnerability in EricH The 
Visitor C ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31448 (Cross-Site Request Forgery (CSRF) vulnerability in misteraon 
Simple Tr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31447 (Cross-Site Request Forgery (CSRF) vulnerability in nertworks 
NertWorks ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31444 (Cross-Site Request Forgery (CSRF) vulnerability in youtag 
ShowTime Sli ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31443 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof 
Furtak KK ...)
@@ -49,19 +49,19 @@ CVE-2025-31443 (Cross-Site Request Forgery (CSRF) 
vulnerability in Krzysztof Fur
 CVE-2025-31440 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 
Team Ter ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31439 (Cross-Site Request Forgery (CSRF) vulnerability in 
tobias_.MerZ Browse ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31438 (Cross-Site Request Forgery (CSRF) vulnerability in Benoit De 
Boeck WP  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31437 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31435 (Cross-Site Request Forgery (CSRF) vulnerability in Efficient 
Scripts M ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31434 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31433 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31432 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31164 (heap-buffer overflow in fig2dev in version 3.2.9aallows an 
attacker to ...)
        TODO: check
 CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an 
attacker to a ...)
@@ -71,19 +71,19 @@ CVE-2025-31162 (Floating point exception in fig2dev in 
version 3.2.9aallows an a
 CVE-2025-31102 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31099 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31096 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31094 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31093 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31090 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31088 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31083 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31079 (Cross-Site Request Forgery (CSRF) vulnerability in usermaven 
Usermaven ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31077 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -93,7 +93,7 @@ CVE-2025-31076 (Server-Side Request Forgery (SSRF) 
vulnerability in WP Compress
 CVE-2025-31075 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31073 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31010 (Cross-Site Request Forgery (CSRF) vulnerability in 
ReichertBrothers Si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro 
versions pr ...)
@@ -119,9 +119,9 @@ CVE-2025-2920 (A vulnerability was found in Netis WF-2404 
1.1.124EN. It has been
 CVE-2025-2919 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has 
been decl ...)
        TODO: check
 CVE-2025-2917 (A vulnerability, which was classified as problematic, was found 
in Che ...)
-       TODO: check
+       NOT-FOR-US: ChestnutCMS
 CVE-2025-2916 (A vulnerability, which was classified as critical, has been 
found in A ...)
-       TODO: check
+       NOT-FOR-US: Aishida Call Center System
 CVE-2025-2915 (A vulnerability classified as problematic was found in HDF5 up 
to 1.14 ...)
        TODO: check
 CVE-2025-2914 (A vulnerability classified as problematic has been found in 
HDF5 up to ...)
@@ -131,35 +131,35 @@ CVE-2025-2913 (A vulnerability was found in HDF5 up to 
1.14.6. It has been rated
 CVE-2025-2912 (A vulnerability was found in HDF5 up to 1.14.6. It has been 
declared a ...)
        TODO: check
 CVE-2025-2911 (Unauthorised access to the call forwarding service system in 
MeetMe pr ...)
-       TODO: check
+       NOT-FOR-US: MeetMe
 CVE-2025-2910 (User enumeration in the password reset module of the MeetMe 
authentica ...)
-       TODO: check
+       NOT-FOR-US: MeetMe
 CVE-2025-2909 (The lack of encryption in the DuoxMe (formerly Blue) 
application binar ...)
-       TODO: check
+       NOT-FOR-US: DuoxMe
 CVE-2025-2908 (The exposure of credentials in the call forwarding 
configuration modul ...)
-       TODO: check
+       NOT-FOR-US: MeetMe
 CVE-2025-2901 (A flaw was found in the JBoss EAP Management Console, where a 
stored C ...)
        TODO: check
 CVE-2025-2877 (A flaw was found in the Ansible Automation Platform's 
Event-Driven Ans ...)
        TODO: check
 CVE-2025-2870 (Reflected Cross-Site Scripting (XSS) vulnerability in version 
1.0 of t ...)
-       TODO: check
+       NOT-FOR-US: Clinic Queuing System
 CVE-2025-2869 (Reflected Cross-Site Scripting (XSS) vulnerability in version 
1.0 of t ...)
-       TODO: check
+       NOT-FOR-US: Clinic Queuing System
 CVE-2025-2868 (Reflected Cross-Site Scripting (XSS) vulnerability in version 
1.0 of t ...)
-       TODO: check
+       NOT-FOR-US: Clinic Queuing System
 CVE-2025-2865 (SaTECH BCU, in its firmware version 2.1.3, could allow XSS 
attacks and ...)
-       TODO: check
+       NOT-FOR-US: SaTECH BCU
 CVE-2025-2864 (SaTECH BCU in its firmware version 2.1.3 allows an attacker to 
inject  ...)
-       TODO: check
+       NOT-FOR-US: SaTECH BCU
 CVE-2025-2863 (Cross-site request forgery (CSRF) vulnerability in the web 
application ...)
-       TODO: check
+       NOT-FOR-US: SaTECH BCU
 CVE-2025-2862 (SaTECH BCU, in its firmware version 2.1.3, performs weak 
password encr ...)
-       TODO: check
+       NOT-FOR-US: SaTECH BCU
 CVE-2025-2861 (SaTECH BCU in its firmware version 2.1.3 uses the HTTP 
protocol. The u ...)
-       TODO: check
+       NOT-FOR-US: SaTECH BCU
 CVE-2025-2860 (SaTECH BCU in its firmware version 2.1.3, allows an 
authenticated atta ...)
-       TODO: check
+       NOT-FOR-US: SaTECH BCU
 CVE-2025-2859 (An attacker with access to the network where the vulnerable 
device is  ...)
        TODO: check
 CVE-2025-2858 (Privilege escalation vulnerability in the saTECH BCU firmware 
version  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d4a4974d488cd32a9d92f8907064d0cb746eaa3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d4a4974d488cd32a9d92f8907064d0cb746eaa3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Reply via email to