Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d280d176 by Salvatore Bonaccorso at 2025-03-31T22:17:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-3048 (After completing a build with AWS Serverless Application Model
Command ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-3047 (When running the AWS Serverless Application Model Command Line
Interfa ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-3027 (The vulnerability exists in the EJBCA service, version 8.0
Enterprise. ...)
TODO: check
CVE-2025-3026 (The vulnerability exists in the EJBCA service, version 8.0
Enterprise. ...)
@@ -19,13 +19,13 @@ CVE-2025-3008 (A vulnerability classified as critical has
been found in Novastar
CVE-2025-3007 (A vulnerability was found in Novastar CX40 up to 2.44.0. It has
been r ...)
TODO: check
CVE-2025-3006 (A vulnerability was found in PHPGurukul e-Diary Management
System 1.0. ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-3005 (A vulnerability was found in Sayski ForestBlog up to 20250321
and clas ...)
TODO: check
CVE-2025-3004 (A vulnerability has been found in Sayski ForestBlog up to
20250321 and ...)
TODO: check
CVE-2025-3003 (A vulnerability, which was classified as critical, was found in
ESAFEN ...)
- TODO: check
+ NOT-FOR-US: ESAFENET
CVE-2025-3002 (A vulnerability, which was classified as critical, has been
found in D ...)
TODO: check
CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch
2.6.0. Thi ...)
@@ -33,159 +33,159 @@ CVE-2025-3001 (A vulnerability classified as critical was
found in PyTorch 2.6.0
CVE-2025-3000 (A vulnerability classified as critical has been found in
PyTorch 2.6.0 ...)
TODO: check
CVE-2025-31629 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31627 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31625 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31624 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31623 (Cross-Site Request Forgery (CSRF) vulnerability in
richtexteditor Rich ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31621 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31620 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31618 (Missing Authorization vulnerability in Jaap Jansma Connector
to CiviCR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31617 (Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep
Singh Po ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31616 (Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ
Varnish ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31615 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31614 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31613 (Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker.
AB Goog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31611 (Missing Authorization vulnerability in Shaharia Azam Auto Post
After I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31610 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31609 (Missing Authorization vulnerability in Arni Cinco WPCargo
Track & Trac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31608 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31607 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31606 (Missing Authorization vulnerability in softpulseinfotech SP
Blog Desig ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31605 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31604 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31603 (Missing Authorization vulnerability in moshensky CF7
Spreadsheets allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31602 (Cross-Site Request Forgery (CSRF) vulnerability in
apimofficiel Apimo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31601 (Cross-Site Request Forgery (CSRF) vulnerability in appointy
Appointy A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31600 (Cross-Site Request Forgery (CSRF) vulnerability in designnbuy
DesignO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31596 (Missing Authorization vulnerability in Chatwee Chat by Chatwee
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31595 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31591 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31590 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31589 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31588 (Cross-Site Request Forgery (CSRF) vulnerability in elfsight
Elfsight T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31587 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31586 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31585 (Cross-Site Request Forgery (CSRF) vulnerability in leadfox
Leadfox for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31584 (Missing Authorization vulnerability in elfsight Elfsight
Testimonials ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31583 (Cross-Site Request Forgery (CSRF) vulnerability in Ashish
Ajani WP Cop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31577 (Unrestricted Upload of File with Dangerous Type vulnerability
in appoi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31576 (Missing Authorization vulnerability in Gagan Deep Singh
PostmarkApp Em ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31575 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31572 (Cross-Site Request Forgery (CSRF) vulnerability in v20202020
Multi Day ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31570 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy
Related Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31569 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy
wordpress re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31567 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31566 (Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup
Rio Vid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31562 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31559 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31557 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31556 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31555 (Missing Authorization vulnerability in ContentMX ContentMX
Content Pub ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31549 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31547 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31546 (Missing Authorization vulnerability in WP Messiah Swiss
Toolkit For WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31545 (Missing Authorization vulnerability in WP Messiah Safe Ai
Malware Prot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31544 (Missing Authorization vulnerability in WP Messiah Swiss
Toolkit For WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31543 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31542 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31540 (Missing Authorization vulnerability in acmemediakits ACME Divi
Modules ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31539 (Missing Authorization vulnerability in Blocksera
Cryptocurrency Widget ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31538 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31535 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31533 (Missing Authorization vulnerability in Salesmate.io Salesmate
Add-On f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31532 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31530 (Missing Authorization vulnerability in smackcoders Google SEO
Pressor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31529 (Missing Authorization vulnerability in Rashid Slider Path for
Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31528 (Missing Authorization vulnerability in wokamoto StaticPress
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31527 (Server-Side Request Forgery (SSRF) vulnerability in Kishan WP
Link Pre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31526 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31419 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31410 (Cross-Site Request Forgery (CSRF) vulnerability in Ashish
Ajani WP Chu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31406 (Subscriber Broken Access Control in ELEX WooCommerce Request a
Quote < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31386 (Missing Authorization vulnerability in Simplepress
Simple:Press allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31376 (Missing Authorization vulnerability in Mayeenul Islam
NanoSupport allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31129 (Jooby is a web framework for Java and Kotlin. The pac4j
io.jooby.inter ...)
TODO: check
CVE-2025-31128 (gifplayer is a customizable jquery plugin to play and stop
animated gi ...)
@@ -199,13 +199,13 @@ CVE-2025-31123 (Zitadel is open-source identity
infrastructure software. A vulne
CVE-2025-31122 (scratch-coding-hut.github.io is the website for Coding Hut. In
1.0-bet ...)
TODO: check
CVE-2025-31117 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-31116 (Mobile Security Framework (MobSF) is a pen-testing, malware
analysis a ...)
TODO: check
CVE-2025-30963 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30961 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30369 (Zulip is an open-source team collaboration tool. The API for
deleting ...)
TODO: check
CVE-2025-30368 (Zulip is an open-source team collaboration tool. The API for
deleting ...)
@@ -213,15 +213,15 @@ CVE-2025-30368 (Zulip is an open-source team
collaboration tool. The API for del
CVE-2025-30223 (Beego is an open-source web framework for the Go programming
language. ...)
TODO: check
CVE-2025-30209 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-30203 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-30161 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-30155 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-30149 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-30095 (VyOS 1.3 through 1.5 or any Debian-based system using dropbear
in comb ...)
TODO: check
CVE-2025-30006 (Xorcom CompletePBX is vulnerable to a reflected cross-site
scripting ( ...)
@@ -237,25 +237,25 @@ CVE-2025-2998 (A vulnerability was found in PyTorch
2.6.0. It has been declared
CVE-2025-2997 (A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It
has been ...)
TODO: check
CVE-2025-2996 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2995 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408)
and class ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2994 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2993 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2992 (A vulnerability classified as critical was found in Tenda
FH1202 1.2.0 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2991 (A vulnerability classified as critical has been found in Tenda
FH1202 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2990 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has
been r ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2989 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has
been d ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-2985 (A vulnerability was found in code-projects Payroll Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2984 (A vulnerability was found in code-projects Payroll Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2794 (An unsafe reflection vulnerability in Kentico Xperience allows
an unau ...)
TODO: check
CVE-2025-2586 (A flaw was found in the OpenShift Lightspeed Service, which is
vulnera ...)
@@ -267,13 +267,13 @@ CVE-2025-2072 (A Reflected Cross-Site Scripting (XSS)
vulnerability has been dis
CVE-2025-2071 (A critical OS Command Injection vulnerability has been
identified in t ...)
TODO: check
CVE-2025-29929 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-29908 (Netty QUIC codec is a QUIC codec for netty which makes use of
quiche. ...)
TODO: check
CVE-2025-29772 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2025-29766 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-29266 (Unraid 7.0.0 before 7.0.1 allows remote users to access the
Unraid Web ...)
TODO: check
CVE-2025-27149 (Zulip server provides an open-source team chat that helps
teams stay p ...)
@@ -281,7 +281,7 @@ CVE-2025-27149 (Zulip server provides an open-source team
chat that helps teams
CVE-2025-27095 (JumpServer is an open source bastion host and an operation and
mainten ...)
TODO: check
CVE-2025-23995 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22941 (A command injection vulnerability in the web interface of
Adtran 411 O ...)
TODO: check
CVE-2025-22940 (Incorrect access control in Adtran 411 ONT L80.00.0011.M2
allows unaut ...)
@@ -297,9 +297,9 @@ CVE-2025-1449 (A vulnerability exists in the Rockwell
Automation Verve Asset Man
CVE-2024-55093 (phpIPAM through 1.7.3 has a reflected Cross-Site Scripting
(XSS) vulne ...)
TODO: check
CVE-2024-12021 (Coverity versions prior to 2024.9.0 are vulnerable to stored
cross-sit ...)
- TODO: check
+ NOT-FOR-US: Black Duck
CVE-2023-33302 (A buffer copy without checking size of input ('classic buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-21893 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.12.21-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d280d17648e42b806e048ebccb1bf3e32f5c31cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d280d17648e42b806e048ebccb1bf3e32f5c31cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
