Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c13fa99 by Salvatore Bonaccorso at 2025-04-10T22:17:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2025-32755 (In jenkins/ssh-slave Docker images based on Debian, SSH host
keys are ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-32754 (In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH
host keys a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-32743 (In ConnMan through 1.44, the lookup string in ns_resolv in
dnsproxy.c ...)
TODO: check
CVE-2025-32687 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-32668 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32395 (Vite is a frontend tooling framework for javascript. Prior to
6.2.6, 6 ...)
TODO: check
CVE-2025-32391 (HedgeDoc is an open source, real-time, collaborative, markdown
notes a ...)
@@ -17,83 +17,83 @@ CVE-2025-32383 (MaxKB (Max Knowledge Base) is an open
source knowledge base ques
CVE-2025-32382 (Metabase is an open source Business Intelligence and Embedded
Analytic ...)
TODO: check
CVE-2025-32282 (Cross-Site Request Forgery (CSRF) vulnerability in ShareThis
ShareThis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32275 (Authentication Bypass by Spoofing vulnerability in Ays Pro
Survey Make ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32260 (Missing Authorization vulnerability in Detheme DethemeKit For
Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32259 (Missing Authorization vulnerability in Alimir WP ULike. This
issue aff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32244 (Missing Authorization vulnerability in QuantumCloud SEO Help
allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32243 (Missing Authorization vulnerability in Toast Plugins Internal
Link Opt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32242 (Missing Authorization vulnerability in Hive Support Hive
Support allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32240 (Missing Authorization vulnerability in NotFound Site Notify
allows Exp ...)
TODO: check
CVE-2025-32236 (Missing Authorization vulnerability in Vagonic Woocommerce
Products Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32230 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32228 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32227 (Authentication Bypass by Spoofing vulnerability in Asgaros
Asgaros For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32221 (Missing Authorization vulnerability in Spider Themes EazyDocs
allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32216 (Missing Authorization vulnerability in Spider Themes Spider
Elements \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32215 (Unrestricted Upload of File with Dangerous Type vulnerability
in Abili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32214 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32213 (Missing Authorization vulnerability in flothemesplugins Flo
Forms allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32212 (Missing Authorization vulnerability in Specia Theme Specia
Companion a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32210 (Missing Authorization vulnerability in CreativeMindsSolutions
CM Regis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32209 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32208 (Missing Authorization vulnerability in Hive Support Hive
Support allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32206 (Unrestricted Upload of File with Dangerous Type vulnerability
in LABCA ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32205 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32202 (Unrestricted Upload of File with Dangerous Type vulnerability
in Brian ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32199 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32198 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32160 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32158 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32145 (Deserialization of Untrusted Data vulnerability in
magepeopleteam WpEv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32140 (Unrestricted Upload of File with Dangerous Type vulnerability
in Nirma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32139 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32128 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32119 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32116 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32115 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32114 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32027 (Yii is an open source PHP web framework. Prior to 1.1.31,
yiisoft/yii ...)
TODO: check
CVE-2025-31524 (Incorrect Privilege Assignment vulnerability in NotFound WP
User Profi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31411 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30582 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-30148 (Silverstripe Framework is a PHP framework which powers the
Silverstrip ...)
@@ -103,15 +103,15 @@ CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File
Deletion via the id para
CVE-2025-29088 (An issue in sqlite v.3.49.0 allows an attacker to cause a
denial of se ...)
TODO: check
CVE-2025-29017 (A Remote Code Execution (RCE) vulnerability exists in Code
Astro Inter ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-27813 (MSI Center before 2.0.52.0 has Missing PE Signature
Validation.)
TODO: check
CVE-2025-27812 (MSI Center before 2.0.52.0 allows TOCTOU Local Privilege
Escalation.)
TODO: check
CVE-2025-27350 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27081 (A potential security vulnerability in HPE NonStop OSM Service
Connecti ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-25197 (Silverstripe Elemental extends a page type to swap the content
area fo ...)
TODO: check
CVE-2025-24866 (Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper
access con ...)
@@ -119,27 +119,27 @@ CVE-2025-24866 (Mattermost versions 9.11.x <= 9.11.8 fail
to enforce proper acce
CVE-2025-23386 (A Incorrect Default Permissions vulnerability in the openSUSE
Tumblewe ...)
TODO: check
CVE-2025-23010 (An Improper Link Resolution Before File Access ('Link
Following') vuln ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-23009 (A local privilege escalation vulnerability in SonicWall
NetExtender Wi ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-23008 (An improper privilege management vulnerability in the
SonicWall NetExt ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-22375 (An authentication bypass vulnerability was found in Videx's
CyberAudit ...)
TODO: check
CVE-2025-22374 (A Server-Side Request Forgery (SSRF) vulnerability was
discovered in t ...)
TODO: check
CVE-2025-22279 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22232 (Spring Cloud Config Server may not use Vault token sent by
clients usi ...)
TODO: check
CVE-2025-1073 (Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier
may al ...)
TODO: check
CVE-2023-43037 (IBM Maximo Application Suite 8.11 and 9.0 could allow an
authenticated ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-43035 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web
pages t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-42007 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is
vulnerable to c ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32700 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- mediawiki 1:1.43.1+dfsg-1
CVE-2025-32699 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia
Foundation ...)
@@ -206,7 +206,7 @@ CVE-2025-23378 (Dell PowerScale OneFS, versions 9.4.0.0
through 9.10.0.0, contai
CVE-2025-22471 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1,
contains an ...)
NOT-FOR-US: Dell / EMC
CVE-2025-0539 (In affected Microsoft Windows versions of Octopus Deploy, the
server c ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2024-58136 (Yii 2 before 2.0.52 mishandles the attaching of behavior that
is defin ...)
- yii <itp> (bug #597899)
CVE-2024-38865 (Improper neutralization of livestatus command delimiters in a
specific ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c13fa99c7e1091cffe072ebb1f8019101fa148f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c13fa99c7e1091cffe072ebb1f8019101fa148f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
