Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
74a3529f by Salvatore Bonaccorso at 2025-03-24T21:17:05+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-30623 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30621 (Cross-Site Request Forgery (CSRF) vulnerability in kornelly
Translator ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30620 (Cross-Site Request Forgery (CSRF) vulnerability in coderscom
WP Odoo F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30619 (Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe
SpeakPipe ...)
TODO: check
CVE-2025-30617 (Cross-Site Request Forgery (CSRF) vulnerability in takien
Rewrite allo ...)
TODO: check
CVE-2025-30615 (Cross-Site Request Forgery (CSRF) vulnerability in Jacob
Schwartz WP e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30612 (Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb
Replace ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30610 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-30609 (Insertion of Sensitive Information Into Sent Data
vulnerability in App ...)
@@ -19,21 +19,21 @@ CVE-2025-30609 (Insertion of Sensitive Information Into
Sent Data vulnerability
CVE-2025-30608 (Cross-Site Request Forgery (CSRF) vulnerability in Anthony
WordPress S ...)
TODO: check
CVE-2025-30606 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30605 (Missing Authorization vulnerability in ldwin79
sourceplay-navermap all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30604 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30603 (Cross-Site Request Forgery (CSRF) vulnerability in DEJAN
CopyLink allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30602 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30601 (Cross-Site Request Forgery (CSRF) vulnerability in flipdish
Flipdish O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30600 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30599 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30598 (Cross-Site Request Forgery (CSRF) vulnerability in Link OSS
Upload all ...)
TODO: check
CVE-2025-30597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -49,23 +49,23 @@ CVE-2025-30591 (Missing Authorization vulnerability in
tuyennv Music Press Pro a
CVE-2025-30590 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-30588 (Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo
Map Con ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30587 (Cross-Site Request Forgery (CSRF) vulnerability in shawfactor
LH OGP M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30586 (Cross-Site Request Forgery (CSRF) vulnerability in bbodine1
cTabs allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30585 (Cross-Site Request Forgery (CSRF) vulnerability in marynixie
Generate ...)
TODO: check
CVE-2025-30584 (Cross-Site Request Forgery (CSRF) vulnerability in
alphaomegaplugins A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30583 (Cross-Site Request Forgery (CSRF) vulnerability in
ProRankTracker Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30581 (Missing Authorization vulnerability in PluginOps Top Bar
allows Exploi ...)
TODO: check
CVE-2025-30578 (Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod
AdSense P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30577 (Cross-Site Request Forgery (CSRF) vulnerability in mendibass
Browser A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30576 (Cross-Site Request Forgery (CSRF) vulnerability in HuangYe
WuDeng Hack ...)
TODO: check
CVE-2025-30575 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -75,7 +75,7 @@ CVE-2025-30574 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-30573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-30572 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych
Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30571 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-30570 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -87,79 +87,79 @@ CVE-2025-30568 (Cross-Site Request Forgery (CSRF)
vulnerability in hitoy Super S
CVE-2025-30566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-30565 (Cross-Site Request Forgery (CSRF) vulnerability in karrikas
banner-man ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30564 (Cross-Site Request Forgery (CSRF) vulnerability in wpwox
Custom Script ...)
TODO: check
CVE-2025-30561 (Cross-Site Request Forgery (CSRF) vulnerability in Henrique
Mouta CAS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30560 (Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah
jQuery D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30558 (Cross-Site Request Forgery (CSRF) vulnerability in
EnzoCostantini55 AN ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30557 (Cross-Site Request Forgery (CSRF) vulnerability in odihost
Easy 301 Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30556 (Cross-Site Request Forgery (CSRF) vulnerability in flyaga Fix
Rss Feed ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30555 (Cross-Site Request Forgery (CSRF) vulnerability in iiiryan
WordPres \u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30553 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30552 (Cross-Site Request Forgery (CSRF) vulnerability in Donald
Gilbert Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30551 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30550 (Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru
CallPhone ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30549 (Cross-Site Request Forgery (CSRF) vulnerability in Yummly
Yummly Rich ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30546 (Cross-Site Request Forgery (CSRF) vulnerability in boroV
Cackle allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30545 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30543 (Missing Authorization vulnerability in swayam.tejwani Menu
Duplicator ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30542 (Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions
SoundCl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30541 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes
Info Boxe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30540 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30538 (Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst
Simple O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30537 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-30536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30535 (Cross-Site Request Forgery (CSRF) vulnerability in muro
External image ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30534 (Cross-Site Request Forgery (CSRF) vulnerability in
captcha.soft Image ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30533 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30532 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30531 (Cross-Site Request Forgery (CSRF) vulnerability in GBS
Developer WP Ri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30530 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30529 (Cross-Site Request Forgery (CSRF) vulnerability in
S\xe9bastien Dumont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30528 (Cross-Site Request Forgery (CSRF) vulnerability in wpshopee
Awesome Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30527 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30526 (Cross-Site Request Forgery (CSRF) vulnerability in lucksy
Typekit plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30525 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30523 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30522 (Cross-Site Request Forgery (CSRF) vulnerability in Damian
Orzol Contac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30521 (Cross-Site Request Forgery (CSRF) vulnerability in giangmd93
GP Back T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30208 (Vite, a provider of frontend development tooling, has a
vulnerability ...)
TODO: check
CVE-2025-30205 (kanidim-provision is a helper utility that uses kanidm's API
to provis ...)
@@ -209,13 +209,13 @@ CVE-2025-22223 (Spring Security 6.4.0 - 6.4.3 may not
correctly locate method se
CVE-2025-1558 (Mattermost Mobile Apps versions <=2.25.0 fail to properly
validate GIF ...)
TODO: check
CVE-2025-0835 (Software installed and run as a non-privileged user may conduct
improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-0478 (Software installed and run as a non-privileged user may conduct
improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-0256 (HCL DevOps Deploy / HCL Launch could allow an authenticated
user to ob ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-0255 (HCL DevOps Deploy / HCL Launch could allow a remote privileged
authent ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-9103 (Improper Neutralization of Script in Attributes in a Web Page
vulnerab ...)
TODO: check
CVE-2024-8774 (The SIMPLE.ERP client stores superuser password in a
recoverable forma ...)
@@ -180415,7 +180415,7 @@ CVE-2015-10076 (A vulnerability was found in dimtion
Shaarlier up to 1.2.2. It h
CVE-2023-25611 (A improper neutralization of formula elements in a CSV file
vulnerabil ...)
NOT-FOR-US: Fortinet
CVE-2023-25610 (A buffer underwrite ('buffer underflow') vulnerability in the
administ ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918]
inFortiMan ...)
NOT-FOR-US: Fortinet
CVE-2023-25608 (An incomplete filtering of one or more instances of special
elements v ...)
@@ -328898,7 +328898,7 @@ CVE-2021-26107 (An improper access control
vulnerability [CWE-284] in FortiManag
CVE-2021-26106 (An improper neutralization of special elements used in an OS
Command v ...)
NOT-FOR-US: Fortiguard
CVE-2021-26105 (A stack-based buffer overflow vulnerability (CWE-121) in the
profile p ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the
command ...)
NOT-FOR-US: Fortiguard
CVE-2021-26103 (An insufficient verification of data authenticity
vulnerability (CWE-3 ...)
@@ -328926,7 +328926,7 @@ CVE-2021-26093 (An access of uninitialized pointer
(CWE-824) vulnerabilityin For
CVE-2021-26092 (Failure to sanitize input in the SSL VPN web portal of FortiOS
5.2.10 ...)
NOT-FOR-US: FortiGuard
CVE-2021-26091 (A use of a cryptographically weak pseudo-random number
generator vulne ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-26090 (A missing release of memory after its effective lifetime
vulnerability ...)
NOT-FOR-US: FortiMail
CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and
below m ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74a3529fbf2b16bf060b69e64ea41c5d5cde116d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74a3529fbf2b16bf060b69e64ea41c5d5cde116d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
