Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab3ea7ee by Salvatore Bonaccorso at 2025-04-08T22:15:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2025-3437 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3436 (The coreActivity: Activity Logging for WordPress plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3433 (The Advanced Advertising System plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3432 (The AAWP Obfuscator plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3416 (A flaw was found in OpenSSL's handling of the properties
argument in c ...)
TODO: check
CVE-2025-3289 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3288 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3287 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3286 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3285 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3064 (The WPFront User Role Editor plugin for WordPress is vulnerable
to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32406 (An XXE issue in the Director NBR component in NAKIVO Backup &
Replicat ...)
TODO: check
CVE-2025-32279 (Missing Authorization vulnerability in Shahjada Live Forms.
This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32211 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32164 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32117 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32036 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
TODO: check
CVE-2025-32035 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
@@ -49,47 +49,47 @@ CVE-2025-32018 (Cursor is a code editor built for
programming with AI. In versio
CVE-2025-32017 (Umbraco is a free and open source .NET content management
system. Auth ...)
TODO: check
CVE-2025-30671 (Null pointer dereference in some Zoom Workplace Apps for
Windows may a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-30670 (Null pointer dereference in some Zoom Workplace Apps for
Windows may a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-30309 (XMP Toolkit versions 2023.12 and earlier are affected by an
out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30308 (XMP Toolkit versions 2023.12 and earlier are affected by an
out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30307 (XMP Toolkit versions 2023.12 and earlier are affected by an
out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30306 (XMP Toolkit versions 2023.12 and earlier are affected by an
out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30305 (XMP Toolkit versions 2023.12 and earlier are affected by an
out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30304 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30303 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30302 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30301 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30300 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30299 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30298 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30297 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30296 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30295 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30291 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are
affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30286 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are
affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30285 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are
affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30280 (A vulnerability has been identified in Mendix Runtime V10 (All
version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30166 (Pimcore's Admin Classic Bundle provides a Backend UI for
Pimcore. An H ...)
TODO: check
CVE-2025-30151 (Shopware is an open commerce platform. It's possible to pass
long pass ...)
@@ -97,35 +97,35 @@ CVE-2025-30151 (Shopware is an open commerce platform. It's
possible to pass lon
CVE-2025-30150 (Shopware 6 is an open commerce platform based on Symfony
Framework and ...)
TODO: check
CVE-2025-30000 (A vulnerability has been identified in Siemens License Server
(SLS) (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-2883 (The Accept SagePay Payments Using Contact Form 7 plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2876 (The MelaPress Login Security and MelaPress Login Security
Premium plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2829 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2808 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2807 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2568 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress &
WooCommerce pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2293 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2288 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2287 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2286 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-2285 (A local code execution vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-29999 (A vulnerability has been identified in Siemens License Server
(SLS) (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-29986 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s)
an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-29985 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s)
an Initi ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-29824 (Use after free in Windows Common Log File System Driver allows
an auth ...)
TODO: check
CVE-2025-29823 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
@@ -267,57 +267,57 @@ CVE-2025-27469 (Uncontrolled resource consumption in
Windows LDAP - Lightweight
CVE-2025-27467 (Use after free in Windows Digital Media allows an authorized
attacker ...)
TODO: check
CVE-2025-27443 (Insecure default variable initialization in some Zoom
Workplace Apps f ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-27442 (Cross site scripting in some Zoom Workplace Apps may allow an
unauthen ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-27441 (Cross site scripting in some Zoom Workplace Apps may allow an
unauthen ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-27205 (Adobe Experience Manager Screens versions FP11.3 and earlier
are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27204 (After Effects versions 25.1, 24.6.4 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27202 (Animate versions 24.0.7, 23.0.10 and earlier are affected by
an out-of ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27201 (Animate versions 24.0.7, 23.0.10 and earlier are affected by
an out-of ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27200 (Animate versions 24.0.7, 23.0.10 and earlier are affected by a
Use Aft ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27199 (Animate versions 24.0.7, 23.0.10 and earlier are affected by a
Heap-ba ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27198 (Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27196 (Premiere Pro versions 25.1, 24.6.4 and earlier are affected by
a Heap- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27195 (Media Encoder versions 25.1, 24.6.4 and earlier are affected
by a Heap ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27194 (Media Encoder versions 25.1, 24.6.4 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27193 (Bridge versions 14.1.5, 15.0.2 and earlier are affected by a
Heap-base ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27187 (After Effects versions 25.1, 24.6.4 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27186 (After Effects versions 25.1, 24.6.4 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27185 (After Effects versions 25.1, 24.6.4 and earlier are affected
by a NULL ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27184 (After Effects versions 25.1, 24.6.4 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27183 (After Effects versions 25.1, 24.6.4 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27182 (After Effects versions 25.1, 24.6.4 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27085 (Multiple vulnerabilities exist in the web-based management
interface o ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27084 (A vulnerability in the Captive Portal of an AOS-10 GW and
AOS-8 Contro ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27083 (Authenticated command injection vulnerabilities exist in the
AOS-10 GW ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27082 (Arbitrary File Write vulnerabilities exist in the web-based
management ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27079 (A vulnerability in the file creation process on the command
line inter ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-27078 (A vulnerability in a system binary of AOS-8 Instant and AOS-10
AP coul ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-26688 (Stack-based buffer overflow in Microsoft Virtual Hard Drive
allows an ...)
TODO: check
CVE-2025-26687 (Use after free in Windows Win32K - GRFX allows an unauthorized
attacke ...)
@@ -389,11 +389,11 @@ CVE-2025-26635 (Weak authentication in Windows Hello
allows an authorized attack
CVE-2025-26628 (Insufficiently protected credentials in Azure Local Cluster
allows an ...)
TODO: check
CVE-2025-25254 (An Improper Limitation of a Pathname to a Restricted Directory
('Path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-25227 (Insufficient state checks lead to a vector that allows to
bypass 2FA c ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-25226 (Improper handling of identifiers lead to a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-25002 (Insertion of sensitive information into log file in Azure
Local Cluste ...)
TODO: check
CVE-2025-24074 (Improper input validation in Windows DWM Core Library allows
an author ...)
@@ -407,19 +407,19 @@ CVE-2025-24060 (Improper input validation in Windows DWM
Core Library allows an
CVE-2025-24058 (Improper input validation in Windows DWM Core Library allows
an author ...)
TODO: check
CVE-2025-22855 (An improper neutralization of input during web page generation
('Cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-22466 (Reflected XSS in Ivanti Endpoint Manager before version 2024
SU1 or be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22465 (Reflected XSS in Ivanti Endpoint Manager before version 2024
SU1 or be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22464 (An untrusted pointer dereference vulnerability in Ivanti
Endpoint Mana ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22461 (SQL injection in Ivanti Endpoint Manager before version 2024
SU1 or be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22459 (Improper certificate validation in Ivanti Endpoint Manager
before vers ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22458 (DLL hijacking in Ivanti Endpoint Manager before version 2024
SU1 or be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-21222 (Heap-based buffer overflow in Windows Telephony Service allows
an unau ...)
TODO: check
CVE-2025-21221 (Heap-based buffer overflow in Windows Telephony Service allows
an unau ...)
@@ -437,13 +437,13 @@ CVE-2025-21191 (Time-of-check time-of-use (toctou) race
condition in Windows Loc
CVE-2025-21174 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
TODO: check
CVE-2025-1095 (IBM Personal Communications v14 and v15 include a Windows
service that ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-54092 (A vulnerability has been identified in Industrial Edge Device
Kit - ar ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-54025 (An improper neutralization of special elements used in an OS
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-54024 (An improper neutralization of special elements used in an OS
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-52981 (An issue was discovered in Elasticsearch, where a large
recursion usin ...)
TODO: check
CVE-2024-52980 (A flaw was discovered in Elasticsearch, where a large
recursion using ...)
@@ -451,37 +451,37 @@ CVE-2024-52980 (A flaw was discovered in Elasticsearch,
where a large recursion
CVE-2024-52974 (An issue has been identified where a specially crafted request
sent to ...)
TODO: check
CVE-2024-52962 (AnImproper Output Neutralization for Logs vulnerability
[CWE-117] in F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-50565 (A improper restriction of communication channel to intended
endpoints ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-48887 (A unverified password change vulnerability in Fortinet
FortiSwitch GU ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46671 (An Incorrect User Management vulnerability [CWE-286] in
FortiWeb versi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-41796 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41795 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41794 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41793 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41792 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41791 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41790 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41789 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41788 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-32122 (A storing passwords in a recoverable format in Fortinet
FortiOS versio ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-26013 (A improper restriction of communication channel to intended
endpoints ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-37930 (Multiple issues including the use of uninitialized ressources
[CWE-908 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-XXXX [Heap-buffer-overflow in ImportViewPixelArea()]
- graphicsmagick 1.4+really1.3.45+hg17696-1
NOTE:
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3ea7ee165ec31cfef08fe37074447970d0e03d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3ea7ee165ec31cfef08fe37074447970d0e03d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
