Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a22a8ceb by Salvatore Bonaccorso at 2025-04-11T22:26:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,103 +1,103 @@
CVE-2025-3439 (The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter
& Paym ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3434 (The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3422 (The The Everest Forms \u2013 Contact Form, Quiz, Survey,
Newsletter & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3421 (The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter
& Paym ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32681 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32672 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32671 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32663 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32656 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32654 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32650 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32633 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32632 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32631 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32629 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32627 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32618 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32614 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32607 (Deserialization of Untrusted Data vulnerability in
magepeopleteam WpBo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32603 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32601 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32600 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32599 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32589 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32587 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32586 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32585 (Path Traversal vulnerability in Trusty Plugins Shop Products
Filter al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32579 (Unrestricted Upload of File with Dangerous Type vulnerability
in SoftC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32577 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32569 (Deserialization of Untrusted Data vulnerability in RealMag777
TableOn ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32568 (Deserialization of Untrusted Data vulnerability in empik
EmpikPlace fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32567 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32565 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32558 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32553 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32551 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32542 (Missing Authorization vulnerability in EazyPlugins Eazy Plugin
Manager ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32541 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32538 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32537 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32534 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32525 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32524 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32523 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32519 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32517 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32509 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32491 (Incorrect Privilege Assignment vulnerability in Rankology
Rankology SE ...)
TODO: check
CVE-2025-32427 (Formie is a Craft CMS plugin for creating forms. Prior to
2.1.44, when ...)
@@ -107,9 +107,9 @@ CVE-2025-32426 (Formie is a Craft CMS plugin for creating
forms. Prior to versio
CVE-2025-32367 (The Oz Forensics face recognition application before 4.0.8
late 2023 a ...)
TODO: check
CVE-2025-32144 (Deserialization of Untrusted Data vulnerability in PickPlugins
Job Boa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32143 (Deserialization of Untrusted Data vulnerability in PickPlugins
Accordi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32107 (OS command injection vulnerability exists in Deco BE65 Pro
firmware ve ...)
TODO: check
CVE-2025-32080 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
@@ -145,13 +145,13 @@ CVE-2025-31935 (Subnet Solutions PowerSYSTEM Center is
affected by a mishandli
CVE-2025-31932 (Deserialization of untrusted data issue exists in BizRobo! all
version ...)
TODO: check
CVE-2025-31599 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31565 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31379 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31378 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31362 (Use of hard-coded cryptographic key issue exists in BizRobo!
all versi ...)
TODO: check
CVE-2025-31354 (Subnet Solutions PowerSYSTEM Center's SMTPS notification
service can b ...)
@@ -163,17 +163,17 @@ CVE-2025-31040 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-31028 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-31021 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31015 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-31014 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-2575 (The Z Companion plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2541 (The WP Project Manager plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2128 (The Cost Calculator Builder plugin for WordPress is vulnerable
to time ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23391 (A Incorrect Privilege Assignment vulnerability in SUSE rancher
allows ...)
TODO: check
CVE-2025-23389 (A Improper Access Control vulnerability in SUSE rancher allows
a local ...)
@@ -183,9 +183,9 @@ CVE-2025-23388 (A Stack-based Buffer Overflow vulnerability
in SUSE rancher allo
CVE-2025-23387 (A Exposure of Sensitive Information to an Unauthorized Actor
vulnerabi ...)
TODO: check
CVE-2025-0123 (A vulnerability in the Palo Alto Networks PAN-OS\xae software
enables ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0119 (A command injection vulnerabilityin the Palo Alto Networks
Cortex XDR\ ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-52282 (A Exposure of Sensitive Information to an Unauthorized Actor
vulnerabi ...)
TODO: check
CVE-2024-52280 (A Exposure of Sensitive Information to an Unauthorized Actor
vulnerabi ...)
@@ -195,27 +195,27 @@ CVE-2024-13861 (A code injection vulnerability in the
Debian package component o
CVE-2024-11679 (An input validation weakness was reported in the TpmSetup
module for s ...)
TODO: check
CVE-2023-42983 (Processing a file may lead to a denial-of-service or
potentially discl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42982 (Processing a file may lead to a denial-of-service or
potentially discl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42981 (Processing a file may lead to a denial-of-service or
potentially discl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42977 (A path handling issue was addressed with improved validation.
This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42973 (Private Browsing tabs may be accessed without authentication.
This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42970 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42969 (An app may be able to break out of its sandbox. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42961 (A path handling issue was addressed with improved validation.
This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42875 (Processing web content may lead to arbitrary code execution.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41076 (An app may be able to elevate privileges. This issue is fixed
in macOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38614 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-3512 (There is a Heap-based Buffer Overflow vulnerability in
QTextMarkdownIm ...)
TODO: check
CVE-2025-32816 (CodeLit CourseLit before 0.57.5 allows Parameter Tampering via
a payme ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a22a8cebda33013ab1d621533c1e357b43f3fcaf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a22a8cebda33013ab1d621533c1e357b43f3fcaf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
