Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
15460680 by Salvatore Bonaccorso at 2025-04-16T10:13:20+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,11 +21,11 @@ CVE-2025-3663 (A vulnerability, which was classified as
critical, has been found
CVE-2025-3495 (Delta Electronics COMMGR v1 and v2uses insufficiently
randomized value ...)
TODO: check
CVE-2025-3247 (The Contact Form 7 plugin for WordPress is vulnerable to Order
Replay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3077 (The Betheme theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32923 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32784 (conda-forge-webservices is the web app deployed to run
conda-forge adm ...)
TODO: check
CVE-2025-32782 (Ash Authentication provides authentication for the Ash
framework. The ...)
@@ -61,15 +61,15 @@ CVE-2025-31357 (An unauthenticated attacker can obtain a
user's plant list by kn
CVE-2025-31147 (Unauthenticated attackers can query information about total
energy con ...)
TODO: check
CVE-2025-30984 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30982 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30970 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30967 (Cross-Site Request Forgery (CSRF) vulnerability in NotFound
WPJobBoard ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30966 (Path Traversal vulnerability in NotFound WPJobBoard allows
Path Traver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30740 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
TODO: check
CVE-2025-30737 (Vulnerability in the Oracle Smart View for Office product of
Oracle Hy ...)
@@ -197,11 +197,11 @@ CVE-2025-30257 (Unauthenticated attackers can retrieve
serial number of smart me
CVE-2025-30254 (An unauthenticated attacker can obtain a serial number of a
smart mete ...)
TODO: check
CVE-2025-30100 (Dell Alienware Command Center 6.x, versions prior to 6.7.37.0
contain ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-2497 (A maliciously crafted DWG file, when parsed through Autodesk
Revit, ca ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-2314 (The User Profile Builder \u2013 Beautiful User Registration
Forms, Use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29471 (Cross Site Scripting vulnerability in Nagios Log Server
v.2024R1.3.1 a ...)
TODO: check
CVE-2025-27939 (An attacker can change registered email addresses of other
users and t ...)
@@ -229,53 +229,53 @@ CVE-2025-27561 (Unauthenticated attackers can rename
"rooms" of arbitrary users.
CVE-2025-27538 (Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to
enforce ...)
TODO: check
CVE-2025-27011 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27008 (Missing Authorization vulnerability in NotFound Unlimited
Timeline all ...)
TODO: check
CVE-2025-26998 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26996 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26953 (Missing Authorization vulnerability in NotFound JetMenu allows
Accessi ...)
TODO: check
CVE-2025-26951 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26950 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26934 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26930 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26927 (Unrestricted Upload of File with Dangerous Type vulnerability
in EPC A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26919 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26908 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26906 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26903 (Cross-Site Request Forgery (CSRF) vulnerability in RealMag777
InPost G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26880 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26870 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26857 (Unauthenticated attackers can rename arbitrary devices of
arbitrary us ...)
TODO: check
CVE-2025-26749 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26748 (Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc.
Arkhe all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26746 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26740 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26730 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-25458 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer
Overflow in Adv ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25453 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer
Overflow in Adv ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25276 (An unauthenticated attacker can hijack other users' devices
and potent ...)
TODO: check
CVE-2025-24850 (An attacker can export other users' plant information.)
@@ -291,11 +291,11 @@ CVE-2025-24297 (Due to lack of server-side input
validation, attackers can injec
CVE-2025-22911 (RE11S v1.11 was discovered to contain a stack overflow via the
rootAPm ...)
TODO: check
CVE-2025-22269 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22268 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22263 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-21588 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2025-21587 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
@@ -329,17 +329,17 @@ CVE-2025-21574 (Vulnerability in the MySQL Server product
of Oracle MySQL (compo
CVE-2025-21573 (Vulnerability in the Oracle Financial Services Revenue
Management and ...)
TODO: check
CVE-2025-1656 (A maliciously crafted PDF file, when linked or imported into
Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1277 (A maliciously crafted PDF file, when parsed through Autodesk
applicati ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1276 (A maliciously crafted DWG file, when parsed through certain
Autodesk a ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1275 (A maliciously crafted JPG file, when linked or imported into
certain A ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1274 (A maliciously crafted RCS file, when parsed through Autodesk
Revit, ca ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-1273 (A maliciously crafted PDF file, when linked or imported into
Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-0101 (A low privileged user can set the date of the devices to the
19th of J ...)
TODO: check
CVE-2024-49200 (An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in
Insyde I ...)
@@ -347,9 +347,9 @@ CVE-2024-49200 (An issue was discovered in AcpiS3SaveDxe
and ChipsetSvcDxe in In
CVE-2024-44843 (An issue in the web socket handshake process of SteVe v3.7.1
allows at ...)
TODO: check
CVE-2024-13452 (The Contact Form by Supsystic plugin for WordPress is
vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10680 (The Form Maker by 10Web WordPress plugin before 1.15.32 does
not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3620
- chromium 135.0.7049.95-1
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15460680ca512c22529cbf9520a5388678e71664
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15460680ca512c22529cbf9520a5388678e71664
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
