Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c6d845b6 by security tracker role at 2025-05-07T20:13:22+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2025-4104 (The Frontend Dashboard plugin for WordPress is vulnerable to
Privilege ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47692 (Missing Authorization vulnerability in contentstudio
ContentStudio all ...)
TODO: check
CVE-2025-47691 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47688 (Missing Authorization vulnerability in Saad Iqbal Advanced
File Manage ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47686 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Moloni
Contribuinte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47684 (Cross-Site Request Forgery (CSRF) vulnerability in Smaily
Smaily for W ...)
TODO: check
CVE-2025-47683 (Deserialization of Untrusted Data vulnerability in Florent
Maillefaud ...)
@@ -47,7 +47,7 @@ CVE-2025-47657 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-47656 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47655 (Cross-Site Request Forgery (CSRF) vulnerability in
themarketer2023 the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47653 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-47649 (Path Traversal vulnerability in ilmosys Open Close WooCommerce
Store a ...)
@@ -61,7 +61,7 @@ CVE-2025-47644 (URL Redirection to Untrusted Site ('Open
Redirect') vulnerabilit
CVE-2025-47643 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-47639 (Cross-Site Request Forgery (CSRF) vulnerability in Supertext
Supertext ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47638 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47636 (Path Traversal vulnerability in Fernando Briano List category
posts al ...)
@@ -69,7 +69,7 @@ CVE-2025-47636 (Path Traversal vulnerability in Fernando
Briano List category po
CVE-2025-47635 (Server-Side Request Forgery (SSRF) vulnerability in
WPWebinarSystem We ...)
TODO: check
CVE-2025-47633 (Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin
\u2013 Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47632 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47630 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -91,7 +91,7 @@ CVE-2025-47622 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-47621 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47620 (Cross-Site Request Forgery (CSRF) vulnerability in bundgaard
Martins F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47617 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47616 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -99,7 +99,7 @@ CVE-2025-47616 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-47615 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47614 (Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark
LessBut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47612 (Missing Authorization vulnerability in flowdee ClickWhale
allows Explo ...)
TODO: check
CVE-2025-47609 (Cross-Site Request Forgery (CSRF) vulnerability in easymebiz
EasyMe Co ...)
@@ -135,7 +135,7 @@ CVE-2025-47589 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-47587 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-47551 (Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki
Embed a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47550 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
TODO: check
CVE-2025-47549 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
@@ -161,7 +161,7 @@ CVE-2025-47538 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-47537 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-47533 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic
Design Graph ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47531 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-47528 (Missing Authorization vulnerability in pewilliams Ovation
Elements all ...)
@@ -185,13 +185,13 @@ CVE-2025-47519 (Cross-Site Request Forgery (CSRF)
vulnerability in Scott Paterso
CVE-2025-47518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47517 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Paterson Acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47516 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47515 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47514 (Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's
Related P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47510 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-47509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -245,7 +245,7 @@ CVE-2025-47483 (Server-Side Request Forgery (SSRF)
vulnerability in Iulia Cazan
CVE-2025-47482 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-47481 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47480 (Missing Authorization vulnerability in Iqonic Design Graphina
allows E ...)
TODO: check
CVE-2025-47476 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -259,7 +259,7 @@ CVE-2025-47472 (Missing Authorization vulnerability in
codepeople Music Player f
CVE-2025-47471 (Missing Authorization vulnerability in EnvoThemes Envo Extra
allows Ex ...)
TODO: check
CVE-2025-47470 (Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3
AI Cont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47469 (Missing Authorization vulnerability in slui Media Hygiene
allows Explo ...)
TODO: check
CVE-2025-47468 (Cross-Site Request Forgery (CSRF) vulnerability in hashthemes
Hash For ...)
@@ -273,7 +273,7 @@ CVE-2025-47465 (Missing Authorization vulnerability in
CreativeThemes Blocksy al
CVE-2025-47464 (Server-Side Request Forgery (SSRF) vulnerability in solacewp
Solace Ex ...)
TODO: check
CVE-2025-47462 (Cross-Site Request Forgery (CSRF) vulnerability in Ohidul
Islam Challa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47460 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-47459 (Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio
WP Fund ...)
@@ -287,7 +287,7 @@ CVE-2025-47455 (URL Redirection to Untrusted Site ('Open
Redirect') vulnerabilit
CVE-2025-47454 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
TODO: check
CVE-2025-47451 (Cross-Site Request Forgery (CSRF) vulnerability in
silverplugins217 Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47450 (Missing Authorization vulnerability in Mitchell Bennis Simple
File Lis ...)
TODO: check
CVE-2025-47449 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -313,7 +313,7 @@ CVE-2025-47423 (Personal Weather Station Dashboard 12_lts
allows unauthenticated
CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88 allows command
injection via a ...)
TODO: check
CVE-2025-46828 (WeGIA is a web manager for charitable institutions. An
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-46827 (Graylog is a free and open log management platform. Prior to
versions ...)
TODO: check
CVE-2025-46824 (The Discourse Code Review Plugin allows users to review GitHub
commits ...)
@@ -321,23 +321,23 @@ CVE-2025-46824 (The Discourse Code Review Plugin allows
users to review GitHub c
CVE-2025-46551 (JRuby-OpenSSL is an add-on gem for JRuby that emulates the
Ruby OpenSS ...)
TODO: check
CVE-2025-45514 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the
functio ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-45388 (Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site
Scripting (XSS) ...)
TODO: check
CVE-2025-3476 (Incorrect Authorization vulnerability in OpenText\u2122
Operations Bri ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-3272 (Incorrect Authorization vulnerability in OpenText\u2122
Operations Bri ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-39361 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-33093 (IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2
JWT secret ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32821 (A vulnerability in SMA100 allows a remote authenticated
attacker with ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-32820 (A vulnerability in SMA100 allows a remote authenticated
attacker with ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-32819 (A vulnerability in SMA100 allows a remote authenticated
attacker with ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-30147 (Besu Native contains scripts and tooling that is used to build
and pac ...)
TODO: check
CVE-2025-2778
@@ -365,65 +365,65 @@ CVE-2025-26169 (IXON VPN Client before 1.4.4 on Windows
allows Local Privilege E
CVE-2025-26168 (IXON VPN Client before 1.4.4 on Linux and macOS allows Local
Privilege ...)
TODO: check
CVE-2025-20980 (Out-of-bounds write in libsavscmn prior to Android 15 allows
local att ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20979 (Out-of-bounds write in libsavscmn prior to Android 15 allows
local att ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20978 (Improper access control in PENUP prior to version 3.9.19.32
allows loc ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20977 (Use of implicit intent for sensitive communication in
translation in S ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20976 (Out-of-bounds read in applying binary of text content in
Samsung Notes ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20975 (Improper Export of Android Application Components in
AODService prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20974 (Improper handling of insufficient permission in
PackageInstallerCN pri ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20973 (Improper authentication in Secure Folder prior to version
1.8.12.0 in ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20972 (Improper verification of intent by broadcast receiver in
Samsung Flow ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20971 (Improper input validation in Samsung Flow prior to version
4.9.17.6 al ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20970 (Improper access control in Bixby Vision prior to version 3.8.1
in Andr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20969 (Improper input validation in Samsung Gallery prior to version
14.5.10. ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20968 (Improper access control in Samsung Gallery prior to version
14.5.10.3 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20967 (Improper access control in Samsung Gallery prior to version
14.5.10.3 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20966 (Improper access control in Samsung Gallery prior to version
14.5.10.3 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20965 (Improper handling of insufficient permission in Bixby wakeup
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20964 (Out-of-bounds write in parsing media files in libsavsvc.so
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20963 (Out-of-bounds write in memory initialization in libsavsvc.so
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20962 (Improper handling of insufficient permission in SpenGesture
service pr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20961 (Improper handling of insufficient permission or privileges in
sepunion ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20960 (Improper handling of insufficient permission in
CocktailBarService pri ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20959 (Use of implicit intent for sensitive communication in Wi-Fi
P2P servic ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20958 (Improper verification of intent by broadcast receiver in
UnifiedWFC pr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20957 (Improper access control in SmartManagerCN prior to SMR
May-2025 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20956 (Improper export of android application components in Settings
in Galax ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20955 (Improper Export of Android Application Components in
NotificationHisto ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20954 (Use of implicit intent for sensitive communication in
EnrichedCall pri ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20953 (Improper access control in SmartManagerCN prior to SMR
May-2025 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20949 (Path traversal vulnerability in Samsung Members prior to
version 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20937 (Out-of-bounds write in Keymaster trustlet prior to SMR
May-2025 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20223 (A vulnerability in Cisco Catalyst Center, formerly Cisco DNA
Center, c ...)
TODO: check
CVE-2025-20221 (A vulnerability in the packet filtering features of Cisco IOS
XE SD-WA ...)
@@ -473,9 +473,9 @@ CVE-2025-20186 (A vulnerability in the web-based management
interface of the Wir
CVE-2025-20182 (A vulnerability in the Internet Key Exchange version 2 (IKEv2)
protoco ...)
TODO: check
CVE-2025-20181 (A vulnerability in Cisco IOS Software for Cisco Catalyst
2960X, 2960XR ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20164 (A vulnerability in the Cisco Industrial Ethernet Switch Device
Manager ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20162 (A vulnerability in the DHCP snooping security feature of Cisco
IOS XE ...)
TODO: check
CVE-2025-20157 (A vulnerability in certificate validation processing of Cisco
Catalyst ...)
@@ -491,7 +491,7 @@ CVE-2025-20147 (A vulnerability in the web-based management
interface of Cisco C
CVE-2025-20140 (A vulnerability in the Wireless Network Control daemon (wncd)
of Cisco ...)
TODO: check
CVE-2025-20137 (A vulnerability in the access control list (ACL) programming
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager,
formerly ...)
TODO: check
CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2,
`tls_wildc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6d845b6836a2d0894937b57fd83ce952c6635e5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6d845b6836a2d0894937b57fd83ce952c6635e5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
