[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 16 May 2025 14:05:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
26edf4ef by Salvatore Bonaccorso at 2025-05-16T23:04:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,21 +9,21 @@ CVE-2025-4806 (A vulnerability, which was classified as 
critical, has been found
 CVE-2025-4802 (Untrusted LD_LIBRARY_PATH environment variable vulnerability in 
the GN ...)
        TODO: check
 CVE-2025-4795 (A vulnerability classified as critical has been found in 
gongfuxiang s ...)
-       TODO: check
+       NOT-FOR-US: gongfuxiang schoolcms
 CVE-2025-4794 (A vulnerability was found in PHPGurukul Online Course 
Registration 3.1 ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4793 (A vulnerability was found in PHPGurukul Online Course 
Registration 3.1 ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4792 (A vulnerability was found in FreeFloat FTP Server 1.0 and 
classified a ...)
-       TODO: check
+       NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-4791 (A vulnerability has been found in FreeFloat FTP Server 1.0 and 
classif ...)
-       TODO: check
+       NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-4790 (A vulnerability, which was classified as critical, was found in 
FreeFl ...)
-       TODO: check
+       NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-4789 (A vulnerability, which was classified as critical, has been 
found in F ...)
-       TODO: check
+       NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-4788 (A vulnerability classified as critical was found in FreeFloat 
FTP Serv ...)
-       TODO: check
+       NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-4787 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-4786 (A vulnerability was found in SourceCodester/oretnom23 Stock 
Management ...)
@@ -49,11 +49,11 @@ CVE-2025-4771 (A vulnerability, which was classified as 
critical, was found in P
 CVE-2025-4770 (A vulnerability, which was classified as critical, has been 
found in P ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4769 (A vulnerability classified as critical was found in CBEWIN 
Anytxt Sear ...)
-       TODO: check
+       NOT-FOR-US: CBEWIN Anytxt Searcher
 CVE-2025-4768 (A vulnerability classified as critical has been found in 
feng_ha_ha/me ...)
-       TODO: check
+       NOT-FOR-US: feng_ha_ha/megagao ssm-erp and production_ssm
 CVE-2025-4767 (A vulnerability was found in defog-ai introspect up to 0.1.4. 
It has b ...)
-       TODO: check
+       NOT-FOR-US: defog-ai introspect
 CVE-2025-4766 (A vulnerability was found in PHPGurukul Zoo Management System 
2.1. It  ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4765 (A vulnerability was found in PHPGurukul Zoo Management System 
2.1. It  ...)
@@ -113,7 +113,7 @@ CVE-2025-48080 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-48079 (Missing Authorization vulnerability in Metagauss ProfileGrid  
allows E ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-47916 (Invision Community 5.0.0 before 5.0.7 allows remote code 
execution via ...)
-       TODO: check
+       NOT-FOR-US: Invision Community
 CVE-2025-47794 (Nextcloud Server is a self hosted personal cloud system. In 
Nextcloud  ...)
        TODO: check
 CVE-2025-47793 (Nextcloud Server is a self hosted personal cloud system, and 
the Nextc ...)
@@ -133,37 +133,37 @@ CVE-2025-47564 (Missing Authorization vulnerability in 
ashanjay EventON allows A
 CVE-2025-47563 (Missing Authorization vulnerability in villatheme CURCY allows 
Accessi ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47562 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-47560 (Missing Authorization vulnerability in RomanCode MapSVG allows 
Exploit ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47557 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47556 (Missing Authorization vulnerability in QuanticaLabs CSS3 
Compare Prici ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-47534 (Missing Authorization vulnerability in ValvePress Wordpress 
Auto Spinn ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-46464 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-40906 (BSON::XS versions 0.8.4 and earlier for Perl includes a 
bundled libbso ...)
        TODO: check
 CVE-2025-40632 (Cross-site scripting (XSS) in Icewarp Mail Server affecting 
version 11 ...)
-       TODO: check
+       NOT-FOR-US: Icewarp Mail Server
 CVE-2025-40631 (HTTP host header injection vulnerability in Icewarp Mail 
Server affect ...)
-       TODO: check
+       NOT-FOR-US: Icewarp Mail Server
 CVE-2025-40630 (Open redirection vulnerability in IceWarp Mail Server 
affecting versio ...)
-       TODO: check
+       NOT-FOR-US: IceWarp Mail Server
 CVE-2025-40629 (PNETLab 4.2.10 does not properly sanitize user inputs in its 
file acce ...)
-       TODO: check
+       NOT-FOR-US: PNETLab
 CVE-2025-39537 (Authorization Bypass Through User-Controlled Key vulnerability 
in Chim ...)
-       TODO: check
+       NOT-FOR-US: Chimpstudio WP JobHunt
 CVE-2025-39511 (Missing Authorization vulnerability in ValvePress Pinterest 
Automatic  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-39509 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-39507 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-39493 (Missing Authorization vulnerability in ValvePress Rankie 
allows Exploi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-39492 (Path Traversal vulnerability in WHMPress WHMpress allows 
Relative Path ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-39491 (Path Traversal vulnerability in WHMPress WHMpress allows Path 
Traversa ...)
@@ -179,59 +179,59 @@ CVE-2025-32643 (Improper Neutralization of Special 
Elements used in an SQL Comma
 CVE-2025-32310 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove 
QuickCal  ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32307 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-32306 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32301 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32299 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-32296 (Missing Authorization vulnerability in quantumcloud Simple 
Link Direct ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32295 (Missing Authorization vulnerability in wordpresschef Salon 
Booking Pro ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32290 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-32287 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-32245 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-32180 (Missing Authorization vulnerability in QuanticaLabs CSS3 
Tooltips for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31928 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31926 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31923 (Missing Authorization vulnerability in QuanticaLabs CSS3 
Accordions fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31922 (Cross-Site Request Forgery (CSRF) vulnerability in 
QuanticaLabs CSS3 A ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31921 (Cross-Site Request Forgery (CSRF) vulnerability in loopus WP 
Ultimate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31915 (Cross-Site Request Forgery (CSRF) vulnerability in 
kamleshyadav Pixel  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31641 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31640 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31639 (Cross-Site Request Forgery (CSRF) vulnerability in themeton 
Spare allo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31637 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31630 (Missing Authorization vulnerability in themeton The Business 
allows Ex ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31071 (Missing Authorization vulnerability in themeton HotStar \u2013 
Multi-P ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31068 (Cross-Site Request Forgery (CSRF) vulnerability in themeton 
Seven Star ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31066 (Missing Authorization vulnerability in themeton Acerola allows 
Exploit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31065 (Missing Authorization vulnerability in themeton Rozario allows 
Exploit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31063 (Missing Authorization vulnerability in redqteam Wishlist 
allows Exploi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31062 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2306 (An Improper Access Control vulnerability was identified in the 
file do ...)
        TODO: check
 CVE-2025-2305 (A Path traversal vulnerability in the file download 
functionality was  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26edf4efffedeea6b5597511a74f17ed9c333491

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26edf4efffedeea6b5597511a74f17ed9c333491
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to