[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 03 Sep 2025 13:26:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0843a666 by Salvatore Bonaccorso at 2025-09-03T22:25:10+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9959 (Incomplete validation of dunder attributes allows an attacker 
to escap ...)
-       TODO: check
+       NOT-FOR-US: huggingface/smolagents
 CVE-2025-9926 (A vulnerability was determined in projectworlds Travel 
Management Syst ...)
        NOT-FOR-US: Project Worlds
 CVE-2025-9925 (A vulnerability was found in projectworlds Travel Management 
System 1. ...)
@@ -15,19 +15,19 @@ CVE-2025-9921 (A weakness has been identified in 
code-projects POS Pharmacy Syst
 CVE-2025-9920 (A security flaw has been discovered in Campcodes Recruitment 
Managemen ...)
        NOT-FOR-US: Campcodes
 CVE-2025-9919 (A vulnerability was identified in 1000projects Beauty Parlour 
Manageme ...)
-       TODO: check
+       NOT-FOR-US: 1000projects Beauty Parlour Management System
 CVE-2025-9901 (A flaw was found in libsoup\u2019s caching mechanism, 
SoupCache, where ...)
        TODO: check
 CVE-2025-9824 (ImpactThe attacker can validate if a user exists by checking 
the time  ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2025-9823 (SummaryA Cross-Site Scripting (XSS) vulnerability allows an 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2025-9822 (SummaryA user with administrator rights can change the 
configuration o ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2025-9821 (SummaryUsers with webhook permissions can conduct SSRF via 
webhooks. I ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2025-9365 (Fuji Electric FRENIC-Loader 4 is vulnerable to a 
deserialization of un ...)
-       TODO: check
+       NOT-FOR-US: Fuji Electric
 CVE-2025-9219 (The Post SMTP \u2013 WP SMTP Plugin with Email Logs and Mobile 
App for ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-58644 (Deserialization of Untrusted Data vulnerability in 
enituretechnology L ...)
@@ -141,23 +141,23 @@ CVE-2025-57146 (phpgurukul Complaint Management System in 
PHP 2.0 is vulnerable
 CVE-2025-57052 (cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the 
decode_ ...)
        TODO: check
 CVE-2025-56803 (Figma Desktop for Windows version 125.6.5 contains a command 
injection ...)
-       TODO: check
+       NOT-FOR-US: Figma Desktop for Windows
 CVE-2025-56761 (Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Memos
 CVE-2025-56760 (When Memos 0.22 is configured to store objects locally, an 
attacker ca ...)
-       TODO: check
+       NOT-FOR-US: Memos
 CVE-2025-56752 (A vulnerability in the Ruijie RG-ES series switch firmware 
ESW_1.0(1)B ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2025-56689 (An issue was discovered in Quest One Identity 7.5.1.20903. A 
crafted r ...)
-       TODO: check
+       NOT-FOR-US: Quest One Identity
 CVE-2025-56608 (The SourceCodester Android application "Corona Virus Tracker 
App India ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-56498 (An OS command injection vulnerability exists in PLDT WiFi 
Router's Pro ...)
-       TODO: check
+       NOT-FOR-US: PLDT WiFi Router's Prolink PGN6401V Firmware
 CVE-2025-56435 (SQL Injection vulnerability in FoxCMS v1.2.6 and before allows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: FoxCMS
 CVE-2025-56139 (LinkedIn Mobile Application for Android version 4.1.1087.2 
fails to up ...)
-       TODO: check
+       NOT-FOR-US: LinkedIn Mobile Application for Android
 CVE-2025-55944 (Slink v1.4.9 allows stored cross-site scripting (XSS) via 
crafted SVG  ...)
        TODO: check
 CVE-2025-55852 (Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the 
formWif ...)
@@ -165,15 +165,15 @@ CVE-2025-55852 (Tenda AC8 v16.03.34.06 is vulnerable to 
Buffer Overflow in the f
 CVE-2025-55162 (Envoy is an open source L7 proxy and communication bus 
designed for la ...)
        TODO: check
 CVE-2025-53694 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Sitecore
 CVE-2025-53693 (Use of Externally-Controlled Input to Select Classes or Code 
('Unsafe  ...)
-       TODO: check
+       NOT-FOR-US: Sitecore
 CVE-2025-53691 (Deserialization of Untrusted Data vulnerability in Sitecore 
Experience ...)
-       TODO: check
+       NOT-FOR-US: Sitecore
 CVE-2025-53690 (Deserialization of Untrusted Data vulnerability in Sitecore 
Experience ...)
-       TODO: check
+       NOT-FOR-US: Sitecore
 CVE-2025-52494 (Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a 
denial-of- ...)
-       TODO: check
+       NOT-FOR-US: Adacore Ada Web Server (AWS)
 CVE-2025-48876
        REJECTED
 CVE-2025-47421 (Improper Neutralization of Argument Delimiters in a Command 
('Argument ...)
@@ -181,23 +181,23 @@ CVE-2025-47421 (Improper Neutralization of Argument 
Delimiters in a Command ('Ar
 CVE-2025-45805 (In phpgurukul Doctor Appointment Management System 1.0, an 
authenticat ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-41000 (Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 
from UXB L ...)
-       TODO: check
+       NOT-FOR-US: BoomCMS
 CVE-2025-3701 (Missing Authorization vulnerability in Malcure Web Security 
Malcure Ma ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-36193 (IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly 
assigns pri ...)
        NOT-FOR-US: IBM
 CVE-2025-2416 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2025-2415 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2025-26210 (An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 
through V3. ...)
        TODO: check
 CVE-2025-20336 (A vulnerability in the directory permissions of Cisco Desk 
Phone 9800  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20335 (A vulnerability in the directory permissions of Cisco Desk 
Phone 9800  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20330 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20328 (A vulnerability in the user profile component of Cisco Webex 
Meetings  ...)
        NOT-FOR-US: Cisco
 CVE-2025-20326 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
@@ -205,15 +205,15 @@ CVE-2025-20326 (A vulnerability in the web-based 
management interface of Cisco U
 CVE-2025-20291 (A vulnerability in Cisco Webex Meetings could have allowed an 
unauthen ...)
        NOT-FOR-US: Cisco
 CVE-2025-20287 (A vulnerability in the web-based management interface of Cisco 
Evolved ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20280 (A vulnerability in the web-based management interface of Cisco 
Evolved ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20270 (A vulnerability in the web-based management interface of Cisco 
Evolved ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-1740 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2025-0878 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2025-0280 (A security vulnerability in HCL Compass can allow attacker to 
gain una ...)
        NOT-FOR-US: HCL
 CVE-2024-43166 (Incorrect Default Permissions vulnerability in Apache 
DolphinScheduler ...)
@@ -221,15 +221,15 @@ CVE-2024-43166 (Incorrect Default Permissions 
vulnerability in Apache DolphinSch
 CVE-2024-43115 (Improper Input Validation vulnerability in Apache 
DolphinScheduler. An ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2024-13068 (Origin Validation Error vulnerability in Akinsoft LimonDesk 
allows For ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2024-13066 (Improper Restriction of Rendered UI Layers or Frames 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2024-13065 (Improper Enforcement of Behavioral Workflow, Uncontrolled 
Resource Con ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2024-13064 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2024-13063 (Authorization Bypass Through User-Controlled Key vulnerability 
in Akin ...)
-       TODO: check
+       NOT-FOR-US: Akinsoft
 CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is 
vulnerab ...)
        TODO: check
 CVE-2025-57833



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0843a66664523e3f7cc57ab124fa1a71fe158249

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0843a66664523e3f7cc57ab124fa1a71fe158249
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to