[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 31 Oct 2025 13:29:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1fcaa198 by Salvatore Bonaccorso at 2025-10-31T21:29:09+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,17 +61,17 @@ CVE-2025-64351 (Insertion of Sensitive Information Into 
Sent Data vulnerability
 CVE-2025-64350 (Missing Authorization vulnerability in Rank Math SEO Rank Math 
SEO seo ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64349 (ELOG allows an authenticated user to modify another user's 
profile. An ...)
-       TODO: check
+       NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2025-64348 (ELOG allows an authenticated user to modify or overwrite the 
configura ...)
-       TODO: check
+       NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2025-64168 (Agno is a multi-agent framework, runtime and control plane. 
From 2.0.0 ...)
-       TODO: check
+       NOT-FOR-US: Agno
 CVE-2025-63675 (cryptidy through 1.2.4 allows code execution via untrusted 
data becaus ...)
-       TODO: check
+       NOT-FOR-US: cryptidy
 CVE-2025-63562 (Summer Pearl Group Vacation Rental Management Platform prior 
to v1.0.2 ...)
-       TODO: check
+       NOT-FOR-US: Summer Pearl Group Vacation Rental Management Platform
 CVE-2025-63561 (Summer Pearl Group Vacation Rental Management Platform prior 
to 1.0.2  ...)
-       TODO: check
+       NOT-FOR-US: Summer Pearl Group Vacation Rental Management Platform
 CVE-2025-63469 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to 
contain a stac ...)
        NOT-FOR-US: TOTOLINK
 CVE-2025-63468 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to 
contain a stac ...)
@@ -99,7 +99,7 @@ CVE-2025-63458 (Tenda AX-1803 v1.0.0.1 was discovered to 
contain a stack overflo
 CVE-2025-63454 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack 
overflow  ...)
        NOT-FOR-US: Tenda
 CVE-2025-62618 (ELOG allows an authenticated user to upload arbitrary HTML 
files. The  ...)
-       TODO: check
+       NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2025-62267 (Multiple cross-site scripting (XSS) vulnerabilities in web 
content tem ...)
        NOT-FOR-US: Liferay
 CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in 
Languauge Overri ...)
@@ -107,19 +107,19 @@ CVE-2025-62264 (Reflected cross-site scripting (XSS) 
vulnerability in Languauge
 CVE-2025-62232 (Sensitive data exposure via logging in basic-auth leads to 
plaintext u ...)
        TODO: check
 CVE-2025-61427 (A reflected cross-site scripting (XSS) vulnerability in BEO 
GmbH BEO A ...)
-       TODO: check
+       NOT-FOR-US: BEO GmbH BEO Atlas Einfuhr Ausfuhr
 CVE-2025-61141 (sqls-server/sqls 0.2.28 is vulnerable to command injection in 
the conf ...)
-       TODO: check
+       NOT-FOR-US: sqls-server/sqls
 CVE-2025-60749 (DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 
via craft ...)
-       TODO: check
+       NOT-FOR-US: Trimble SketchUp desktop
 CVE-2025-60711 (Protection mechanism failure in Microsoft Edge 
(Chromium-based) allows ...)
        NOT-FOR-US: Microsoft
 CVE-2025-5397 (The Noo JobMonster theme for WordPress is vulnerable to 
Authentication ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-59501 (Authentication bypass by spoofing in Microsoft Configuration 
Manager a ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-58152 (FutureNet MA and IP-K series provided by Century Systems Co., 
Ltd. put ...)
-       TODO: check
+       NOT-FOR-US: Century Systems
 CVE-2025-57108 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a 
heap use- ...)
        TODO: check
 CVE-2025-57107 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a 
heap buff ...)
@@ -127,7 +127,7 @@ CVE-2025-57107 (Kitware VTK (Visualization Toolkit) through 
9.5.0 contains a hea
 CVE-2025-57106 (Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable 
to Buffe ...)
        TODO: check
 CVE-2025-54763 (FutureNet MA and IP-K series provided by Century Systems Co., 
Ltd. con ...)
-       TODO: check
+       NOT-FOR-US: Century Systems
 CVE-2025-52665 (A malicious actor with access to the management network could 
exploit  ...)
        TODO: check
 CVE-2025-52664 (SQL injection in Revive Adserver 6.0.0 causes potential 
disruption or  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fcaa19850c04ca8213daa07d1b2a5fe5d4c60ea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fcaa19850c04ca8213daa07d1b2a5fe5d4c60ea
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to