[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 06 Nov 2025 12:25:49 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
096dfb19 by Salvatore Bonaccorso at 2025-11-06T21:25:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,13 +13,13 @@ CVE-2025-64198 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-64196 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63589 (A reflected XSS vulnerability exists in CMSimple_XH 1.8's 
index.php ro ...)
-       TODO: check
+       NOT-FOR-US: CMSimple_XH
 CVE-2025-63588 (An unauthenticated reflected cross-site scripting 
vulnerability in the ...)
-       TODO: check
+       NOT-FOR-US: CMSimple_XH
 CVE-2025-63560 (An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video 
Encoder  ...)
-       TODO: check
+       NOT-FOR-US: KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder 
Firmware
 CVE-2025-63551 (A Server-Side Request Forgery (SSRF) vulnerability, achievable 
through ...)
-       TODO: check
+       NOT-FOR-US: MetInfo Content Management System (CMS)
 CVE-2025-63307 (alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross 
Site Scrip ...)
        TODO: check
 CVE-2025-62950 (Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy 
Strecker /  ...)
@@ -101,7 +101,7 @@ CVE-2025-62011 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-62010 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60541 (A Server-Side Request Forgery (SSRF) in the /api/proxy/ 
component of l ...)
-       TODO: check
+       NOT-FOR-US: linshenkx prompt-optimizer
 CVE-2025-60248 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60247 (Missing Authorization vulnerability in Bux Bux Woocommerce 
bux-woocomm ...)
@@ -169,9 +169,9 @@ CVE-2025-5803 (Missing Authorization vulnerability in 
e4jvikwp VikBooking Hotel
 CVE-2025-59556 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-59396 (The default configuration of WatchGuard Firebox devices 
through 2025-0 ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2025-59392 (On Elspec G5 devices through 1.2.2.19, a person with physical 
access t ...)
-       TODO: check
+       NOT-FOR-US: Elspec G5 devices
 CVE-2025-58998 (Deserialization of Untrusted Data vulnerability in Cristi\xe1n 
L\xe1va ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58996 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Helmu ...)
@@ -271,7 +271,7 @@ CVE-2025-49386 (Deserialization of Untrusted Data 
vulnerability in Scott Reilly
 CVE-2025-49372 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48330 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-48290 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48090 (Path Traversal: '.../...//' vulnerability in CocoBasic Blanka 
- One Pa ...)
@@ -329,19 +329,19 @@ CVE-2025-34237 (Advantech WebAccess/VPN versions prior to 
1.1.5 contain a stored
 CVE-2025-34236 (Advantech WebAccess/VPN versions prior to 1.1.5 contain a 
stored cross ...)
        NOT-FOR-US: Advantech
 CVE-2025-32222 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-31029 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28953 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-27919 (An issue was discovered in AnyDesk through 9.0.4. A remotely 
connected ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2025-27918 (An issue was discovered in AnyDesk before 9.0.0. It has an 
integer ove ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2025-27917 (An issue was discovered in AnyDesk through 9.0.4. Remote 
Denial of Ser ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2025-27916 (An issue was discovered in AnyDesk through 9.0.4. When the 
connection  ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2025-22397 (Dell Integrated Dell Remote Access Controller 9, 14G versions 
prior to ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-22288 (Path Traversal: '.../...//' vulnerability in WPMU DEV - Your 
All-in-On ...)
@@ -355,11 +355,11 @@ CVE-2025-12556 (An argument injection vulnerability 
exists in the affected produ
 CVE-2025-12485 (Improper privilege management during pre-MFA cookie handling 
in Devolu ...)
        NOT-FOR-US: Devolutions
 CVE-2025-11956 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: Proliz Software Ltd. Co. OBS (Student Affairs Information 
System)
 CVE-2025-11268 (The Strong Testimonials plugin for WordPress is vulnerable to 
arbitrar ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-10955 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: Netcad Software Inc. Netigma
 CVE-2025-10885 (A maliciously crafted file, when executed on the victim's 
machine, can ...)
        NOT-FOR-US: Autodesk
 CVE-2024-25621 (containerd is an open-source container runtime. Versions 0.1.0 
through ...)
@@ -377,9 +377,9 @@ CVE-2022-50592 (Advantech iView versions prior to v5.7.04 
build 6425contain a vu
 CVE-2022-50591 (Advantech iView versions prior to v5.7.04 build 6425contain a 
vulnerab ...)
        NOT-FOR-US: Advantech
 CVE-2022-50590 (SuiteCRM versions prior to 7.12.6 contain a type confusion 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2022-50589 (SuiteCRM versions prior to 7.12.6 contain a SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2025-9338 (A improper restriction of operations within the bounds of a 
memory buf ...)
        NOT-FOR-US: ASUS
 CVE-2025-64480



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/096dfb194a406b79549370dc7eb2ddeefcdebc80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/096dfb194a406b79549370dc7eb2ddeefcdebc80
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to