[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 13 Nov 2025 12:44:28 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3bb3c7c9 by Salvatore Bonaccorso at 2025-11-13T21:43:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,7 +39,7 @@ CVE-2025-64703 (MaxKB is an open-source AI assistant for 
enterprise. In versions
 CVE-2025-64525 (Astro is a web framework. In Astro versions 2.16.0 up to but 
excluding ...)
        NOT-FOR-US: Astro
 CVE-2025-64523 (File Browser provides a file managing interface within a 
specified dir ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2025-64511 (MaxKB is an open-source AI assistant for enterprise. In 
versions prior ...)
        NOT-FOR-US: MaxKB
 CVE-2025-64482 (Tuleap is an Open Source Suite to improve management of 
software devel ...)
@@ -93,11 +93,11 @@ CVE-2025-64261 (Missing Authorization vulnerability in 
codepeople Appointment Bo
 CVE-2025-64259 (Missing Authorization vulnerability in Jeroen Schmit Theater 
for WordP ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64186 (Evervault is a payment security solution. A vulnerability was 
identifi ...)
-       TODO: check
+       NOT-FOR-US: Evervault
 CVE-2025-63645 (A stored cross-site scripting (XSS) vulnerability exists in 
pH7Softwar ...)
-       TODO: check
+       NOT-FOR-US: pH7Software pH7-Social-Dating-CMS
 CVE-2025-63406 (An issue in Intermesh BV GroupOffice vulnerable before 
v.25.0.47 and 6 ...)
-       TODO: check
+       NOT-FOR-US: Intermesh BV GroupOffice
 CVE-2025-63396 (An issue was discovered in PyTorch v2.5 and v2.7.1. Omission 
of profil ...)
        TODO: check
 CVE-2025-62484 (Inefficient regular expression complexity in certain Zoom 
Workplace Cl ...)
@@ -163,15 +163,15 @@ CVE-2025-60672 (An unauthenticated command injection 
vulnerability exists in the
 CVE-2025-60671 (A command injection vulnerability exists in the D-Link 
DIR-823G router ...)
        NOT-FOR-US: D-Link
 CVE-2025-59840 (Vega is a visualization grammar, a declarative format for 
creating, sa ...)
-       TODO: check
+       NOT-FOR-US: Vega
 CVE-2025-59480 (Mattermost Mobile Apps versions <=2.32.0 fail to verify that 
SSO redir ...)
-       TODO: check
+       NOT-FOR-US: Mattermost Mobile Apps
 CVE-2025-59367 (An authentication bypass vulnerability has been identified in 
certain  ...)
        NOT-FOR-US: ASUS
 CVE-2025-55810 (A vulnerability was found in Alaga Home Security WiFi Camera 
3K (model ...)
-       TODO: check
+       NOT-FOR-US: Alaga Home Security WiFi Camera 3K
 CVE-2025-52186 (Lichess lila before commit 
11b4c0fb00f0ffd823246f839627005459c8f05c (2 ...)
-       TODO: check
+       NOT-FOR-US: Lichess lila
 CVE-2025-46608 (Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an 
Improper ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-46427 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, 
contain an ...)
@@ -189,9 +189,9 @@ CVE-2025-46362 (Dell Alienware Command Center 6.x (AWCC), 
versions prior to 6.10
 CVE-2025-43515 (The issue was addressed by refusing external connections by 
default. T ...)
        NOT-FOR-US: Apple
 CVE-2025-41069 (Insecure Direct Object Reference (IDOR) vulnerability in 
DeporSite of  ...)
-       TODO: check
+       NOT-FOR-US: DeporSite of T-INNOVA
 CVE-2025-40681 (Cross-site Scripting (XSS) vulnerability reflected in xCally's 
Omnicha ...)
-       TODO: check
+       NOT-FOR-US: xCally's Omnichannel
 CVE-2025-36223 (IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header 
injection, caus ...)
        NOT-FOR-US: IBM
 CVE-2025-33119 (IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials 
in conf ...)
@@ -211,31 +211,31 @@ CVE-2025-20346 (A vulnerability in Cisco Catalyst Center 
could allow an authenti
 CVE-2025-20341 (A vulnerability in Cisco Catalyst Center Virtual Appliance 
could allow ...)
        NOT-FOR-US: Cisco
 CVE-2025-13123 (A flaw has been found in AMTT Hotel Broadband Operation System 
1.0. Th ...)
-       TODO: check
+       NOT-FOR-US: AMTT Hotel Broadband Operation System
 CVE-2025-13122 (A vulnerability was detected in SourceCodester Patients 
Waiting Area Q ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-13121 (A security vulnerability has been detected in cameasy Liketea 
1.0.0. I ...)
-       TODO: check
+       NOT-FOR-US: cameasy Liketea
 CVE-2025-13120 (A vulnerability has been found in mruby up to 3.4.0. This 
vulnerabilit ...)
        TODO: check
 CVE-2025-13119 (A flaw has been found in Fabian Ros/SourceCodester Simple 
E-Banking Sy ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-13118 (A vulnerability was detected in macrozheng mall-swarm up to 
1.0.3. Aff ...)
-       TODO: check
+       NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13117 (A security vulnerability has been detected in macrozheng 
mall-swarm up ...)
-       TODO: check
+       NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13116 (A weakness has been identified in macrozheng mall-swarm up to 
1.0.3. A ...)
-       TODO: check
+       NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13115 (A security flaw has been discovered in macrozheng mall-swarm 
up to 1.0 ...)
-       TODO: check
+       NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13114 (A vulnerability was identified in macrozheng mall-swarm up to 
1.0.3. T ...)
-       TODO: check
+       NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13076 (A flaw has been found in code-projects Responsive Hotel Site 
1.0. The  ...)
        NOT-FOR-US: code-projects
 CVE-2025-13075 (A vulnerability was detected in code-projects Responsive Hotel 
Site 1. ...)
        NOT-FOR-US: code-projects
 CVE-2025-13063 (A flaw has been found in DinukaNavaratna Dee Store 1.0. 
Affected is an ...)
-       TODO: check
+       NOT-FOR-US: DinukaNavaratna Dee Store
 CVE-2025-13061 (A vulnerability was detected in itsourcecode Online Voting 
System 1.0. ...)
        NOT-FOR-US: itsourcecode System
 CVE-2025-13060 (A security vulnerability has been detected in SourceCodester 
Survey Ap ...)
@@ -293,27 +293,27 @@ CVE-2025-11260 (The WP Headless CMS Framework plugin for 
WordPress is vulnerable
 CVE-2025-10295 (The Angel \u2013 Fashion Model Agency WordPress CMS Theme 
theme for Wo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-7329 (Tinycontrol LAN Controller v3 (LK3) firmware versions up to 
1.58a (har ...)
-       TODO: check
+       NOT-FOR-US: Tinycontrol LAN Controller v3 (LK3) firmware
 CVE-2023-7327 (Ozeki SMS Gateway versions up to and including 10.3.208 contain 
a path ...)
-       TODO: check
+       NOT-FOR-US: Ozeki SMS Gateway
 CVE-2023-7326 (The Epson Stylus SX510W embedded web management service fails 
to prope ...)
-       TODO: check
+       NOT-FOR-US: Epson
 CVE-2022-4984 (ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition 
< 16.5, ...)
-       TODO: check
+       NOT-FOR-US: ZenTao
 CVE-2022-4983 (TEC-IT TBarCode version 11.15 contains a vulnerability in the 
TBarCode ...)
-       TODO: check
+       NOT-FOR-US: TEC-IT TBarCode
 CVE-2022-4982 (DBLTek GoIP-1 firmware versions up to and including 
GHSFVT-1.1-67-5 co ...)
-       TODO: check
+       NOT-FOR-US: DBLTek GoIP-1 firmware
 CVE-2021-4464 (FiberHome AN5506-04-FA firmware versions up to and including 
RP2631 an ...)
-       TODO: check
+       NOT-FOR-US: FiberHome AN5506-04-FA firmware
 CVE-2021-4463 (Longjing Technology BEMS API versions up to and including 1.21 
contain ...)
-       TODO: check
+       NOT-FOR-US: Longjing Technology BEMS API
 CVE-2017-20211 (UCanCode E-XD++ Visualization Enterprise Suite contains an 
untrusted p ...)
-       TODO: check
+       NOT-FOR-US: UCanCode E-XD++ Visualization Enterprise Suite
 CVE-2016-15055 (JVC VN-T IP-camera models firmware versions up to 2016-08-22 
(confirme ...)
-       TODO: check
+       NOT-FOR-US: JVC VN-T IP-camera models firmware
 CVE-2011-10034 (AUTOMGEN versions up to and including 8.0.0.7 (also referenced 
as 8.02 ...)
-       TODO: check
+       NOT-FOR-US: AUTOMGEN
 CVE-2025-12983
        - gitlab <unfixed>
 CVE-2025-7736
@@ -624,7 +624,7 @@ CVE-2025-57310 (A Cross-Site Request Forgery (CSRF) 
vulnerability in Salmen2/Sim
 CVE-2025-56385 (A SQL injection vulnerability exists in the login 
functionality of Wel ...)
        NOT-FOR-US: WellSky Harmony
 CVE-2025-52331 (Cross-site scripting (XSS) vulnerability in the generate 
report functi ...)
-       TODO: check
+       NOT-FOR-US: Rarlab WinRAR
 CVE-2025-46428 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,  
contain a ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-37734 (Origin Validation Error in Kibana can lead to Server-Side 
Request Forg ...)
@@ -648,7 +648,7 @@ CVE-2025-12903 (The Payment Plugins Braintree For 
WooCommerce plugin for WordPre
 CVE-2025-12732 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress 
plugin fo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12382 (Improper Limitation of a Pathname 'Path Traversal') 
vulnerability in A ...)
-       TODO: check
+       NOT-FOR-US: Algosec Firewall Analyzer
 CVE-2025-12152
        REJECTED
 CVE-2025-12068



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bb3c7c9fc0f6473d3fa0a658f55874a6116e9c2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bb3c7c9fc0f6473d3fa0a658f55874a6116e9c2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to