[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 18 Nov 2025 12:34:23 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
27a65cfc by Salvatore Bonaccorso at 2025-11-18T21:33:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9977 (Value provided in one of POST parameters sent during the 
process of lo ...)
-       TODO: check
+       NOT-FOR-US: Times Software E-Payroll
 CVE-2025-9625 (The Coil Web Monetization plugin for WordPress is vulnerable to 
Cross- ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-9312 (A missing authentication enforcement vulnerability exists in 
the mutua ...)
@@ -20,51 +20,51 @@ CVE-2025-64076 (Multiple vulnerabilities exist in cbor2 
through version 5.7.0 in
        NOTE: https://github.com/agronholm/cbor2/pull/265
        NOTE: 
https://github.com/agronholm/cbor2/commit/2349197bea8ebd1bf57a68f4a6549d8fd7585e66
 (5.7.1)
 CVE-2025-63994 (An arbitrary file upload vulnerability in the 
/php/UploadHandler.php c ...)
-       TODO: check
+       NOT-FOR-US: RichFilemanager
 CVE-2025-63955 (A Cross-Site Request Forgery (CSRF) vulnerability in the 
manage-studen ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-63892 (A vulnerability was determined in SourceCodester Student 
Grades Manage ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-63883 (A DOM-based cross-site scripting vulnerability exists in 
electic-shop  ...)
-       TODO: check
+       NOT-FOR-US: electic-shop
 CVE-2025-63829 (eProsima Fast-DDS v3.3 and before has an infinite loop 
vulnerability c ...)
        TODO: check
 CVE-2025-63828 (Host Header Injection vulnerability in Backdrop CMS 1.32.1 
allows atta ...)
        - backdrop <itp> (bug #914257)
 CVE-2025-63800 (The password change endpoint in Open Source Point of Sale 
3.4.1 allows ...)
-       TODO: check
+       NOT-FOR-US: Open Source Point of Sale
 CVE-2025-63749 (pnetlab 5.3.11 is vulnerable to Command Injection via the 
qemu_options ...)
-       TODO: check
+       NOT-FOR-US: PNETLab
 CVE-2025-63695 (DzzOffice v2.3.7 and before is vulnerable to Arbitrary File 
Upload in  ...)
-       TODO: check
+       NOT-FOR-US: DzzOffice
 CVE-2025-63694 (DzzOffice v2.3.7 and before is vulnerable to SQL Injection in 
explorer ...)
-       TODO: check
+       NOT-FOR-US: DzzOffice
 CVE-2025-63693 (The comment editing template 
(dzz/comment/template/edit_form.htm) in D ...)
-       TODO: check
+       NOT-FOR-US: DzzOffice
 CVE-2025-63604 (A code injection vulnerability exists in 
baryhuang/mcp-server-aws-reso ...)
-       TODO: check
+       NOT-FOR-US: baryhuang/mcp-server-aws-resources-python
 CVE-2025-63603 (A command injection vulnerability exists in the MCP Data 
Science Serve ...)
-       TODO: check
+       NOT-FOR-US: reading-plus-ai/mcp-server-data-exploration
 CVE-2025-63602 (A vulnerability was discovered in Awesome Miner thru 11.2.4 
that allow ...)
-       TODO: check
+       NOT-FOR-US: Awesome Miner
 CVE-2025-63514 (kishan0725 Hospital Management System has a Cross-Site 
Scripting (XSS) ...)
-       TODO: check
+       NOT-FOR-US: kishan0725 Hospital Management System
 CVE-2025-63513 (kishan0725 Hospital Management System v4 has an Insecure 
Direct Object ...)
-       TODO: check
+       NOT-FOR-US: kishan0725 Hospital Management System
 CVE-2025-63512 (kishan0725 Hospital Management System/ v4 is vulnerable to SQL 
Injecti ...)
-       TODO: check
+       NOT-FOR-US: kishan0725 Hospital Management System
 CVE-2025-63408 (Local Agent DVR versions thru 6.6.1.0 are vulnerable to 
directory trav ...)
-       TODO: check
+       NOT-FOR-US: Local Agent DVR
 CVE-2025-63258 (A remote command execution (RCE) vulnerability was discovered 
in all H ...)
-       TODO: check
+       NOT-FOR-US: H3C
 CVE-2025-63228 (The Mozart FM Transmitter web management interface on version 
WEBMOZZI ...)
-       TODO: check
+       NOT-FOR-US: Mozart FM Transmitter
 CVE-2025-63227 (The Mozart FM Transmitter web management interface on version 
WEBMOZZI ...)
-       TODO: check
+       NOT-FOR-US: Mozart FM Transmitter
 CVE-2025-63226 (The Sencore SMP100 SMP Media Platform (firmware versions 
V4.2.160, V60 ...)
-       TODO: check
+       NOT-FOR-US: Sencore SMP100 SMP Media Platform
 CVE-2025-63225 (The Eurolab ELTS100_UBX device (firmware version 
ELTS100v1.UBX) is vul ...)
-       TODO: check
+       NOT-FOR-US: Eurolab ELTS100_UBX device
 CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory 
vulnerability [ ...)
        NOT-FOR-US: Fortinet
 CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in 
the nor ...)
@@ -76,25 +76,25 @@ CVE-2025-61662 (A Use-After-Free vulnerability has been 
discovered in GRUB's get
 CVE-2025-61661 (A vulnerability has been identified in the GRUB (Grand Unified 
Bootloa ...)
        TODO: check
 CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve 
before 25.6, ...)
-       TODO: check
+       NOT-FOR-US: Modular Max Serve
 CVE-2025-59669 (A use of hard-coded credentials vulnerability in Fortinet 
FortiWeb 7.6 ...)
        NOT-FOR-US: Fortinet
 CVE-2025-59117 (Windu CMS is vulnerable to multiple Stored Cross-Site 
Scripting (XSS)  ...)
-       TODO: check
+       NOT-FOR-US: Windu CMS
 CVE-2025-59116 (Windu CMS is vulnerable to User Enumeration. This issue occurs 
during  ...)
-       TODO: check
+       NOT-FOR-US: Windu CMS
 CVE-2025-59115 (Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) 
in the lo ...)
-       TODO: check
+       NOT-FOR-US: Windu CMS
 CVE-2025-59114 (Windu CMS is vulnerable to Cross-Site Request Forgery in file 
uploadin ...)
-       TODO: check
+       NOT-FOR-US: Windu CMS
 CVE-2025-59113 (Windu CMS implements weak client-side brute-force protection 
by using  ...)
-       TODO: check
+       NOT-FOR-US: Windu CMS
 CVE-2025-59112 (Windu CMS is vulnerable to Cross-Site Request Forgery in user 
editing  ...)
-       TODO: check
+       NOT-FOR-US: Windu CMS
 CVE-2025-59111 (Windu CMS is vulnerable to Broken Access Control in user 
editing funct ...)
-       TODO: check
+       NOT-FOR-US: Windu CMS
 CVE-2025-59110 (Windu CMS is vulnerable to Cross-Site Request Forgery in user 
editing  ...)
-       TODO: check
+       NOT-FOR-US: Windu CMS
 CVE-2025-58692 (An improper neutralization of special elements used in an SQL 
Command  ...)
        NOT-FOR-US: Fortinet
 CVE-2025-58413 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 
through 7.6.3, ...)
@@ -106,17 +106,17 @@ CVE-2025-58121 (Insufficient permission validation on 
multiple REST API endpoint
 CVE-2025-58034 (An Improper Neutralization of Special Elements used in an OS 
Command ( ...)
        NOT-FOR-US: Fortinet
 CVE-2025-56643 (Requarks Wiki.js 2.5.307 does not properly revoke or 
invalidate active ...)
-       TODO: check
+       NOT-FOR-US: Requarks Wiki.js
 CVE-2025-56527 (Plaintext password storage in Kotaemon 0.11.0 in the client's 
localSto ...)
-       TODO: check
+       NOT-FOR-US: Kotaemon
 CVE-2025-56526 (Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 
allowing a ...)
-       TODO: check
+       NOT-FOR-US: Kotaemon
 CVE-2025-56499 (Incorrect access control in mihomo v1.19.11 allows 
authenticated attac ...)
-       TODO: check
+       NOT-FOR-US: mihomo
 CVE-2025-55796 (The openml/openml.org web application version v2.0.20241110 
uses predi ...)
        TODO: check
 CVE-2025-55179 (Incomplete validation of rich response messages in WhatsApp 
for iOS pr ...)
-       TODO: check
+       NOT-FOR-US: WhatsApp
 CVE-2025-55074 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail 
to enfo ...)
        TODO: check
 CVE-2025-54972 (An improper neutralization of crlf sequences ('crlf 
injection') in For ...)
@@ -132,13 +132,13 @@ CVE-2025-54770 (A vulnerability has been identified in 
the GRUB2 bootloader's ne
 CVE-2025-54660 (An active debug code vulnerability in Fortinet 
FortiClientWindows 7.4. ...)
        NOT-FOR-US: Fortinet
 CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate 
limiting ...)
-       TODO: check
+       NOT-FOR-US: Ascertia SigningHub
 CVE-2025-54320 (In Ascertia SigningHub through 8.6.8, there is a lack of rate 
limiting ...)
-       TODO: check
+       NOT-FOR-US: Ascertia SigningHub
 CVE-2025-53843 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 
through 7.6.3, ...)
        NOT-FOR-US: Fortinet
 CVE-2025-53360 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib' 
inventor ...)
-       TODO: check
+       NOT-FOR-US: GLPI plugin
 CVE-2025-52639 (HCL Connections is vulnerable to a sensitive information 
disclosure vu ...)
        NOT-FOR-US: HCL
 CVE-2025-4212 (The Checkout Files Upload for WooCommerce plugin for WordPress 
is vuln ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a65cfcd162dd99697eb330b2855607c5a7e1c1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a65cfcd162dd99697eb330b2855607c5a7e1c1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to