[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 27 Nov 2025 06:53:09 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dfcd84a6 by Salvatore Bonaccorso at 2025-11-27T15:52:30+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52,11 +52,11 @@ CVE-2025-64330 (Suricata is a network IDS, IPS and NSM 
engine developed by the O
        NOTE: https://redmine.openinfosecfoundation.org/issues/8021
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/482e5eac9218d007adbe2410d6c00173368ce947
 (suricata-8.0.2)
 CVE-2025-62593 (Ray is an AI compute engine. Prior to version 2.52.0, 
developers worki ...)
-       TODO: check
+       NOT-FOR-US: Ray
 CVE-2025-3784 (Cleartext Storage of Sensitive Information Vulnerability in GX 
Works2  ...)
        NOT-FOR-US: Mitsubishi
 CVE-2025-34351 (Anyscale Ray 2.52.0 contains an insecure default configuration 
in whic ...)
-       TODO: check
+       NOT-FOR-US: Ray
 CVE-2025-13762 (Improper Input Validation vulnerability in CyberArk CyberArk 
Secure We ...)
        TODO: check
 CVE-2025-13680 (The Tiger theme for WordPress is vulnerable to Privilege 
Escalation in ...)
@@ -108,17 +108,17 @@ CVE-2024-5540 (The reflective cross-site scripting 
vulnerability found in ALC We
 CVE-2024-5539 (The Access Control Bypass vulnerability found in ALC WebCTRL 
and Carri ...)
        NOT-FOR-US: Carrier Global
 CVE-2020-36874 (ACE SECURITY WIP-90113 HD cameras contain an unauthenticated 
configura ...)
-       TODO: check
+       NOT-FOR-US: ACE SECURITY WIP-90113 HD cameras
 CVE-2020-36873 (Astak CM-818T3 2.4GHz wireless security surveillance cameras 
contain a ...)
-       TODO: check
+       NOT-FOR-US: Astak CM-818T3 2.4GHz wireless security surveillance cameras
 CVE-2020-36872 (BACnet Test Server versions up to and including 1.01 contains 
a remote ...)
-       TODO: check
+       NOT-FOR-US: BACnet Test Server
 CVE-2020-36871 (ESCAM QD-900 WIFI HD cameras contain an unauthenticated 
configuration  ...)
-       TODO: check
+       NOT-FOR-US: ESCAM QD-900 WIFI HD cameras
 CVE-2019-25227 (Tellion HN-2204AP routers contain an unauthenticated 
configuration dis ...)
-       TODO: check
+       NOT-FOR-US: Tellion HN-2204AP routers
 CVE-2019-25226 (Dongyoung Media DM-AP240T/W wireless access points contain an 
unauthen ...)
-       TODO: check
+       NOT-FOR-US: Dongyoung Media DM-AP240T/W wireless access points
 CVE-2025-40934 (XML-Sig versions 0.27 through 0.67 for Perl incorrectly 
validates XML  ...)
        NOT-FOR-US: XML-Sig Perl module
 CVE-2025-66270
@@ -532,7 +532,7 @@ CVE-2025-54341 (A vulnerability was found in the 
Application Server of Desktop A
 CVE-2025-54338 (An Incorrect Access Control vulnerability was found in the 
Application ...)
        NOT-FOR-US: Desktop Alert PingAlert
 CVE-2025-52538 (Improper input validation within the XOCL driver may allow a 
local att ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-36150 (IBM Concert 1.0.0 through 2.0.0 uses weaker than expected 
cryptographi ...)
        NOT-FOR-US: IBM
 CVE-2025-13644 (MongoDB Server may experience an invariant failure during 
batched dele ...)
@@ -606,9 +606,9 @@ CVE-2025-10646 (The Search Exclude plugin for WordPress is 
vulnerable to unautho
 CVE-2025-10144 (The Perfect Brands for WooCommerce plugin for WordPress is 
vulnerable  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-0007 (Insufficient validation within Xilinx Run Time framework could 
allow a ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-0003 (Inadequate lock protection within Xilinx Run time may allow a 
local at ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2024-47856 (In RSA Authentication Agent before 7.4.7, service paths and 
shortcut p ...)
        NOT-FOR-US: RSA Authentication Agent
 CVE-2024-14007 (Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware 
(used by  ...)
@@ -727,7 +727,7 @@ CVE-2025-56401 (ZIRA Group WBRM 7.0 is vulnerable to SQL 
Injection in referenceL
 CVE-2025-56400 (Cross-Site Request Forgery (CSRF) vulnerability in the OAuth 
implement ...)
        NOT-FOR-US: Tuya SDK
 CVE-2025-52539 (A buffer overflow with Xilinx Run Time Environment may allow a 
local a ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-44018 (A firmware downgrade vulnerability exists in the OTA Update 
functional ...)
        NOT-FOR-US: GL-Inet GL-AXT1800
 CVE-2025-41729 (An unauthenticated remote attacker can send a specially 
crafted Modbus ...)
@@ -781,7 +781,7 @@ CVE-2025-10555 (A stored Cross-site Scripting (XSS) 
vulnerability affecting Serv
 CVE-2025-10554 (A stored Cross-site Scripting (XSS) vulnerability affecting 
Requiremen ...)
        NOT-FOR-US: Dassault Systemes
 CVE-2025-0005 (Improper input validation within the XOCL driver may allow a 
local att ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-59820 (In KDE Krita before 5.2.13, loading a manipulated TGA file 
could resul ...)
        - krita 1:5.2.13+dfsg-1
        NOTE: https://kde.org/info/security/advisory-20250929-1.txt
@@ -855,9 +855,9 @@ CVE-2025-12394 (The Backup Migration WordPress plugin 
before 2.0.0 does not prop
 CVE-2024-14015 (The WordPress eCommerce Plugin  WordPress plugin through 2.9.0 
does no ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-54515 (The Secure Flag passed to Versal\u2122 Adaptive SoC\u2019s 
Arm\xae Tru ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-48507 (The security state of the calling processor into Arm\xae 
Trusted Firmw ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-13567 (A vulnerability was detected in itsourcecode COVID Tracking 
System 1.0 ...)
        NOT-FOR-US: itsourcecode System
 CVE-2025-13566 (A security vulnerability has been detected in jarun nnn up to 
5.1. The ...)
@@ -907,9 +907,9 @@ CVE-2025-12561
 CVE-2025-12541
        REJECTED
 CVE-2024-21923 (Incorrect default permissions in AMD StoreMI\u2122 could allow 
an atta ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2024-21922 (A DLL hijacking vulnerability in AMD StoreMI\u2122 could allow 
an atta ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-XXXX [Export data does not enforce access rights]
        - tryton-server 7.0.40-1 (bug #1121243)
        NOTE: https://discuss.tryton.org/t/security-release-for-issue-14366/8953



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfcd84a6d45d555bcb2fa521ea9e7b0ed567649d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfcd84a6d45d555bcb2fa521ea9e7b0ed567649d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to