[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 05 Dec 2025 00:24:28 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
35864971 by Salvatore Bonaccorso at 2025-12-05T09:23:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2025-63896 (An issue in the Bluetooth Human Interface 
Device (HID) of JXL 9
 CVE-2025-62223 (User interface (ui) misrepresentation of critical information 
in Micro ...)
        NOT-FOR-US: Microsoft
 CVE-2025-55948 (This vulnerability fundamentally arises from yzcheng90 
X-SpringBoot 6. ...)
-       TODO: check
+       NOT-FOR-US: yzcheng90 X-SpringBoot
 CVE-2025-53704 (The password reset mechanism for the Pivot client application 
is weak, ...)
        TODO: check
 CVE-2025-32901 (In KDE Connect before 1.33.0 on Android, malicious device IDs 
(sent vi ...)
@@ -71,7 +71,7 @@ CVE-2025-32900 (In the KDE Connect information-exchange 
protocol before 2025-04-
 CVE-2025-32899 (In KDE Connect before 1.33.0 on Android, a packet can be 
crafted that  ...)
        TODO: check
 CVE-2025-27935 (The OTP Integration Kit for PingFederate fails to enforce HTTP 
method  ...)
-       TODO: check
+       NOT-FOR-US: PingFederate
 CVE-2025-27389 (A flaw exists in the verification of application installation 
sources  ...)
        TODO: check
 CVE-2025-1910 (The WatchGuard Mobile VPN with SSL Client on Windows allows a 
locally  ...)
@@ -81,9 +81,9 @@ CVE-2025-1547 (A stack-based buffer overflow vulnerability 
[CWE-121] in WatchGua
 CVE-2025-1545 (An XPath Injection vulnerability in WatchGuard Fireware OS may 
allow a ...)
        NOT-FOR-US: WatchGuard
 CVE-2025-14052 (A vulnerability has been found in youlaitech youlai-mall 
1.0.0/2.0.0.  ...)
-       TODO: check
+       NOT-FOR-US: youlaitech youlai-mall
 CVE-2025-14051 (A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. 
Affected  ...)
-       TODO: check
+       NOT-FOR-US: youlaitech youlai-mall
 CVE-2025-13940 (An Expected Behavior Violation [CWE-440] vulnerability in 
WatchGuard F ...)
        NOT-FOR-US: WatchGuard
 CVE-2025-13939 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
@@ -95,7 +95,7 @@ CVE-2025-13937 (Improper Neutralization of Input During Web 
Page Generation (XSS
 CVE-2025-13936 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: WatchGuard
 CVE-2025-13932 (The SolisCloud API suffers from a Broken Access Control 
vulnerability, ...)
-       TODO: check
+       NOT-FOR-US: SolisCloud API
 CVE-2025-13860 (The Easy Jump Links Menus plugin for WordPress is vulnerable 
to Stored ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-13684 (The ARK Related Posts plugin for WordPress is vulnerable to 
Cross-Site ...)
@@ -135,13 +135,13 @@ CVE-2025-13066 (The Demo Importer Plus plugin for 
WordPress is vulnerable to arb
 CVE-2025-13006 (The SurveyFunnel \u2013 Survey Plugin for WordPress plugin for 
WordPre ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12997 (Insecure Direct Object Reference vulnerability in Medtronic 
CareLink N ...)
-       TODO: check
+       NOT-FOR-US: Medtronic
 CVE-2025-12996 (Medtronic CareLink Network allows a local attacker with access 
to log  ...)
-       TODO: check
+       NOT-FOR-US: Medtronic
 CVE-2025-12995 (Medtronic CareLink Network allows an unauthenticated remote 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: Medtronic
 CVE-2025-12994 (Medtronic CareLink Network allows an unauthenticated remote 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: Medtronic
 CVE-2025-12986 (When a WF200/WGM160P device is configured to operate as an 
Access Poin ...)
        NOT-FOR-US: Silicon Labs
 CVE-2025-12850 (The My auctions allegro plugin for WordPress is vulnerable to 
SQL Inje ...)
@@ -207,15 +207,15 @@ CVE-2025-10055 (The Time Sheets plugin for WordPress is 
vulnerable to Cross-Site
 CVE-2024-58278 (perl2exe <= V30.10C contains an arbitrary code execution 
vulnerability ...)
        TODO: check
 CVE-2024-58277 (R Radio Network FM Transmitter 1.07 allows unauthenticated 
attackers t ...)
-       TODO: check
+       NOT-FOR-US: R Radio Network FM Transmitter
 CVE-2024-58276 (Obi08/Enrollment System 1.0 contains a SQL injection 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Obi08/Enrollment System
 CVE-2024-58275 (Easywall 0.3.1 allows authenticated remote command execution 
via a com ...)
-       TODO: check
+       NOT-FOR-US: Easywall
 CVE-2023-53735 (WEBIGniter 28.7.23 contains a cross-site scripting 
vulnerability in th ...)
-       TODO: check
+       NOT-FOR-US: WEBIGniter
 CVE-2023-53734 (dawa-pharma-1.0 allows unauthenticated attackers to execute 
SQL querie ...)
-       TODO: check
+       NOT-FOR-US: dawa-pharma-1.0
 CVE-2016-20023 (In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated 
users c ...)
        TODO: check
 CVE-2025-14025



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35864971643f20e576b0a9b4b0925e79f6c05023

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35864971643f20e576b0a9b4b0925e79f6c05023
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to