[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 09 Dec 2025 13:11:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d9055985 by Salvatore Bonaccorso at 2025-12-09T22:10:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -601,7 +601,7 @@ CVE-2025-59132 (Cross-Site Request Forgery (CSRF) 
vulnerability in Badi Jones Du
 CVE-2025-57823 (A direct request ('forced browsing') vulnerability in Fortinet 
FortiAu ...)
        NOT-FOR-US: Fortinet
 CVE-2025-56704 (LeptonCMS version 7.3.0 contains an arbitrary file upload 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: LeptonCMS
 CVE-2025-55233 (Out-of-bounds read in Windows Projected File System allows an 
authoriz ...)
        NOT-FOR-US: Microsoft
 CVE-2025-54838 (An Incorrect Authorization vulnerability [CWE-863] in 
FortiPortal 7.4. ...)
@@ -629,33 +629,33 @@ CVE-2025-46637 (Dell Encryption, versions prior to 
11.12.1, contain an Improper
 CVE-2025-46636 (Dell Encryption, versions prior to 11.12.1, contain an 
Improper Link R ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-41752 (An XSS vulnerability in pxc_portSfp.php can be used by an 
unauthentica ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41751 (An XSS vulnerability in pxc_portCntr.php can be used by an 
unauthentic ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41750 (An XSS vulnerability in pxc_PortCfg.php can be used by an 
unauthentica ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41749 (An XSS vulnerability in port_util.php can be used by an 
unauthenticate ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41748 (An XSS vulnerability in pxc_Dot1xCfg.php can be used by an 
unauthentic ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41747 (An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an 
unauthen ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41746 (An XSS vulnerability in pxc_portSecCfg.php can be used by an 
unauthent ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41745 (An XSS vulnerability in pxc_portCntr2.php can be used by an 
unauthenti ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41697 (An attacker can use an undocumented UART port on the PCB as a 
side-cha ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41696 (An attacker can use an undocumented UART port on the PCB as a 
side-cha ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41695 (An XSS vulnerability in dyn_conn.php can be used by an 
unauthenticated ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41694 (A low privileged remote attacker can run the webshell with an 
empty co ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41693 (A low privileged remote attacker can use the ssh feature to 
execute co ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41692 (A high privileged remote attacker with admin privileges for 
the webUI  ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-40941 (A vulnerability has been identified in SIMATIC CN 4100 (All 
versions < ...)
        NOT-FOR-US: Siemens
 CVE-2025-40940 (A vulnerability has been identified in SIMATIC CN 4100 (All 
versions < ...)
@@ -687,9 +687,9 @@ CVE-2025-40801 (A vulnerability has been identified in 
COMOS V10.6 (All versions
 CVE-2025-40800 (A vulnerability has been identified in COMOS V10.6 (All 
versions), COM ...)
        NOT-FOR-US: Siemens
 CVE-2025-34414 (Entrust Instant Financial Issuance (IFI) On Premise software 
(formerly ...)
-       TODO: check
+       NOT-FOR-US: Entrust Instant Financial Issuance (IFI) On Premise software
 CVE-2025-34413 (Legality WHISTLEBLOWING by DigitalPA contains a protection 
mechanism f ...)
-       TODO: check
+       NOT-FOR-US: Legality WHISTLEBLOWING by DigitalPA
 CVE-2025-34409 (MailEnable versions prior to 10.54 containa reflected 
cross-site scrip ...)
        NOT-FOR-US: MailEnable
 CVE-2025-34408 (MailEnable versions prior to 10.54 containa reflected 
cross-site scrip ...)
@@ -755,17 +755,17 @@ CVE-2025-12705 (The Social Reviews & Recommendations 
plugin for WordPress is vul
 CVE-2025-12558 (The Beaver Builder \u2013 WordPress Page Builder plugin for 
WordPress  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12504 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: UNIS
 CVE-2025-12381 (Improper Privilege Management vulnerability in AlgoSec 
Firewall Analyz ...)
        NOT-FOR-US: AlgoSec
 CVE-2025-11531 (HP System Event Utility and Omen Gaming Hub might allow 
execution of   ...)
        NOT-FOR-US: HP
 CVE-2025-11022 (Cross-Site Request Forgery (CSRF) vulnerability in Personal 
Project Pa ...)
-       TODO: check
+       NOT-FOR-US: Panilux
 CVE-2025-10876 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: e-BAP Automation
 CVE-2025-10655 (SQL Injection in Frappe HelpDesk in the dashboard 
get_dashboard_data d ...)
-       TODO: check
+       NOT-FOR-US: Frappe HelpDesk
 CVE-2025-10573 (Stored XSS in Ivanti Endpoint Manager prior to version 2024 
SU4 SR1 al ...)
        NOT-FOR-US: Ivanti
 CVE-2024-56840 (A vulnerability has been identified in RUGGEDCOM ROX II family 
(All ve ...)
@@ -963,11 +963,11 @@ CVE-2025-14285 (A vulnerability was found in 
code-projects Employee Profile Mana
 CVE-2025-14284 (Versions of the package @tiptap/extension-link before 2.10.4 
are vulne ...)
        TODO: check
 CVE-2025-14276 (A vulnerability was determined in Ilevia EVE X1 Server up to 
4.6.5.0.e ...)
-       TODO: check
+       NOT-FOR-US: Ilevia EVE X1 Server
 CVE-2025-13604 (The Login Security, FireWall, Malware removal by CleanTalk 
plugin for  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-13428 (A vulnerability exists in the SecOps SOAR server. The custom 
integrati ...)
-       TODO: check
+       NOT-FOR-US: SecOps SOAR server
 CVE-2025-13071 (The Custom Admin Menu WordPress plugin through 1.0.0 does not 
sanitise ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-13070 (The CSV to SortTable WordPress plugin through 4.2 does not 
validate so ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9055985f243133eb152c604a19375ad95925a0b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9055985f243133eb152c604a19375ad95925a0b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to