[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 10 Dec 2025 13:47:04 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
41280500 by Salvatore Bonaccorso at 2025-12-10T22:46:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,13 +43,13 @@ CVE-2025-65803 (An integer overflow in the 
psdParser::ReadImageData function of
        NOTE: https://gist.github.com/1mxml/cabd6d972557d9d992fe5f4f6ca1dd87
        TODO: check upstream details/report
 CVE-2025-65792 (DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.)
-       TODO: check
+       NOT-FOR-US: DataGear
 CVE-2025-65754 (Cross Site Scripting vulnerability in Algernon v1.17.4 allows 
attacker ...)
-       TODO: check
+       NOT-FOR-US: xyproto/algernon
 CVE-2025-65602 (A template injection vulnerability in the /vip/v1/file/save 
component  ...)
-       TODO: check
+       NOT-FOR-US: ChanCMS
 CVE-2025-65199 (A command injection vulnerability exists in Windscribe for 
Linux Deskt ...)
-       TODO: check
+       NOT-FOR-US: Windscribe for Linux Desktop App
 CVE-2025-64888 (Adobe Experience Manager versions 6.5.23 and earlier are 
affected by a ...)
        NOT-FOR-US: Adobe
 CVE-2025-64887 (Adobe Experience Manager versions 6.5.23 and earlier are 
affected by a ...)
@@ -281,29 +281,29 @@ CVE-2025-64538 (Adobe Experience Manager versions 6.5.23 
and earlier are affecte
 CVE-2025-64537 (Adobe Experience Manager versions 6.5.23 and earlier are 
affected by a ...)
        NOT-FOR-US: Adobe
 CVE-2025-63895 (An issue in the Bluetooth firmware of JXL 9 Inch Car Android 
Double Di ...)
-       TODO: check
+       NOT-FOR-US: Bluetooth firmware of JXL 9 Inch Car Android Double Din 
Player Android
 CVE-2025-63094 (XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered 
to use sp ...)
-       TODO: check
+       NOT-FOR-US: XiangShan
 CVE-2025-5467 (It was discovered that process_crash() in data/apport in 
Canonical's A ...)
-       TODO: check
+       NOT-FOR-US: Apport
 CVE-2025-56431 (Directory Traversal vulnerability in Fearless Geek Media 
FearlessCMS v ...)
-       TODO: check
+       NOT-FOR-US: Fearless Geek Media FearlessCMS
 CVE-2025-56430 (Directory Traversal vulnerability in Fearless Geek Media 
FearlessCMS v ...)
-       TODO: check
+       NOT-FOR-US: Fearless Geek Media FearlessCMS
 CVE-2025-56429 (Cross Site Scripting vulnerability in Fearless Geek Media 
FearlessCMS  ...)
-       TODO: check
+       NOT-FOR-US: Fearless Geek Media FearlessCMS
 CVE-2025-52493 (PagerDuty Runbook through 2025-06-12 exposes stored secrets 
directly i ...)
-       TODO: check
+       NOT-FOR-US: PagerDuty Runbook
 CVE-2025-41732 (An unauthenticated remote attacker can abuse unsafe sscanf 
calls withi ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2025-41730 (An unauthenticated remote attacker can abuse unsafe sscanf 
calls withi ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2025-41358 (Direct Object Reference Vulnerability (IDOR) in i2A's 
CronosWeb, in ve ...)
-       TODO: check
+       NOT-FOR-US: i2A CronosWeb
 CVE-2025-34430 (1Panel versions 1.10.33 through 2.0.15 contain a cross-site 
request fo ...)
-       TODO: check
+       NOT-FOR-US: 1Panel
 CVE-2025-34429 (1Panel versions 1.10.33 - 2.0.15 contain a cross-site request 
forgery  ...)
-       TODO: check
+       NOT-FOR-US: 1Panel
 CVE-2025-34428 (MailEnable versions prior to 10.54 contain a cleartext storage 
of cred ...)
        NOT-FOR-US: MailEnable
 CVE-2025-34427 (MailEnable versions prior to 10.54 contain a cleartext storage 
of cred ...)
@@ -327,45 +327,45 @@ CVE-2025-34417 (MailEnable versions prior to 10.54 
contain an unsafe DLL loading
 CVE-2025-34416 (MailEnable versions prior to 10.54 contain an unsafe DLL 
loading vulne ...)
        NOT-FOR-US: MailEnable
 CVE-2025-34410 (1Panel versions 1.10.33 -2.0.15 contain a cross-site request 
forgery ( ...)
-       TODO: check
+       NOT-FOR-US: 1Panel
 CVE-2025-34395 (Barracuda Service Center, as implemented in the RMM solution, 
in versi ...)
-       TODO: check
+       NOT-FOR-US: Barracuda Service Center
 CVE-2025-34394 (Barracuda Service Center, as implemented in the RMM solution, 
in versi ...)
-       TODO: check
+       NOT-FOR-US: Barracuda Service Center
 CVE-2025-34393 (Barracuda Service Center, as implemented in the RMM solution, 
in versi ...)
-       TODO: check
+       NOT-FOR-US: Barracuda Service Center
 CVE-2025-34392 (Barracuda Service Center, as implemented in the RMM solution, 
in versi ...)
-       TODO: check
+       NOT-FOR-US: Barracuda Service Center
 CVE-2025-1161 (Incorrect Use of Privileged APIs vulnerability in NomySoft 
Information ...)
-       TODO: check
+       NOT-FOR-US: Nomysem
 CVE-2025-14390 (The Video Merchant plugin for WordPress is vulnerable to 
Cross-Site Re ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-14082 (A flaw was found in Keycloak Admin REST (Representational 
State Transf ...)
        TODO: check
 CVE-2025-13955 (Predictable default Wi-Fi Password in Access Point 
functionality inEZC ...)
-       TODO: check
+       NOT-FOR-US: EZCast Pro II
 CVE-2025-13954 (Hard-coded cryptographic keys in Admin UI of EZCast Pro II 
version 1.1 ...)
-       TODO: check
+       NOT-FOR-US: EZCast Pro II
 CVE-2025-13953 (Bypass vulnerability in the authentication method in the GTT 
Tax Infor ...)
-       TODO: check
+       NOT-FOR-US: GTT Tax Information System application
 CVE-2025-13607 (A malicious actor can access camera configuration information, 
includi ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-13184 (Unauthenticated Telnet enablement via cstecgi.cgi (auth 
bypass) leadin ...)
-       TODO: check
+       NOT-FOR-US: Toto Link
 CVE-2025-13155 (An improper permissions vulnerability was reported in Lenovo 
Baiying C ...)
        NOT-FOR-US: Lenovo
 CVE-2025-13152 (A potential DLL hijacking vulnerability was reported in Lenovo 
One Cli ...)
        NOT-FOR-US: Lenovo
 CVE-2025-13127 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: GoldenHorn
 CVE-2025-13125 (Authorization Bypass Through User-Controlled Key vulnerability 
in Im P ...)
-       TODO: check
+       NOT-FOR-US: DijiDemi
 CVE-2025-12046 (A DLL hijacking vulnerability was reported in the Lenovo App 
Store and ...)
        NOT-FOR-US: Lenovo
 CVE-2024-2105 (An unauthorised attacker within bluetooth range may use an 
improper va ...)
-       TODO: check
+       NOT-FOR-US: JBL
 CVE-2024-2104 (Due to improper BLE security configurations on the device's 
GATT serve ...)
-       TODO: check
+       NOT-FOR-US: JBL
 CVE-2025-66003
        - smb4k <unfixed> (bug #1122381)
        NOTE: https://www.openwall.com/lists/oss-security/2025/12/10/6



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4128050038f57cad71a9622b24d89b9bd361df7a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4128050038f57cad71a9622b24d89b9bd361df7a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to