[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 12 Dec 2025 01:29:25 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d8370bdb by Salvatore Bonaccorso at 2025-12-12T10:28:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,41 +67,41 @@ CVE-2025-64702 (quic-go is an implementation of the QUIC 
protocol in Go. Version
        NOTE: 
https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6
        NOTE: Fixed by: 
https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8
 (v0.57.0)
 CVE-2025-62192 (SQL Injection vulnerability exists in GroupSession Free 
edition prior  ...)
-       TODO: check
+       NOT-FOR-US: GroupSession
 CVE-2025-61987 (GroupSession Free edition prior to ver5.3.0, GroupSession 
byCloud prio ...)
-       TODO: check
+       NOT-FOR-US: GroupSession
 CVE-2025-61950 (In GroupSession, a Circular notice can be created with its 
memo field  ...)
-       TODO: check
+       NOT-FOR-US: GroupSession
 CVE-2025-58576 (Cross-site request forgery vulnerability exists in 
GroupSession Free e ...)
-       TODO: check
+       NOT-FOR-US: GroupSession
 CVE-2025-57883 (Reflected cross-site scripting vulnerability exists in 
GroupSession Fr ...)
-       TODO: check
+       NOT-FOR-US: GroupSession
 CVE-2025-55816 (HotelDruid v3.0.7 and before is vulnerable to Cross Site 
Scripting (XS ...)
        - hoteldruid <unfixed>
        [bookworm] - hoteldruid <no-dsa> (Minor issue)
        NOTE: 
https://www.partywave.site/show/research/cve-2025-55816-xss-and-raptx
 CVE-2025-55184 (A pre-authentication denial of service vulnerability exists in 
React S ...)
-       TODO: check
+       NOT-FOR-US: React Server Components
 CVE-2025-55183 (An information leak vulnerability exists in specific 
configurations of ...)
-       TODO: check
+       NOT-FOR-US: React Server Components
 CVE-2025-54407 (Stored cross-site scripting vulnerability exists in 
GroupSession Free  ...)
-       TODO: check
+       NOT-FOR-US: GroupSession
 CVE-2025-53523 (Stored cross-site scripting vulnerabilities exist in 
GroupSession Free ...)
-       TODO: check
+       NOT-FOR-US: GroupSession
 CVE-2025-4970 (The BSK PDF Manager plugin for WordPress is vulnerable to 
Stored Cross ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-34506 (WBCE CMS version 1.6.3 and prior contains an authenticated 
remote code ...)
-       TODO: check
+       NOT-FOR-US: WBCE CMS
 CVE-2025-34504 (KodExplorer 4.52 contains an open redirect vulnerability in 
the user l ...)
-       TODO: check
+       NOT-FOR-US: KodExplorer
 CVE-2025-34499 (AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2025-14538 (A security vulnerability has been detected in yangshare 
warehouseManag ...)
-       TODO: check
+       NOT-FOR-US: yangshare warehouseManager
 CVE-2025-14537 (A weakness has been identified in code-projects Class and Exam 
Timetab ...)
-       TODO: check
+       NOT-FOR-US: code-projects Class and Exam Timetable Management
 CVE-2025-14536 (A security flaw has been discovered in code-projects Class and 
Exam Ti ...)
-       TODO: check
+       NOT-FOR-US: code-projects Class and Exam Timetable Management
 CVE-2025-14467 (The WP Job Portal plugin for WordPress is vulnerable to Stored 
Cross-S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-14393 (The Wpik WordPress Basic Ajax Form plugin for WordPress is 
vulnerable  ...)
@@ -219,17 +219,17 @@ CVE-2025-13839 (The LJUsers plugin for WordPress is 
vulnerable to Stored Cross-S
 CVE-2025-13747 (The NewStatPress plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-13670 (The High Level Synthesis Compiler i++ command for Windows is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: Altera High Level Synthesis Compiler i++
 CVE-2025-13669 (Uncontrolled Search Path Element vulnerability in Altera High 
Level Sy ...)
-       TODO: check
+       NOT-FOR-US: Altera
 CVE-2025-13668 (A potential security vulnerability in Quartus\xae Prime Pro 
Edition De ...)
-       TODO: check
+       NOT-FOR-US: Altera
 CVE-2025-13665 (The System Console Utility for Windows is vulnerable to a DLL 
planting ...)
-       TODO: check
+       NOT-FOR-US: Altera
 CVE-2025-13664 (A potential security vulnerability in Quartus\xae Prime 
Standard Editi ...)
-       TODO: check
+       NOT-FOR-US: Altera
 CVE-2025-13663 (Under certain circumstances, the Quartus Prime Pro Installer 
for Windo ...)
-       TODO: check
+       NOT-FOR-US: Altera
 CVE-2025-13660 (The Guest Support plugin for WordPress is vulnerable to User 
Email Dis ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-13440 (The Premmerce Wishlist for WooCommerce plugin for WordPress is 
vulnera ...)
@@ -279,55 +279,55 @@ CVE-2025-10583 (The WP Fastest Cache plugin for WordPress 
is vulnerable to Serve
 CVE-2025-10451 (Unchecked output buffer may allowed arbitrary code execution 
in SMM an ...)
        NOT-FOR-US: Insyde
 CVE-2024-58313 (xbtitFM 4.1.18 contains an insecure file upload vulnerability 
that all ...)
-       TODO: check
+       NOT-FOR-US: xbtitFM
 CVE-2024-58312 (xbtitFM 4.1.18 contains a path traversal vulnerability that 
allows una ...)
-       TODO: check
+       NOT-FOR-US: xbtitFM
 CVE-2024-58310 (APC Network Management Card 4 contains a path traversal 
vulnerability  ...)
        TODO: check
 CVE-2024-58309 (xbtitFM 4.1.18 contains an unauthenticated SQL injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: xbtitFM
 CVE-2024-58308 (Quick.CMS 6.7 contains a SQL injection vulnerability that 
allows unaut ...)
-       TODO: check
+       NOT-FOR-US: Quick.CMS
 CVE-2024-58307 (CSZCMS 1.3.0 contains an authenticated SQL injection 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: CSZCMS
 CVE-2024-58306 (minaliC 2.0.0 contains a denial of service vulnerability that 
allows r ...)
-       TODO: check
+       NOT-FOR-US: MinaliC
 CVE-2024-58304 (SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: SPA-CART CMS
 CVE-2024-58303 (FoF Pretty Mail 1.1.2 contains a server-side template 
injection vulner ...)
-       TODO: check
+       NOT-FOR-US: FoF Pretty Mail
 CVE-2024-58302 (FoF Pretty Mail 1.1.2 contains a local file inclusion 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: FoF Pretty Mail
 CVE-2024-58301 (Purei CMS 1.0 contains a time-based blind SQL injection 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Purei CMS
 CVE-2024-58300 (Siklu MultiHaul TG series devices before version 2.0.0 contain 
an unau ...)
-       TODO: check
+       NOT-FOR-US: Siklu MultiHaul TG series devices
 CVE-2024-58298 (Compuware iStrobe Web 20.13 contains a pre-authentication 
remote code  ...)
-       TODO: check
+       NOT-FOR-US: Compuware iStrobe Web
 CVE-2024-58297 (PyroCMS v3.0.1 contains a stored cross-site scripting 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: PyroCMS
 CVE-2024-58296 (CE Phoenix v3.0.1 contains a stored cross-site scripting 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: CE Phoenix
 CVE-2024-58295 (ElkArte Forum 1.1.9 contains a remote code execution 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: ElkArte Forum
 CVE-2024-58294 (FreePBX 16 contains an authenticated remote code execution 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: FreePBX
 CVE-2024-58293 (Akaunting 3.1.8 contains a server-side template injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Akaunting
 CVE-2024-58292 (XMB Forum 1.9.12.06 contains a persistent cross-site scripting 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: XMB Forum
 CVE-2024-58291 (Flatboard 3.2 contains a stored cross-site scripting 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: Flatboard
 CVE-2024-58290 (Xhibiter NFT Marketplace 1.10.2 contains a SQL injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Xhibiter NFT Marketplace
 CVE-2024-58289 (Microweber 2.0.15 contains a stored cross-site scripting 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: microweber
 CVE-2024-58288 (Genexus Protection Server 9.7.2.10 contains an unquoted 
service path v ...)
-       TODO: check
+       NOT-FOR-US: Genexus Protection Server
 CVE-2024-58287 (reNgine 2.2.0 contains a command injection vulnerability in 
the nmap_c ...)
-       TODO: check
+       NOT-FOR-US: reNgine
 CVE-2024-58286 (dizqueTV 1.5.3 contains a remote code execution vulnerability 
that all ...)
-       TODO: check
+       NOT-FOR-US: dizqueTV
 CVE-2025-67742 (In JetBrains TeamCity before 2025.11 path traversal was 
possible via f ...)
        NOT-FOR-US: JetBrains
 CVE-2025-67741 (In JetBrains TeamCity before 2025.11 stored XSS was possible 
via sessi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8370bdbe7e2de4574606a0eec05c171d0c61927

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8370bdbe7e2de4574606a0eec05c171d0c61927
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to