[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5eb66ef3 by Salvatore Bonaccorso at 2025-12-23T22:20:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,7 +40,7 @@ CVE-2025-65354 (Improper input handling in 
/Grocery/search_products_itname.php i
 CVE-2025-59886 (Improper input validation at one of the endpoints of Eaton 
xComfort EC ...)
        NOT-FOR-US: Eaton
 CVE-2025-51511 (Cadmium CMS v.0.4.9 has a background arbitrary file upload 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Cadmium CMS
 CVE-2025-50526 (Netgear EX8000 V1.0.0.126 was discovered to contain a command 
injectio ...)
        NOT-FOR-US: Netgear
 CVE-2025-48864
@@ -60,7 +60,7 @@ CVE-2025-29229 (linksys E5600 V1.1.0.26 is vulnerable to 
command injection in th
 CVE-2025-29228 (Linksys E5600 V1.1.0.26 is vulnerable to command injection in 
the runt ...)
        NOT-FOR-US: Linksys
 CVE-2025-25364 (A command injection vulnerability in the 
me.connectify.SMJobBlessHelpe ...)
-       TODO: check
+       NOT-FOR-US: Speedify VPN
 CVE-2025-14635 (The Happy Addons for Elementor plugin for WordPress is 
vulnerable to S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-14548 (The Calendar plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
@@ -74,7 +74,7 @@ CVE-2025-14155 (The Premium Addons for Elementor \u2013 
Powerful Elementor Templ
 CVE-2025-14000 (The Membership Plugin \u2013 Restrict Content plugin for 
WordPress is  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-13183 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: Otello
 CVE-2025-13074
        REJECTED
 CVE-2025-12934 (The Beaver Builder \u2013 WordPress Page Builder plugin for 
WordPress  ...)
@@ -82,9 +82,9 @@ CVE-2025-12934 (The Beaver Builder \u2013 WordPress Page 
Builder plugin for Word
 CVE-2025-10863
        REJECTED
 CVE-2024-9684 (FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote 
attackers t ...)
-       TODO: check
+       NOT-FOR-US: FreyrSCADA/IEC-60870-5-104 server
 CVE-2024-57521 (SQL Injection vulnerability in RuoYi v.4.7.9 and before allows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: RuoYi
 CVE-2024-24844 (Missing Authorization vulnerability in IdeaBox Creations 
PowerPack Pro ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2024-10398
@@ -96,33 +96,33 @@ CVE-2023-5093
 CVE-2023-5092
        REJECTED
 CVE-2023-53982 (PMB 7.4.6 contains a SQL injection vulnerability in the 
storage parame ...)
-       TODO: check
+       NOT-FOR-US: PMB
 CVE-2023-52210 (Vulnerability in Tyche softwares Product Delivery Date for 
WooCommerce ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2021-47739 (Epic Games Easy Anti-Cheat 4.0 contains an unquoted service 
path vulne ...)
        TODO: check
 CVE-2021-47738 (CSZ CMS 1.2.7 contains a persistent cross-site scripting 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: CSZ CMS
 CVE-2021-47737 (CSZ CMS 1.2.7 contains an HTML injection vulnerability that 
allows aut ...)
-       TODO: check
+       NOT-FOR-US: CSZ CMS
 CVE-2021-47736 (CMSimple_XH 1.7.4 contains an authenticated remote code 
execution vuln ...)
-       TODO: check
+       NOT-FOR-US: CMSimple_XH
 CVE-2021-47735 (CMSimple 5.4 contains an authenticated remote code execution 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: CMSimple
 CVE-2021-47734 (CMSimple 5.4 contains an authenticated local file inclusion 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: CMSimple
 CVE-2021-47733 (CMSimple 5.4 contains a cross-site scripting vulnerability 
that allows ...)
-       TODO: check
+       NOT-FOR-US: CMSimple
 CVE-2021-47732 (CMSimple 5.2 contains a stored cross-site scripting 
vulnerability in t ...)
-       TODO: check
+       NOT-FOR-US: CMSimple
 CVE-2021-47722 (Zucchetti Axess CLOKI Access Control 1.64 contains a 
cross-site reques ...)
-       TODO: check
+       NOT-FOR-US: Zucchetti Axess CLOKI Access Control
 CVE-2021-47721 (Orangescrum 1.8.0 contains a privilege escalation 
vulnerability that a ...)
-       TODO: check
+       NOT-FOR-US: OrangeScrum
 CVE-2021-47720 (Orangescrum 1.8.0 contains an authenticated SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: OrangeScrum
 CVE-2021-47716 (Orangescrum 1.8.0 contains multiple cross-site scripting 
vulnerabiliti ...)
-       TODO: check
+       NOT-FOR-US: OrangeScrum
 CVE-2025-68343 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
        - linux 6.17.11-1
        NOTE: 
https://git.kernel.org/linus/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf (6.18)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5eb66ef365cb119f0a743357632e5925d9fecdbd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5eb66ef365cb119f0a743357632e5925d9fecdbd
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits