[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 31 Dec 2025 00:52:19 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
295cdcb5 by Salvatore Bonaccorso at 2025-12-31T09:51:10+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-68131 (cbor2 provides encoding and decoding for the 
Concise Binary Obje
        NOTE: Fixed by: 
https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824
 (5.8.0)
        NOTE: Debian builds src:cbor2 with CBOR2_BUILD_C_EXTENSION=0 (not 
building C extensions)
 CVE-2025-66723 (inMusic Brands Engine DJ 4.3.0 suffers from Insecure 
Permissions due t ...)
-       TODO: check
+       NOT-FOR-US: inMusic Brands Engine DJ
 CVE-2025-62753 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-61594 (URI is a module providing classes to handle Uniform Resource 
Identifie ...)
@@ -39,17 +39,17 @@ CVE-2025-2026 (The NPort 6100-G2/6200-G2 Series is affected 
by a high-severity v
 CVE-2025-1977 (The NPort 6100-G2/6200-G2 Series is affected by an execution 
with unne ...)
        NOT-FOR-US: Moxa
 CVE-2025-15375 (A flaw has been found in EyouCMS up to 1.7.7. The impacted 
element is  ...)
-       TODO: check
+       NOT-FOR-US: EyouCMS
 CVE-2025-15374 (A vulnerability was detected in EyouCMS up to 1.7.7. The 
affected elem ...)
-       TODO: check
+       NOT-FOR-US: EyouCMS
 CVE-2025-15373 (A security vulnerability has been detected in EyouCMS up to 
1.7.7. Imp ...)
-       TODO: check
+       NOT-FOR-US: EyouCMS
 CVE-2025-15372 (A weakness has been identified in youlaitech 
vue3-element-admin up to  ...)
-       TODO: check
+       NOT-FOR-US: youlaitech vue3-element-admin
 CVE-2025-15371 (A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 
4G08, G0- ...)
        NOT-FOR-US: Tenda
 CVE-2025-15360 (A vulnerability was determined in newbee-mall-plus 2.0.0. This 
impacts ...)
-       TODO: check
+       NOT-FOR-US: newbee-mall-plus
 CVE-2025-15357 (A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This 
affects ...)
        NOT-FOR-US: D-Link
 CVE-2025-15356 (A vulnerability has been found in Tenda AC20 up to 
16.03.08.12. The im ...)
@@ -93,21 +93,21 @@ CVE-2025-15269 (FontForge SFD File Parsing Use-After-Free 
Remote Code Execution
        - fontforge <unfixed>
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1195/
 CVE-2025-15223 (A vulnerability was found in Philipinho Simple-PHP-Blog up to 
94b5d3e5 ...)
-       TODO: check
+       NOT-FOR-US: Philipinho Simple-PHP-Blog
 CVE-2025-15114 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains 
a criti ...)
-       TODO: check
+       NOT-FOR-US: Ksenia Security Lares
 CVE-2025-15113 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains 
an unpr ...)
-       TODO: check
+       NOT-FOR-US: Ksenia Security Lares
 CVE-2025-15112 (Ksenia Security Lares 4.0 version 1.6 contains a URL 
redirection vulne ...)
-       TODO: check
+       NOT-FOR-US: Ksenia Security Lares
 CVE-2025-15111 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains 
a defau ...)
-       TODO: check
+       NOT-FOR-US: Ksenia Security Lares
 CVE-2025-15017 (A vulnerability exists in serial device servers where active 
debug cod ...)
        NOT-FOR-US: Moxa
 CVE-2025-14987 (When system.enableCrossNamespaceCommands is enabled (on by 
default), t ...)
-       TODO: check
+       NOT-FOR-US: Temporal
 CVE-2025-14986 (When frontend.enableExecuteMultiOperation is enabled, the 
server can a ...)
-       TODO: check
+       NOT-FOR-US: Temporal
 CVE-2025-14783 (The Easy Digital Downloads plugin for WordPress is vulnerable 
to Unval ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-14434 (The Ultimate Post Kit Addons for Elementor WordPress plugin 
before 4.0 ...)
@@ -119,63 +119,63 @@ CVE-2025-11964 (On Windows only, if libpcap needs to 
convert a Windows error mes
 CVE-2025-11961 (pcap_ether_aton() is an auxiliary function in libpcap, it 
takes a stri ...)
        TODO: check
 CVE-2024-58338 (Anevia Flamingo XL 3.2.9 contains a restricted shell 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: Anevia Flamingo XL
 CVE-2024-58337 (Akuvox Smart Intercom S539 contains an improper access control 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Akuvox Smart Intercom S539
 CVE-2024-58336 (Akuvox Smart Intercom S539 contains an unauthenticated 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Akuvox Smart Intercom S539
 CVE-2024-58315 (Tosibox Key Service 3.3.0 contains an unquoted service path 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Tosibox Key Service
 CVE-2023-54327 (Tinycontrol LAN Controller 1.58a contains an authentication 
bypass vul ...)
-       TODO: check
+       NOT-FOR-US: Tinycontrol LAN Controller
 CVE-2023-54163 (NLB mKlik Macedonia 3.3.12 contains a SQL injection 
vulnerability in i ...)
-       TODO: check
+       NOT-FOR-US: NLB mKlik Macedonia
 CVE-2023-53983 (Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability 
with we ...)
-       TODO: check
+       NOT-FOR-US: Anevia Flamingo XL/XS
 CVE-2022-50804 (JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to 
cross-site reques ...)
-       TODO: check
+       NOT-FOR-US: JM-DATA ONU JF511-TV
 CVE-2022-50803 (JM-DATA ONU JF511-TV version 1.0.67 uses default credentials 
that allo ...)
-       TODO: check
+       NOT-FOR-US: JM-DATA ONU JF511-TV
 CVE-2022-50802 (ETAP Safety Manager 1.0.0.32 contains a cross-site scripting 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: ETAP Safety Manager
 CVE-2022-50801 (JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to 
authenticated sto ...)
-       TODO: check
+       NOT-FOR-US: JM-DATA ONU JF511-TV
 CVE-2022-50800 (H3C SSL VPN contains a user enumeration vulnerability that 
allows atta ...)
-       TODO: check
+       NOT-FOR-US: H3C
 CVE-2022-50799 (Fetch FTP Client 5.8.2 contains a denial of service 
vulnerability that ...)
-       TODO: check
+       NOT-FOR-US: Fetch FTP Client
 CVE-2022-50798 (SoX 14.4.2 contains a division by zero vulnerability when 
handling WAV ...)
        TODO: check
 CVE-2022-50796 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an 
unauthenticated remote ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50795 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional 
command inj ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50794 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain 
an unauth ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50793 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated 
command  ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50792 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain 
an unauth ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50791 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional 
command inj ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50790 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain 
an unauth ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50789 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command 
injection vulne ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50788 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information 
disclosure ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50787 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an 
unauthenticated ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50696 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain 
hardcoded ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50695 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50694 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50692 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain 
an insuff ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50691 (MiniDVBLinux 5.4 contains a remote command execution 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: MiniDVBLinux
 CVE-2025-69195
        - wget2 <unfixed>
        NOTE: Fixed by: 
https://gitlab.com/gnuwget/wget2/-/commit/fc7fcbc00e0a2c8606d44ab216195afb3f08cc98
 (v2.2.1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/295cdcb5c9864af776f0e502073871e6ee4f17de

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/295cdcb5c9864af776f0e502073871e6ee4f17de
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to