[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 05 Jan 2026 12:38:07 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0e272385 by Salvatore Bonaccorso at 2026-01-05T21:34:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,57 +63,57 @@ CVE-2025-67316 (An issue in realme Internet browser 
v.45.13.4.1 allows a remote
 CVE-2025-67315 (Cross Site Request Forgery vulnerability in Employee Leave 
Management  ...)
        NOT-FOR-US: Employee Leave Management System
 CVE-2025-67303 (An issue in ComfyUI-Manager prior to version 3.38 allowed 
remote attac ...)
-       TODO: check
+       NOT-FOR-US: ComfyUI-Manager
 CVE-2025-66518 (Any client who can access to Apache Kyuubi Server via Kyuubi 
frontend  ...)
        TODO: check
 CVE-2025-66376 (Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 
10.1.13 a ...)
        NOT-FOR-US: Zimbra
 CVE-2025-65922 (PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors 
headers, al ...)
-       TODO: check
+       NOT-FOR-US: plankanban/planka
 CVE-2025-65328 (Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first 
value o ...)
-       TODO: check
+       NOT-FOR-US: Mega-Fence (webgate-lib.*)
 CVE-2025-64421 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2025-64420 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2025-64419 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2025-61781 (OpenCTI is an open source platform for managing cyber threat 
intellige ...)
-       TODO: check
+       NOT-FOR-US: OpenCTI
 CVE-2025-5965 (In the backup parameters, a user with high privilege is able to 
concat ...)
        NOT-FOR-US: Centreon
 CVE-2025-59955 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2025-59467 (A Cross-Site Scripting (XSS) vulnerability in the UCRM 
Argentina AFIP  ...)
-       TODO: check
+       NOT-FOR-US: Ubiquiti
 CVE-2025-59158 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2025-59157 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2025-59156 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2025-57836 (An issue was discovered in Samsung Magician 6.3.0 through 
8.3.2 on Win ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-55204 (muffon is a cross-platform music streaming client for desktop. 
Version ...)
-       TODO: check
+       NOT-FOR-US: muffon
 CVE-2025-53966 (An issue was discovered in Samsung Mobile Processor Exynos 
1380, 1480, ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-53344 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress 
Thim Core ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52519 (An issue was discovered in the Camera in Samsung Mobile 
Processor and  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-52517 (An issue was discovered in the Camera in Samsung Mobile 
Processor and  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-52516 (An issue was discovered in the Camera in Samsung Mobile 
Processor and  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-52515 (An issue was discovered in the Camera in Samsung Mobile 
Processor and  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-49495 (An issue was discovered in the WiFi driver in Samsung Mobile 
Processor ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-46255 (Missing Authorization vulnerability in Marketing Fire LLC 
LoginWP - Pr ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-43706 (An issue was discovered in L2 in Samsung Mobile Processor, 
Wearable Pr ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-39561 (Missing Authorization vulnerability in Marketing Fire, LLC 
LoginWP - P ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-39497 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -121,27 +121,27 @@ CVE-2025-39497 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2025-39484 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31048 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Themi ...)
-       TODO: check
+       NOT-FOR-US: Shopo
 CVE-2025-31047 (Deserialization of Untrusted Data vulnerability in Themify 
Themify Edm ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31046 (Missing Authorization vulnerability in WPvibes AnyWhere 
Elementor Pro  ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31044 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Premium SEO Pack
 CVE-2025-30633 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-27807 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-15240 (QOCA aim AI Medical Cloud Platform developed by Quanta 
Computer has an ...)
-       TODO: check
+       NOT-FOR-US: Quanta Computer
 CVE-2025-15239 (QOCA aim AI Medical Cloud Platform developed by Quanta 
Computer has a  ...)
-       TODO: check
+       NOT-FOR-US: Quanta Computer
 CVE-2025-15029 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Centreon
 CVE-2025-15026 (Missing Authentication for Critical Function vulnerability in 
Centreon ...)
        NOT-FOR-US: Centreon
 CVE-2025-14346 (WHILL Model C2 Electric Wheelchairs and Model F Power Chairs 
do not en ...)
-       TODO: check
+       NOT-FOR-US: WHILL
 CVE-2025-13056 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: Centreon
 CVE-2025-12519 (Missing Authorization vulnerability in Centreon Infra 
Monitoring (Admi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e27238588e1a59faedead85e70aa2370b99648a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e27238588e1a59faedead85e70aa2370b99648a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to