[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Aug 21 07:12:10 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db5a1edb by Salvatore Bonaccorso at 2025-08-21T08:11:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,7 +46,7 @@ CVE-2025-8449 (CWE-400: Uncontrolled Resource Consumption vulnerability exists t
 CVE-2025-8448 (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vu ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2025-8415 (A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP AP ...)
-	TODO: check
+	NOT-FOR-US: Cryostat
 CVE-2025-8309 (There is an improper privilege management vulnerability identified in  ...)
 	NOT-FOR-US: Zoho
 CVE-2025-8102 (The Easy Digital Downloads plugin for WordPress is vulnerable to Cross ...)
@@ -116,7 +116,7 @@ CVE-2025-54924 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists
 CVE-2025-54923 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2025-54175 (QuickCMS.EXT is vulnerable to Reflected XSS in sFileNameparameter in t ...)
-	TODO: check
+	NOT-FOR-US: QuickCMS
 CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in article creati ...)
 	NOT-FOR-US: QuickCMS
 CVE-2025-54172 (QuickCMS is vulnerable to Stored XSS in sTitleparameter in page editor ...)
@@ -130,7 +130,7 @@ CVE-2025-50904 (There is an authentication bypass vulnerability in WinterChenS m
 CVE-2025-50902 (Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Sho ...)
 	NOT-FOR-US: old-peanut Open-Shop
 CVE-2025-50901 (JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains  ...)
-	TODO: check
+	NOT-FOR-US: JeeWMS
 CVE-2025-50864 (An Origin Validation Error in the elysia-cors library thru 1.3.0 allow ...)
 	TODO: check
 CVE-2025-50503 (A vulnerability in the password reset workflow of the Touch Lebanon Mo ...)
@@ -202,7 +202,7 @@ CVE-2024-57152 (Incorrect access control in the preHandle function of my-site v1
 CVE-2024-53495 (Incorrect access control in the preHandle function of my-site v1.0.2.R ...)
 	NOT-FOR-US: my-site
 CVE-2024-50640 (jeewx-boot 1.3 has an authentication bypass vulnerability in the preHa ...)
-	TODO: check
+	NOT-FOR-US: jeewx-boot
 CVE-2012-10061 (Sockso Music Host Server versions <= 1.5 are vulnerable to a path trav ...)
 	NOT-FOR-US: Sockso Music Host Server
 CVE-2011-10030 (Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, creat ...)
@@ -323,11 +323,11 @@ CVE-2025-54363 (Microsoft Knack 0.12.0 allows Regular expression Denial of Servi
 	- knack <unfixed>
 	TODO: check upstream details
 CVE-2025-54145 (The QR scanner could allow arbitrary websites to be opened if a user w ...)
-	TODO: check
+	NOT-FOR-US: Firefox for iOS
 CVE-2025-54144 (The URL scheme used by Firefox to facilitate searching of text queries ...)
-	TODO: check
+	NOT-FOR-US: Firefox for iOS
 CVE-2025-54143 (Sandboxed iframes on webpages could potentially allow downloads to the ...)
-	TODO: check
+	NOT-FOR-US: Firefox for iOS
 CVE-2025-54056 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-54055 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db5a1edb14fafd7e80dc4c92172ebd66bb6f49aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db5a1edb14fafd7e80dc4c92172ebd66bb6f49aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250821/1926ca19/attachment.htm>
