[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 1 20:43:20 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
342b54b9 by Salvatore Bonaccorso at 2025-12-01T21:42:42+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast  ...)
 	NOT-FOR-US: Avast Antivirus on MacOS
 CVE-2025-8045 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2025-7007 (NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Av ...)
 	NOT-FOR-US: Avast Antivirus on MacOS
 CVE-2025-6349 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2025-65838 (PublicCMS V5.202506.b is vulnerable to path traversal via the doUpload ...)
 	NOT-FOR-US: PublicCMS
 CVE-2025-65836 (PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of  ...)
@@ -57,21 +57,21 @@ CVE-2025-63522 (Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Commen
 CVE-2025-63520 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id  ...)
 	NOT-FOR-US: FeehiCMS
 CVE-2025-63365 (SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: SoftSea EPUB File Reader
 CVE-2025-63317 (Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/u ...)
-	TODO: check
+	NOT-FOR-US: Todoist
 CVE-2025-63095 (Improper input validation in the BitstreamWriter::write_bits() functio ...)
-	TODO: check
+	NOT-FOR-US: Tempus Ex hello-video-codec
 CVE-2025-61229 (An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local  ...)
-	TODO: check
+	NOT-FOR-US: Shirt Pocket's SuperDuper!
 CVE-2025-61228 (An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local  ...)
-	TODO: check
+	NOT-FOR-US: Shirt Pocket's SuperDuper!
 CVE-2025-59789 (Uncontrolled recursion in the json2pb component in Apache bRPC (versio ...)
 	TODO: check
 CVE-2025-58408 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2025-57489 (Incorrect access control in the SDAgent component of Shirt Pocket Supe ...)
-	TODO: check
+	NOT-FOR-US: Shirt Pocket's SuperDuper!
 CVE-2025-55222 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
 	TODO: check
 CVE-2025-55221 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
@@ -85,9 +85,9 @@ CVE-2025-54849 (A denial of service vulnerability exists in the Modbus TCP and M
 CVE-2025-54848 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
 	TODO: check
 CVE-2025-51683 (A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows  ...)
-	TODO: check
+	NOT-FOR-US: mJobtime
 CVE-2025-51682 (mJobtime 15.7.2 handles authorization on the client side, which allows ...)
-	TODO: check
+	NOT-FOR-US: mJobtime
 CVE-2025-49643 (An authenticated Zabbix user (including Guest) is able to cause dispro ...)
 	TODO: check
 CVE-2025-49642 (Library loading on AIX Zabbix Agent builds can be hijacked by local us ...)
@@ -99,13 +99,13 @@ CVE-2025-41738 (An unauthenticated remote attacker may cause the visualisation s
 CVE-2025-41700 (An unauthenticated attacker can trick a local user into executing arbi ...)
 	NOT-FOR-US: CODESYS
 CVE-2025-41070 (Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clicked ...)
-	TODO: check
+	NOT-FOR-US: Sanoma Clickedu
 CVE-2025-3500 (Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1. ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2025-34297 (KissFFT versions prior to the fix commit 1b083165 contain an integer o ...)
-	TODO: check
+	NOT-FOR-US: KissFFT
 CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2025-27232 (An authenticated Zabbix Super Admin can exploit the oauth.authorize ac ...)
 	TODO: check
 CVE-2025-26858 (A buffer overflow vulnerability exists in the Modbus TCP functionality ...)
@@ -121,39 +121,39 @@ CVE-2025-13836 (When reading an HTTP response from a server, if no read amount i
 CVE-2025-13835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-13829 (Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurv ...)
-	TODO: check
+	NOT-FOR-US: Data Illusion Zumbrunn NGSurvey
 CVE-2025-13819 (Open redirect in the web server component of MiR Robot and Fleet softw ...)
-	TODO: check
+	NOT-FOR-US: MiR Robot and Fleet software
 CVE-2025-13816 (A security vulnerability has been detected in moxi159753 Mogu Blog v2  ...)
-	TODO: check
+	NOT-FOR-US: moxi159753 Mogu Blog
 CVE-2025-13815 (A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. T ...)
-	TODO: check
+	NOT-FOR-US: moxi159753 Mogu Blog
 CVE-2025-13653 (In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise mo ...)
-	TODO: check
+	NOT-FOR-US: Search Guard FLX
 CVE-2025-13296 (Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology I ...)
-	TODO: check
+	NOT-FOR-US: T-Soft E-Commerce
 CVE-2025-13129 (Improper Enforcement of Behavioral Workflow vulnerability in Seneka So ...)
-	TODO: check
+	NOT-FOR-US: Onaylarim
 CVE-2025-12756 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 1 ...)
 	TODO: check
 CVE-2025-11772 (A carefully crafted DLL, copied to   C:\ProgramData\Synaptics   folder ...)
 	NOT-FOR-US: Synaptics
 CVE-2025-11699 (nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate s ...)
-	TODO: check
+	NOT-FOR-US: nopCommerce
 CVE-2025-10101 (Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2024-56089 (An issue in Technitium through v13.2.2 enables attackers to conduct a  ...)
-	TODO: check
+	NOT-FOR-US: Technitium
 CVE-2024-53684 (A cross-site request forgery (csrf) vulnerability exists in the WEBVIE ...)
-	TODO: check
+	NOT-FOR-US: Socomec DIRIS Digiware M-70
 CVE-2024-49572 (A denial of service vulnerability exists in the Modbus TCP functionali ...)
 	TODO: check
 CVE-2024-48894 (A cleartext transmission vulnerability exists in the WEBVIEW-M functio ...)
-	TODO: check
+	NOT-FOR-US: Socomec DIRIS Digiware M-70
 CVE-2024-48882 (A denial of service vulnerability exists in the Modbus TCP functionali ...)
-	TODO: check
+	NOT-FOR-US: Socomec DIRIS Digiware M-70
 CVE-2024-45370 (An authentication bypass vulnerability exists in the User profile mana ...)
-	TODO: check
+	NOT-FOR-US: Socomec Easy Config System
 CVE-2024-39148 (The service wmp-agent of KerOS prior 5.12 does not properly validate s ...)
 	TODO: check
 CVE-2024-32388 (Due to a firewall misconfiguration, Kerlink devices running KerOS prio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/342b54b910df5a27ce6cb9a3b954e2f26bb6844e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/342b54b910df5a27ce6cb9a3b954e2f26bb6844e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251201/8935f65a/attachment.htm>

More information about the debian-security-tracker-commits mailing list