[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 4 06:48:02 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8abed432 by Salvatore Bonaccorso at 2025-12-04T07:47:38+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2025-65842 (The Aquarius HelperTool (1.0.003) privileged XPC service on macO
 CVE-2025-65841 (Aquarius Desktop 3.0.069 for macOS stores user authentication credenti ...)
 	NOT-FOR-US: Aquarius Desktop
 CVE-2025-65345 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Direct ...)
-	TODO: check
+	NOT-FOR-US: alexusmai laravel-file-manager
 CVE-2025-65320 (Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable ...)
 	NOT-FOR-US: Abacre Restaurant Point of Sale (POS)
 CVE-2025-65267 (In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation ...)
@@ -55,7 +55,7 @@ CVE-2025-63402 (An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6
 CVE-2025-63401 (Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech ...)
 	NOT-FOR-US: HCL
 CVE-2025-62686 (A local privilege escalation vulnerability exists in the Plugin Allian ...)
-	TODO: check
+	NOT-FOR-US: Plugin Alliance Installation Manager
 CVE-2025-57202 (A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi en ...)
 	NOT-FOR-US: AVTECH
 CVE-2025-57201 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
@@ -69,7 +69,7 @@ CVE-2025-57198 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003
 CVE-2025-55182 (A pre-authentication remote code execution vulnerability exists in Rea ...)
 	TODO: check
 CVE-2025-55076 (A local privilege escalation vulnerability exists in the InstallationH ...)
-	TODO: check
+	NOT-FOR-US: Plugin Alliance Installation Manager
 CVE-2025-54326 (An issue was discovered in Camera in Samsung Mobile Processor Exynos 1 ...)
 	NOT-FOR-US: Samsung
 CVE-2025-54065 (GZDoom is a feature centric port for all Doom engine games. GZDoom is  ...)
@@ -93,7 +93,7 @@ CVE-2025-33208 (NVIDIA TAO contains a vulnerability where an attacker may cause
 CVE-2025-33201 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
 	NOT-FOR-US: NVIDIA
 CVE-2025-29864 (Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows ...)
-	TODO: check
+	NOT-FOR-US: ALZip
 CVE-2025-20389 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20388 (In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10,  ...)
@@ -117,7 +117,7 @@ CVE-2025-13992 (Side-channel information leakage in Navigation and Loading in Go
 CVE-2025-13949 (A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impac ...)
 	NOT-FOR-US: ProudMuBai GoFilm
 CVE-2025-13948 (A vulnerability was determined in opsre go-ldap-admin up to 20251011.  ...)
-	TODO: check
+	NOT-FOR-US: opsre go-ldap-admin
 CVE-2025-13947 (A flaw was found in WebKitGTK. This vulnerability allows remote, user- ...)
 	TODO: check
 CVE-2025-13756 (The Fluent Booking plugin for WordPress is vulnerable to unauthorized  ...)
@@ -127,7 +127,7 @@ CVE-2025-13751 (Interactive service agent in OpenVPN version 2.5.0 through 2.7_r
 CVE-2025-13492 (A potential security vulnerability has been identified in HP Image Ass ...)
 	NOT-FOR-US: HP
 CVE-2025-13472 (A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow user ...)
-	TODO: check
+	NOT-FOR-US: BlazeMeter Jenkins Plugin
 CVE-2025-13401 (The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13390 (The WP Directory Kit plugin for WordPress is vulnerable to authenticat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8abed43298e30ea1826bc2c21a81efc78fcb14f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8abed43298e30ea1826bc2c21a81efc78fcb14f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251204/28c9e547/attachment.htm>

More information about the debian-security-tracker-commits mailing list