[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 5 08:24:14 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35864971 by Salvatore Bonaccorso at 2025-12-05T09:23:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2025-63896 (An issue in the Bluetooth Human Interface Device (HID) of JXL 9
 CVE-2025-62223 (User interface (ui) misrepresentation of critical information in Micro ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-55948 (This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6. ...)
-	TODO: check
+	NOT-FOR-US: yzcheng90 X-SpringBoot
 CVE-2025-53704 (The password reset mechanism for the Pivot client application is weak, ...)
 	TODO: check
 CVE-2025-32901 (In KDE Connect before 1.33.0 on Android, malicious device IDs (sent vi ...)
@@ -71,7 +71,7 @@ CVE-2025-32900 (In the KDE Connect information-exchange protocol before 2025-04-
 CVE-2025-32899 (In KDE Connect before 1.33.0 on Android, a packet can be crafted that  ...)
 	TODO: check
 CVE-2025-27935 (The OTP Integration Kit for PingFederate fails to enforce HTTP method  ...)
-	TODO: check
+	NOT-FOR-US: PingFederate
 CVE-2025-27389 (A flaw exists in the verification of application installation sources  ...)
 	TODO: check
 CVE-2025-1910 (The WatchGuard Mobile VPN with SSL Client on Windows allows a locally  ...)
@@ -81,9 +81,9 @@ CVE-2025-1547 (A stack-based buffer overflow vulnerability [CWE-121] in WatchGua
 CVE-2025-1545 (An XPath Injection vulnerability in WatchGuard Fireware OS may allow a ...)
 	NOT-FOR-US: WatchGuard
 CVE-2025-14052 (A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0.  ...)
-	TODO: check
+	NOT-FOR-US: youlaitech youlai-mall
 CVE-2025-14051 (A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected  ...)
-	TODO: check
+	NOT-FOR-US: youlaitech youlai-mall
 CVE-2025-13940 (An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard F ...)
 	NOT-FOR-US: WatchGuard
 CVE-2025-13939 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -95,7 +95,7 @@ CVE-2025-13937 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2025-13936 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WatchGuard
 CVE-2025-13932 (The SolisCloud API suffers from a Broken Access Control vulnerability, ...)
-	TODO: check
+	NOT-FOR-US: SolisCloud API
 CVE-2025-13860 (The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13684 (The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site ...)
@@ -135,13 +135,13 @@ CVE-2025-13066 (The Demo Importer Plus plugin for WordPress is vulnerable to arb
 CVE-2025-13006 (The SurveyFunnel \u2013 Survey Plugin for WordPress plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12997 (Insecure Direct Object Reference vulnerability in Medtronic CareLink N ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2025-12996 (Medtronic CareLink Network allows a local attacker with access to log  ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2025-12995 (Medtronic CareLink Network allows an unauthenticated remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2025-12994 (Medtronic CareLink Network allows an unauthenticated remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2025-12986 (When a WF200/WGM160P device is configured to operate as an Access Poin ...)
 	NOT-FOR-US: Silicon Labs
 CVE-2025-12850 (The My auctions allegro plugin for WordPress is vulnerable to SQL Inje ...)
@@ -207,15 +207,15 @@ CVE-2025-10055 (The Time Sheets plugin for WordPress is vulnerable to Cross-Site
 CVE-2024-58278 (perl2exe <= V30.10C contains an arbitrary code execution vulnerability ...)
 	TODO: check
 CVE-2024-58277 (R Radio Network FM Transmitter 1.07 allows unauthenticated attackers t ...)
-	TODO: check
+	NOT-FOR-US: R Radio Network FM Transmitter
 CVE-2024-58276 (Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Obi08/Enrollment System
 CVE-2024-58275 (Easywall 0.3.1 allows authenticated remote command execution via a com ...)
-	TODO: check
+	NOT-FOR-US: Easywall
 CVE-2023-53735 (WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: WEBIGniter
 CVE-2023-53734 (dawa-pharma-1.0 allows unauthenticated attackers to execute SQL querie ...)
-	TODO: check
+	NOT-FOR-US: dawa-pharma-1.0
 CVE-2016-20023 (In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users c ...)
 	TODO: check
 CVE-2025-14025



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35864971643f20e576b0a9b4b0925e79f6c05023

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35864971643f20e576b0a9b4b0925e79f6c05023
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251205/48b92156/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list