[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 5 21:15:19 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad6d30b3 by Salvatore Bonaccorso at 2025-12-05T22:14:50+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,25 +75,25 @@ CVE-2025-66418 (urllib3 is a user-friendly HTTP client library for Python. Start
 	NOTE: https://www.openwall.com/lists/oss-security/2025/12/05/4
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53
 CVE-2025-65897 (zdh_web is a data collection, processing, monitoring, scheduling, and  ...)
-	TODO: check
+	NOT-FOR-US: zdh_web
 CVE-2025-65879 (Warehouse Management System 1.2 contains an authenticated arbitrary fi ...)
-	TODO: check
+	NOT-FOR-US: Warehouse Management System
 CVE-2025-65878 (The warehouse management system version 1.2 contains an arbitrary file ...)
-	TODO: check
+	NOT-FOR-US: Warehouse Management System
 CVE-2025-65730 (Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, ...)
-	TODO: check
+	NOT-FOR-US: GoAway
 CVE-2025-65036 (XWiki Remote Macros provides XWiki rendering macros that are useful wh ...)
 	NOT-FOR-US: XWiki
 CVE-2025-64057 (Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows una ...)
-	TODO: check
+	NOT-FOR-US: Fanvil x210
 CVE-2025-64056 (File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Fanvil x210
 CVE-2025-64054 (A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2. ...)
-	TODO: check
+	NOT-FOR-US: Fanvil x210
 CVE-2025-64053 (A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows  ...)
-	TODO: check
+	NOT-FOR-US: Fanvil x210
 CVE-2025-64052 (An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Fanvil x210
 CVE-2025-46603 (Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, conta ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-34266 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a stored c ...)
@@ -121,23 +121,23 @@ CVE-2025-34256 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a ha
 CVE-2025-14104 (A flaw was found in util-linux. This vulnerability allows a heap buffe ...)
 	TODO: check
 CVE-2025-14094 (A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected elem ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2025-14093 (A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted i ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2025-14092 (A security vulnerability has been detected in Edimax BR-6478AC V3 1.0. ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2025-14091 (A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to  ...)
-	TODO: check
+	NOT-FOR-US: TrippWasTaken PHP-Guitar-Shop
 CVE-2025-14090 (A security flaw has been discovered in AMTT Hotel Broadband Operation  ...)
-	TODO: check
+	NOT-FOR-US: AMTT Hotel Broadband Operation System
 CVE-2025-14089 (A vulnerability was identified in Himool ERP up to 2.2. Affected by th ...)
-	TODO: check
+	NOT-FOR-US: Himool ERP
 CVE-2025-14088 (A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by ...)
-	TODO: check
+	NOT-FOR-US: ketr JEPaaS
 CVE-2025-14086 (A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affec ...)
-	TODO: check
+	NOT-FOR-US: youlaitech youlai-mall
 CVE-2025-14085 (A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0.  ...)
-	TODO: check
+	NOT-FOR-US: youlaitech youlai-mall
 CVE-2025-13739 (The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13682 (The Trail Manager plugin for WordPress is vulnerable to Stored Cross-S ...)
@@ -157,19 +157,19 @@ CVE-2025-12876 (The Projectopia \u2013 WordPress Project Management plugin for W
 CVE-2025-12851 (The My auctions allegro plugin for WordPress is vulnerable to Local Fi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2020-36882 (Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload a ...)
-	TODO: check
+	NOT-FOR-US: Flexsense DiskBoss
 CVE-2020-36881 (Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Flexsense DiskBoss
 CVE-2020-36880 (Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Flexsense DiskBoss
 CVE-2020-36879 (Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate ...)
-	TODO: check
+	NOT-FOR-US: Flexsense DiskBoss
 CVE-2020-36878 (ReQuest Serious Play Media Player 3.0 contains an unauthenticated file ...)
-	TODO: check
+	NOT-FOR-US: ReQuest Serious Play Media Player
 CVE-2020-36877 (ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: ReQuest Serious Play F3 Media Server
 CVE-2020-36876 (ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2. ...)
-	TODO: check
+	NOT-FOR-US: ReQuest Serious Play F3 Media Server
 CVE-2025-6946 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WatchGuard
 CVE-2025-66576 (Remote Keyboard Desktop 1.0.1 enables remote attackers to execute syst ...)
@@ -221,9 +221,9 @@ CVE-2025-66506 (Fulcio is a free-to-use certificate authority for issuing code s
 CVE-2025-66479 (Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforci ...)
 	NOT-FOR-US: Anthropic Sandbox Runtime
 CVE-2025-66238 (DCIM dcTrack allows an attacker to misuse certain remote access featur ...)
-	TODO: check
+	NOT-FOR-US: Sunbird DCIM dcTrack
 CVE-2025-66237 (DCIM dcTrack platforms utilize default and hard-coded credentials for  ...)
-	TODO: check
+	NOT-FOR-US: Sunbird DCIM dcTrack
 CVE-2025-65959 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
 	NOT-FOR-US: open-webui
 CVE-2025-65900 (Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerab ...)
@@ -231,13 +231,13 @@ CVE-2025-65900 (Kalmia CMS version 0.2.0 contains an Incorrect Access Control vu
 CVE-2025-65899 (Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in  ...)
 	NOT-FOR-US: Kalmia CMS
 CVE-2025-63896 (An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch C ...)
-	TODO: check
+	NOT-FOR-US: JXL 9 Inch Car Android Double Din Player Android
 CVE-2025-62223 (User interface (ui) misrepresentation of critical information in Micro ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-55948 (This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6. ...)
 	NOT-FOR-US: yzcheng90 X-SpringBoot
 CVE-2025-53704 (The password reset mechanism for the Pivot client application is weak, ...)
-	TODO: check
+	NOT-FOR-US: MAXHUB
 CVE-2025-32901 (In KDE Connect before 1.33.0 on Android, malicious device IDs (sent vi ...)
 	TODO: check
 CVE-2025-32900 (In the KDE Connect information-exchange protocol before 2025-04-18, a  ...)
@@ -247,7 +247,7 @@ CVE-2025-32899 (In KDE Connect before 1.33.0 on Android, a packet can be crafted
 CVE-2025-27935 (The OTP Integration Kit for PingFederate fails to enforce HTTP method  ...)
 	NOT-FOR-US: PingFederate
 CVE-2025-27389 (A flaw exists in the verification of application installation sources  ...)
-	TODO: check
+	NOT-FOR-US: ColorOS
 CVE-2025-1910 (The WatchGuard Mobile VPN with SSL Client on Windows allows a locally  ...)
 	NOT-FOR-US: WatchGuard
 CVE-2025-1547 (A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fi ...)
@@ -379,7 +379,7 @@ CVE-2025-10285 (The web interface of the Silicon Labs Simplicity Device Manager
 CVE-2025-10055 (The Time Sheets plugin for WordPress is vulnerable to Cross-Site Reque ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-58278 (perl2exe <= V30.10C contains an arbitrary code execution vulnerability ...)
-	TODO: check
+	NOT-FOR-US: perl2exe
 CVE-2024-58277 (R Radio Network FM Transmitter 1.07 allows unauthenticated attackers t ...)
 	NOT-FOR-US: R Radio Network FM Transmitter
 CVE-2024-58276 (Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad6d30b3962b57cbec84dd41d02f0a508f76389a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad6d30b3962b57cbec84dd41d02f0a508f76389a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251205/1c70b294/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list