[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 6 08:58:19 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cfca9567 by Salvatore Bonaccorso at 2025-12-06T09:57:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2025-8148 (An Improper Access Control in the SFTP service in Fortra's GoAnywhere ...)
NOT-FOR-US: Fortra
CVE-2025-66629 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
- TODO: check
+ NOT-FOR-US: HedgeDoc
CVE-2025-34291 (Langflow versions up to and including 1.6.9 contain a chained vulnerab ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2025-14117 (A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is ...)
- TODO: check
+ NOT-FOR-US: fit2cloud Halo
CVE-2025-14116 (A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vu ...)
- TODO: check
+ NOT-FOR-US: xerrors Yuxi-Know
CVE-2025-14111 (A security vulnerability has been detected in Rarlab RAR App up to 7.1 ...)
- TODO: check
+ NOT-FOR-US: Rarlab RAR App on Android
CVE-2025-14108 (A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Af ...)
- TODO: check
+ NOT-FOR-US: ZSPACE Q2C NAS
CVE-2025-14107 (A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.021005 ...)
- TODO: check
+ NOT-FOR-US: ZSPACE Q2C NAS
CVE-2025-14106 (A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Af ...)
- TODO: check
+ NOT-FOR-US: ZSPACE Q2C NAS
CVE-2025-14105 (A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47 ...)
- TODO: check
+ NOT-FOR-US: TOZED ZLT M30S and ZLT M30S PRO
CVE-2025-13922 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13907 (The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Si ...)
@@ -47,7 +47,7 @@ CVE-2025-13629 (The WP Landing Page plugin for WordPress is vulnerable to Cross-
CVE-2025-13626 (The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site S ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13426 (A vulnerability exists in Google Apigee's JavaCallout policy https:// ...)
- TODO: check
+ NOT-FOR-US: Apigee
CVE-2025-13377 (The 10Web Booster \u2013 Website speed optimization, Cache & Page Spee ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13358 (The Accessiy By CodeConfig Accessibility plugin for WordPress is vulne ...)
@@ -57,7 +57,7 @@ CVE-2025-13309 (The Accessiy By CodeConfig Accessibility \u2013 Easy One-Click A
CVE-2025-13308 (The Application Passwords plugin for WordPress is vulnerable to Reflec ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13292 (A vulnerability in Apigee-X allowed an attacker to gain unauthorized r ...)
- TODO: check
+ NOT-FOR-US: Apigee-X
CVE-2025-13137 (The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12721 (The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Info ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfca956769a273a4cfa2602463e67ddaf554ddef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfca956769a273a4cfa2602463e67ddaf554ddef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251206/9fd03104/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list