[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 8 20:51:19 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d49e482 by Salvatore Bonaccorso at 2025-12-08T21:50:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,17 +45,17 @@ CVE-2025-65548 (NUT-14 allows cashu tokens to be created with a preimage hash. H
 CVE-2025-65363 (Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1. ...)
 	NOT-FOR-US: Ruijie
 CVE-2025-65271 (Client-side template injection (CSTI) in Azuriom CMS admin dashboard a ...)
-	TODO: check
+	NOT-FOR-US: Azuriom CMS admin dashboard
 CVE-2025-65231 (Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Script ...)
-	TODO: check
+	NOT-FOR-US: Barix Instreamer
 CVE-2025-65230 (Barix Instreamer v04.06 and v04.05 contains a stored cross-site script ...)
-	TODO: check
+	NOT-FOR-US: Barix Instreamer
 CVE-2025-64081 (SQL injection vulnerability in /php/api_patient_schedule.php in Source ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-63721 (HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component allow ...)
-	TODO: check
+	NOT-FOR-US: HummerRisk
 CVE-2025-61318 (Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vu ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2025-60912 (phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerabil ...)
 	- phpipam <itp> (bug #731713)
 CVE-2025-59391 (A memory disclosure vulnerability exists in libcoap's OSCORE configura ...)
@@ -169,11 +169,11 @@ CVE-2025-48536 (In grantAllowlistedPackagePermissions of SettingsSliceProvider.j
 CVE-2025-48525 (In disassociate of DisassociationProcessor.java, there is a possible w ...)
 	NOT-FOR-US: Android
 CVE-2025-42620 (In affected versions, vulnerability-lookup handled user-controlled  co ...)
-	TODO: check
+	NOT-FOR-US: CIRCL Vulnerability-Lookup
 CVE-2025-42616 (Some endpoints in vulnerability-lookup that modified  application stat ...)
-	TODO: check
+	NOT-FOR-US: CIRCL Vulnerability-Lookup
 CVE-2025-42615 (In affected versions, vulnerability-lookup did not track or limit fail ...)
-	TODO: check
+	NOT-FOR-US: CIRCL Vulnerability-Lookup
 CVE-2025-32329 (In multiple functions of Session.java, there is a possible way to view ...)
 	NOT-FOR-US: Android
 CVE-2025-32328 (In multiple functions of Session.java, there is a possible way to view ...)
@@ -181,15 +181,15 @@ CVE-2025-32328 (In multiple functions of Session.java, there is a possible way t
 CVE-2025-32319 (In ensureBound of RemotePrintService.java, there is a possible way for ...)
 	NOT-FOR-US: Android
 CVE-2025-27020 (Improper configuration of the SSH service in Infinera MTC-9 allows an  ...)
-	TODO: check
+	NOT-FOR-US: Infinera MTC-9
 CVE-2025-27019 (Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allo ...)
-	TODO: check
+	NOT-FOR-US: Infinera MTC-9
 CVE-2025-26489 (Improper input validation in the Netconf service in Infinera MTC-9 all ...)
-	TODO: check
+	NOT-FOR-US: Infinera MTC-9
 CVE-2025-26488 (Improper Input Validation vulnerability in Infinera MTC-9 allows remot ...)
-	TODO: check
+	NOT-FOR-US: Infinera MTC-9
 CVE-2025-26487 (Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 ver ...)
-	TODO: check
+	NOT-FOR-US: Infinera MTC-9
 CVE-2025-22432 (In notifyTimeout of CallRedirectionProcessor.java, there is a possible ...)
 	NOT-FOR-US: Android
 CVE-2025-22420 (In multiple locations, there is a possible way to leak audio files acr ...)
@@ -197,11 +197,11 @@ CVE-2025-22420 (In multiple locations, there is a possible way to leak audio fil
 CVE-2025-14271
 	REJECTED
 CVE-2025-14262 (A wrong permission check in KNIME Business Hub before version 1.17.0 a ...)
-	TODO: check
+	NOT-FOR-US: KNIME Business Hub
 CVE-2025-14261 (The Litmus platform uses JWT for authentication and authorization, but ...)
-	TODO: check
+	NOT-FOR-US: Litmus platform
 CVE-2025-14259 (A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0 ...)
-	TODO: check
+	NOT-FOR-US: Jihai Jshop MiniProgram Mall System
 CVE-2025-14258 (A vulnerability has been found in itsourcecode Student Management Syst ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-14257 (A flaw has been found in itsourcecode Student Management System 1.0. A ...)
@@ -215,31 +215,31 @@ CVE-2025-14250 (A weakness has been identified in code-projects Online Ordering
 CVE-2025-14249 (A security flaw has been discovered in code-projects Online Ordering S ...)
 	NOT-FOR-US: code-projects
 CVE-2025-14248 (A vulnerability was identified in code-projects Simple Shopping Cart 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects Simple Shopping Cart
 CVE-2025-14247 (A vulnerability was determined in code-projects Simple Shopping Cart 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects Simple Shopping Cart
 CVE-2025-14246 (A vulnerability was found in code-projects Simple Shopping Cart 1.0. T ...)
-	TODO: check
+	NOT-FOR-US: code-projects Simple Shopping Cart
 CVE-2025-14245 (A vulnerability has been found in IdeaCMS up to 1.8. This affects the  ...)
-	TODO: check
+	NOT-FOR-US: IdeaCMS
 CVE-2025-14244 (A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is  ...)
-	TODO: check
+	NOT-FOR-US: GreenCMS
 CVE-2025-14230 (A vulnerability was detected in code-projects Daily Time Recording Sys ...)
 	NOT-FOR-US: code-projects
 CVE-2025-14229 (A security vulnerability has been detected in SourceCodester Inventory ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-14228 (A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impa ...)
-	TODO: check
+	NOT-FOR-US: Yealink SIP-T21P
 CVE-2025-14227 (A security flaw has been discovered in Philipinho Simple-PHP-Blog up t ...)
-	TODO: check
+	NOT-FOR-US: Philipinho Simple-PHP-Blog
 CVE-2025-14226 (A vulnerability was identified in itsourcecode Student Management Syst ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-14225 (A vulnerability was determined in D-Link DCS-930L 1.15.04. This affect ...)
 	NOT-FOR-US: D-Link
 CVE-2025-14224 (A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2. ...)
-	TODO: check
+	NOT-FOR-US: Yottamaster DM2, DM3 and DM200
 CVE-2025-14223 (A vulnerability has been found in code-projects Simple Leave Manager 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects Simple Leave Manager
 CVE-2025-12956 (A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA  ...)
 	NOT-FOR-US: Dassault Systemes
 CVE-2025-59030 [Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d49e4824027f453013af2d5c6af42e2e9cf492b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d49e4824027f453013af2d5c6af42e2e9cf492b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251208/eda55a71/attachment.htm>

More information about the debian-security-tracker-commits mailing list