[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 9 21:11:27 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9055985 by Salvatore Bonaccorso at 2025-12-09T22:10:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -601,7 +601,7 @@ CVE-2025-59132 (Cross-Site Request Forgery (CSRF) vulnerability in Badi Jones Du
 CVE-2025-57823 (A direct request ('forced browsing') vulnerability in Fortinet FortiAu ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-56704 (LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: LeptonCMS
 CVE-2025-55233 (Out-of-bounds read in Windows Projected File System allows an authoriz ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-54838 (An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4. ...)
@@ -629,33 +629,33 @@ CVE-2025-46637 (Dell Encryption, versions prior to 11.12.1, contain an Improper
 CVE-2025-46636 (Dell Encryption, versions prior to 11.12.1, contain an Improper Link R ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-41752 (An XSS vulnerability in pxc_portSfp.php can be used by an unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41751 (An XSS vulnerability in pxc_portCntr.php can be used by an unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41750 (An XSS vulnerability in pxc_PortCfg.php can be used by an unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41749 (An XSS vulnerability in port_util.php can be used by an unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41748 (An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41747 (An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthen ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41746 (An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthent ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41745 (An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenti ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41697 (An attacker can use an undocumented UART port on the PCB as a side-cha ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41696 (An attacker can use an undocumented UART port on the PCB as a side-cha ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41695 (An XSS vulnerability in dyn_conn.php can be used by an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41694 (A low privileged remote attacker can run the webshell with an empty co ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41693 (A low privileged remote attacker can use the ssh feature to execute co ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-41692 (A high privileged remote attacker with admin privileges for the webUI  ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2025-40941 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
 	NOT-FOR-US: Siemens
 CVE-2025-40940 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
@@ -687,9 +687,9 @@ CVE-2025-40801 (A vulnerability has been identified in COMOS V10.6 (All versions
 CVE-2025-40800 (A vulnerability has been identified in COMOS V10.6 (All versions), COM ...)
 	NOT-FOR-US: Siemens
 CVE-2025-34414 (Entrust Instant Financial Issuance (IFI) On Premise software (formerly ...)
-	TODO: check
+	NOT-FOR-US: Entrust Instant Financial Issuance (IFI) On Premise software
 CVE-2025-34413 (Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism f ...)
-	TODO: check
+	NOT-FOR-US: Legality WHISTLEBLOWING by DigitalPA
 CVE-2025-34409 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
 	NOT-FOR-US: MailEnable
 CVE-2025-34408 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
@@ -755,17 +755,17 @@ CVE-2025-12705 (The Social Reviews & Recommendations plugin for WordPress is vul
 CVE-2025-12558 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: UNIS
 CVE-2025-12381 (Improper Privilege Management vulnerability in AlgoSec Firewall Analyz ...)
 	NOT-FOR-US: AlgoSec
 CVE-2025-11531 (HP System Event Utility and Omen Gaming Hub might allow execution of   ...)
 	NOT-FOR-US: HP
 CVE-2025-11022 (Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Pa ...)
-	TODO: check
+	NOT-FOR-US: Panilux
 CVE-2025-10876 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: e-BAP Automation
 CVE-2025-10655 (SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data d ...)
-	TODO: check
+	NOT-FOR-US: Frappe HelpDesk
 CVE-2025-10573 (Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 al ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-56840 (A vulnerability has been identified in RUGGEDCOM ROX II family (All ve ...)
@@ -963,11 +963,11 @@ CVE-2025-14285 (A vulnerability was found in code-projects Employee Profile Mana
 CVE-2025-14284 (Versions of the package @tiptap/extension-link before 2.10.4 are vulne ...)
 	TODO: check
 CVE-2025-14276 (A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.e ...)
-	TODO: check
+	NOT-FOR-US: Ilevia EVE X1 Server
 CVE-2025-13604 (The Login Security, FireWall, Malware removal by CleanTalk plugin for  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13428 (A vulnerability exists in the SecOps SOAR server. The custom integrati ...)
-	TODO: check
+	NOT-FOR-US: SecOps SOAR server
 CVE-2025-13071 (The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13070 (The CSV to SortTable WordPress plugin through 4.2 does not validate so ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9055985f243133eb152c604a19375ad95925a0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9055985f243133eb152c604a19375ad95925a0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/1ea0cb1b/attachment.htm>

More information about the debian-security-tracker-commits mailing list