[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 10 08:39:21 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffa3ddb0 by Salvatore Bonaccorso at 2025-12-10T09:38:53+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2025-67489 (@vitejs/plugin-rs provides React Server Components (RSC) support
 CVE-2025-67488 (SiYuan is self-hosted, open source personal knowledge management softw ...)
 	NOT-FOR-US: SiYuan
 CVE-2025-67485 (mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and  ...)
-	TODO: check
+	NOT-FOR-US: mad-proxy
 CVE-2025-66645 (NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are v ...)
 	NOT-FOR-US: NiceGUI
 CVE-2025-66626 (Argo Workflows is an open source container-native workflow engine for  ...)
@@ -57,11 +57,11 @@ CVE-2025-66626 (Argo Workflows is an open source container-native workflow engin
 CVE-2025-66625 (Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temp ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2025-66457 (Elysia is a Typescript framework for request validation, type inferenc ...)
-	TODO: check
+	NOT-FOR-US: Elysia
 CVE-2025-66039 (FreePBX Endpoint Manager is a module for managing telephony endpoints  ...)
-	TODO: check
+	NOT-FOR-US: FreePBX Endpoint Manager
 CVE-2025-65513 (fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forge ...)
-	TODO: check
+	NOT-FOR-US: fetch-mcp
 CVE-2025-64899 (Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.0 ...)
 	NOT-FOR-US: Adobe
 CVE-2025-64898 (ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected  ...)
@@ -113,59 +113,59 @@ CVE-2025-13073 (The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 do
 CVE-2025-13072 (The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12952 (A privilege escalation vulnerability exists in Google Cloud's Dialogfl ...)
-	TODO: check
+	NOT-FOR-US: Google Cloud Dialogflow CX
 CVE-2023-53774 (MiniDVBLinux 5.4 contains a remote code execution vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: MiniDVBLinux
 CVE-2023-53773 (MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_a ...)
-	TODO: check
+	NOT-FOR-US: MiniDVBLinux
 CVE-2023-53772 (MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: MiniDVBLinux
 CVE-2023-53771 (MiniDVBLinux 5.4 contains an authentication bypass vulnerability that  ...)
-	TODO: check
+	NOT-FOR-US: MiniDVBLinux
 CVE-2023-53770 (MiniDVBLinux 5.4 contains an unauthenticated configuration download vu ...)
-	TODO: check
+	NOT-FOR-US: MiniDVBLinux
 CVE-2023-53739 (Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenti ...)
-	TODO: check
+	NOT-FOR-US: Tinycontrol LAN Controlle
 CVE-2021-47731 (Selea Targa IP OCR-ANPR Camera contains a hard-coded developer passwor ...)
-	TODO: check
+	NOT-FOR-US: Selea Targa IP OCR-ANPR Camera
 CVE-2021-47730 (Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery v ...)
-	TODO: check
+	NOT-FOR-US: Selea Targa IP OCR-ANPR Camera
 CVE-2021-47729 (Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting  ...)
-	TODO: check
+	NOT-FOR-US: Selea Targa IP OCR-ANPR Camera
 CVE-2021-47728 (Selea Targa IP OCR-ANPR Camera contains an unauthenticated command inj ...)
-	TODO: check
+	NOT-FOR-US: Selea Targa IP OCR-ANPR Camera
 CVE-2021-47727 (Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Selea Targa IP OCR-ANPR Camera
 CVE-2021-47724 (STVS ProVision 5.9.10 contains a path traversal vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: STVS ProVision
 CVE-2021-47723 (STVS ProVision 5.9.10 contains a cross-site request forgery vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: STVS ProVision
 CVE-2021-47719 (COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vu ...)
-	TODO: check
+	NOT-FOR-US: COMMAX WebViewer
 CVE-2021-47718 (OpenBMCS 2.4 contains an information disclosure vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: OpenBMCS
 CVE-2021-47717 (IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumerat ...)
-	TODO: check
+	NOT-FOR-US: IntelliChoice eFORCE Software Suite
 CVE-2021-47710 (COMMAX Smart Home System is a smart IoT home solution that allows an u ...)
-	TODO: check
+	NOT-FOR-US: COMMAX Smart Home System
 CVE-2021-47709 (COMMAX Smart Home System allows an unauthenticated attacker to change  ...)
-	TODO: check
+	NOT-FOR-US: COMMAX Smart Home System
 CVE-2021-47708 (COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: COMMAX Smart Home System
 CVE-2021-47707 (COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credenti ...)
-	TODO: check
+	NOT-FOR-US: COMMAX
 CVE-2021-47706 (COMMAX Biometric Access Control System 1.0.0 contains an authenticatio ...)
-	TODO: check
+	NOT-FOR-US: COMMAX
 CVE-2021-47705 (COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer ...)
-	TODO: check
+	NOT-FOR-US: COMMAX
 CVE-2021-47704 (OpenBMCS 2.4 contains an SQL injection vulnerability that allows authe ...)
-	TODO: check
+	NOT-FOR-US: OpenBMCS
 CVE-2021-47703 (OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allow ...)
-	TODO: check
+	NOT-FOR-US: OpenBMCS
 CVE-2021-47702 (OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to pe ...)
-	TODO: check
+	NOT-FOR-US: OpenBMCS
 CVE-2021-47701 (OpenBMCS 2.4 allows an attacker to escalate privileges from a read use ...)
-	TODO: check
+	NOT-FOR-US: OpenBMCS
 CVE-2025-9638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Portabilis
 CVE-2025-9614 (An issue was discovered in the PCI Express (PCIe) Integrity and Data E ...)
@@ -1134,7 +1134,7 @@ CVE-2025-14286 (A vulnerability was determined in Tenda AC9 15.03.05.14_multi. A
 CVE-2025-14285 (A vulnerability was found in code-projects Employee Profile Management ...)
 	NOT-FOR-US: code-projects
 CVE-2025-14284 (Versions of the package @tiptap/extension-link before 2.10.4 are vulne ...)
-	TODO: check
+	NOT-FOR-US: tiptap/extension-link
 CVE-2025-14276 (A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.e ...)
 	NOT-FOR-US: Ilevia EVE X1 Server
 CVE-2025-13604 (The Login Security, FireWall, Malware removal by CleanTalk plugin for  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffa3ddb0d8f69d628c6c51f03589e6c312ec640d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffa3ddb0d8f69d628c6c51f03589e6c312ec640d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251210/4e2b9e04/attachment.htm>

More information about the debian-security-tracker-commits mailing list