[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 10 21:46:54 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41280500 by Salvatore Bonaccorso at 2025-12-10T22:46:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,13 +43,13 @@ CVE-2025-65803 (An integer overflow in the psdParser::ReadImageData function of
 	NOTE: https://gist.github.com/1mxml/cabd6d972557d9d992fe5f4f6ca1dd87
 	TODO: check upstream details/report
 CVE-2025-65792 (DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.)
-	TODO: check
+	NOT-FOR-US: DataGear
 CVE-2025-65754 (Cross Site Scripting vulnerability in Algernon v1.17.4 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: xyproto/algernon
 CVE-2025-65602 (A template injection vulnerability in the /vip/v1/file/save component  ...)
-	TODO: check
+	NOT-FOR-US: ChanCMS
 CVE-2025-65199 (A command injection vulnerability exists in Windscribe for Linux Deskt ...)
-	TODO: check
+	NOT-FOR-US: Windscribe for Linux Desktop App
 CVE-2025-64888 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2025-64887 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
@@ -281,29 +281,29 @@ CVE-2025-64538 (Adobe Experience Manager versions 6.5.23 and earlier are affecte
 CVE-2025-64537 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2025-63895 (An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Di ...)
-	TODO: check
+	NOT-FOR-US: Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android
 CVE-2025-63094 (XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use sp ...)
-	TODO: check
+	NOT-FOR-US: XiangShan
 CVE-2025-5467 (It was discovered that process_crash() in data/apport in Canonical's A ...)
-	TODO: check
+	NOT-FOR-US: Apport
 CVE-2025-56431 (Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v ...)
-	TODO: check
+	NOT-FOR-US: Fearless Geek Media FearlessCMS
 CVE-2025-56430 (Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v ...)
-	TODO: check
+	NOT-FOR-US: Fearless Geek Media FearlessCMS
 CVE-2025-56429 (Cross Site Scripting vulnerability in Fearless Geek Media FearlessCMS  ...)
-	TODO: check
+	NOT-FOR-US: Fearless Geek Media FearlessCMS
 CVE-2025-52493 (PagerDuty Runbook through 2025-06-12 exposes stored secrets directly i ...)
-	TODO: check
+	NOT-FOR-US: PagerDuty Runbook
 CVE-2025-41732 (An unauthenticated remote attacker can abuse unsafe sscanf calls withi ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2025-41730 (An unauthenticated remote attacker can abuse unsafe sscanf calls withi ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2025-41358 (Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in ve ...)
-	TODO: check
+	NOT-FOR-US: i2A CronosWeb
 CVE-2025-34430 (1Panel versions 1.10.33 through 2.0.15 contain a cross-site request fo ...)
-	TODO: check
+	NOT-FOR-US: 1Panel
 CVE-2025-34429 (1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery  ...)
-	TODO: check
+	NOT-FOR-US: 1Panel
 CVE-2025-34428 (MailEnable versions prior to 10.54 contain a cleartext storage of cred ...)
 	NOT-FOR-US: MailEnable
 CVE-2025-34427 (MailEnable versions prior to 10.54 contain a cleartext storage of cred ...)
@@ -327,45 +327,45 @@ CVE-2025-34417 (MailEnable versions prior to 10.54 contain an unsafe DLL loading
 CVE-2025-34416 (MailEnable versions prior to 10.54 contain an unsafe DLL loading vulne ...)
 	NOT-FOR-US: MailEnable
 CVE-2025-34410 (1Panel versions 1.10.33 -2.0.15 contain a cross-site request forgery ( ...)
-	TODO: check
+	NOT-FOR-US: 1Panel
 CVE-2025-34395 (Barracuda Service Center, as implemented in the RMM solution, in versi ...)
-	TODO: check
+	NOT-FOR-US: Barracuda Service Center
 CVE-2025-34394 (Barracuda Service Center, as implemented in the RMM solution, in versi ...)
-	TODO: check
+	NOT-FOR-US: Barracuda Service Center
 CVE-2025-34393 (Barracuda Service Center, as implemented in the RMM solution, in versi ...)
-	TODO: check
+	NOT-FOR-US: Barracuda Service Center
 CVE-2025-34392 (Barracuda Service Center, as implemented in the RMM solution, in versi ...)
-	TODO: check
+	NOT-FOR-US: Barracuda Service Center
 CVE-2025-1161 (Incorrect Use of Privileged APIs vulnerability in NomySoft Information ...)
-	TODO: check
+	NOT-FOR-US: Nomysem
 CVE-2025-14390 (The Video Merchant plugin for WordPress is vulnerable to Cross-Site Re ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14082 (A flaw was found in Keycloak Admin REST (Representational State Transf ...)
 	TODO: check
 CVE-2025-13955 (Predictable default Wi-Fi Password in Access Point functionality inEZC ...)
-	TODO: check
+	NOT-FOR-US: EZCast Pro II
 CVE-2025-13954 (Hard-coded cryptographic keys in Admin UI of EZCast Pro II version 1.1 ...)
-	TODO: check
+	NOT-FOR-US: EZCast Pro II
 CVE-2025-13953 (Bypass vulnerability in the authentication method in the GTT Tax Infor ...)
-	TODO: check
+	NOT-FOR-US: GTT Tax Information System application
 CVE-2025-13607 (A malicious actor can access camera configuration information, includi ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-13184 (Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leadin ...)
-	TODO: check
+	NOT-FOR-US: Toto Link
 CVE-2025-13155 (An improper permissions vulnerability was reported in Lenovo Baiying C ...)
 	NOT-FOR-US: Lenovo
 CVE-2025-13152 (A potential DLL hijacking vulnerability was reported in Lenovo One Cli ...)
 	NOT-FOR-US: Lenovo
 CVE-2025-13127 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: GoldenHorn
 CVE-2025-13125 (Authorization Bypass Through User-Controlled Key vulnerability in Im P ...)
-	TODO: check
+	NOT-FOR-US: DijiDemi
 CVE-2025-12046 (A DLL hijacking vulnerability was reported in the Lenovo App Store and ...)
 	NOT-FOR-US: Lenovo
 CVE-2024-2105 (An unauthorised attacker within bluetooth range may use an improper va ...)
-	TODO: check
+	NOT-FOR-US: JBL
 CVE-2024-2104 (Due to improper BLE security configurations on the device's GATT serve ...)
-	TODO: check
+	NOT-FOR-US: JBL
 CVE-2025-66003
 	- smb4k <unfixed> (bug #1122381)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/12/10/6



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4128050038f57cad71a9622b24d89b9bd361df7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4128050038f57cad71a9622b24d89b9bd361df7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251210/510ec63c/attachment.htm>

More information about the debian-security-tracker-commits mailing list