[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 12 09:29:14 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8370bdb by Salvatore Bonaccorso at 2025-12-12T10:28:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,41 +67,41 @@ CVE-2025-64702 (quic-go is an implementation of the QUIC protocol in Go. Version
 	NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6
 	NOTE: Fixed by: https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8 (v0.57.0)
 CVE-2025-62192 (SQL Injection vulnerability exists in GroupSession Free edition prior  ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2025-61987 (GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prio ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2025-61950 (In GroupSession, a Circular notice can be created with its memo field  ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2025-58576 (Cross-site request forgery vulnerability exists in GroupSession Free e ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2025-57883 (Reflected cross-site scripting vulnerability exists in GroupSession Fr ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2025-55816 (HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XS ...)
 	- hoteldruid <unfixed>
 	[bookworm] - hoteldruid <no-dsa> (Minor issue)
 	NOTE: https://www.partywave.site/show/research/cve-2025-55816-xss-and-raptx
 CVE-2025-55184 (A pre-authentication denial of service vulnerability exists in React S ...)
-	TODO: check
+	NOT-FOR-US: React Server Components
 CVE-2025-55183 (An information leak vulnerability exists in specific configurations of ...)
-	TODO: check
+	NOT-FOR-US: React Server Components
 CVE-2025-54407 (Stored cross-site scripting vulnerability exists in GroupSession Free  ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2025-53523 (Stored cross-site scripting vulnerabilities exist in GroupSession Free ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2025-4970 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-34506 (WBCE CMS version 1.6.3 and prior contains an authenticated remote code ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2025-34504 (KodExplorer 4.52 contains an open redirect vulnerability in the user l ...)
-	TODO: check
+	NOT-FOR-US: KodExplorer
 CVE-2025-34499 (AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: AnyDesk
 CVE-2025-14538 (A security vulnerability has been detected in yangshare warehouseManag ...)
-	TODO: check
+	NOT-FOR-US: yangshare warehouseManager
 CVE-2025-14537 (A weakness has been identified in code-projects Class and Exam Timetab ...)
-	TODO: check
+	NOT-FOR-US: code-projects Class and Exam Timetable Management
 CVE-2025-14536 (A security flaw has been discovered in code-projects Class and Exam Ti ...)
-	TODO: check
+	NOT-FOR-US: code-projects Class and Exam Timetable Management
 CVE-2025-14467 (The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14393 (The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable  ...)
@@ -219,17 +219,17 @@ CVE-2025-13839 (The LJUsers plugin for WordPress is vulnerable to Stored Cross-S
 CVE-2025-13747 (The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13670 (The High Level Synthesis Compiler i++ command for Windows is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: Altera High Level Synthesis Compiler i++
 CVE-2025-13669 (Uncontrolled Search Path Element vulnerability in Altera High Level Sy ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-13668 (A potential security vulnerability in Quartus\xae Prime Pro Edition De ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-13665 (The System Console Utility for Windows is vulnerable to a DLL planting ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-13664 (A potential security vulnerability in Quartus\xae Prime Standard Editi ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-13663 (Under certain circumstances, the Quartus Prime Pro Installer for Windo ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-13660 (The Guest Support plugin for WordPress is vulnerable to User Email Dis ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13440 (The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnera ...)
@@ -279,55 +279,55 @@ CVE-2025-10583 (The WP Fastest Cache plugin for WordPress is vulnerable to Serve
 CVE-2025-10451 (Unchecked output buffer may allowed arbitrary code execution in SMM an ...)
 	NOT-FOR-US: Insyde
 CVE-2024-58313 (xbtitFM 4.1.18 contains an insecure file upload vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: xbtitFM
 CVE-2024-58312 (xbtitFM 4.1.18 contains a path traversal vulnerability that allows una ...)
-	TODO: check
+	NOT-FOR-US: xbtitFM
 CVE-2024-58310 (APC Network Management Card 4 contains a path traversal vulnerability  ...)
 	TODO: check
 CVE-2024-58309 (xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: xbtitFM
 CVE-2024-58308 (Quick.CMS 6.7 contains a SQL injection vulnerability that allows unaut ...)
-	TODO: check
+	NOT-FOR-US: Quick.CMS
 CVE-2024-58307 (CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: CSZCMS
 CVE-2024-58306 (minaliC 2.0.0 contains a denial of service vulnerability that allows r ...)
-	TODO: check
+	NOT-FOR-US: MinaliC
 CVE-2024-58304 (SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: SPA-CART CMS
 CVE-2024-58303 (FoF Pretty Mail 1.1.2 contains a server-side template injection vulner ...)
-	TODO: check
+	NOT-FOR-US: FoF Pretty Mail
 CVE-2024-58302 (FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: FoF Pretty Mail
 CVE-2024-58301 (Purei CMS 1.0 contains a time-based blind SQL injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Purei CMS
 CVE-2024-58300 (Siklu MultiHaul TG series devices before version 2.0.0 contain an unau ...)
-	TODO: check
+	NOT-FOR-US: Siklu MultiHaul TG series devices
 CVE-2024-58298 (Compuware iStrobe Web 20.13 contains a pre-authentication remote code  ...)
-	TODO: check
+	NOT-FOR-US: Compuware iStrobe Web
 CVE-2024-58297 (PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PyroCMS
 CVE-2024-58296 (CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability ...)
-	TODO: check
+	NOT-FOR-US: CE Phoenix
 CVE-2024-58295 (ElkArte Forum 1.1.9 contains a remote code execution vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: ElkArte Forum
 CVE-2024-58294 (FreePBX 16 contains an authenticated remote code execution vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2024-58293 (Akaunting 3.1.8 contains a server-side template injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2024-58292 (XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnera ...)
-	TODO: check
+	NOT-FOR-US: XMB Forum
 CVE-2024-58291 (Flatboard 3.2 contains a stored cross-site scripting vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: Flatboard
 CVE-2024-58290 (Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Xhibiter NFT Marketplace
 CVE-2024-58289 (Microweber 2.0.15 contains a stored cross-site scripting vulnerability ...)
-	TODO: check
+	NOT-FOR-US: microweber
 CVE-2024-58288 (Genexus Protection Server 9.7.2.10 contains an unquoted service path v ...)
-	TODO: check
+	NOT-FOR-US: Genexus Protection Server
 CVE-2024-58287 (reNgine 2.2.0 contains a command injection vulnerability in the nmap_c ...)
-	TODO: check
+	NOT-FOR-US: reNgine
 CVE-2024-58286 (dizqueTV 1.5.3 contains a remote code execution vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: dizqueTV
 CVE-2025-67742 (In JetBrains TeamCity before 2025.11 path traversal was possible via f ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-67741 (In JetBrains TeamCity before 2025.11 stored XSS was possible via sessi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8370bdbe7e2de4574606a0eec05c171d0c61927

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8370bdbe7e2de4574606a0eec05c171d0c61927
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251212/c1a3c8c0/attachment.htm>

More information about the debian-security-tracker-commits mailing list