[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 17 07:42:57 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
946591f1 by Salvatore Bonaccorso at 2025-12-17T08:42:32+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1062,29 +1062,29 @@ CVE-2025-14780 (A vulnerability was detected in Xiongwei Smart Catering Cloud Pl
 CVE-2025-14777 (A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerab ...)
 	- keycloak <itp> (bug #1088287)
 CVE-2025-14758 (Incorrect configuration of replication security in the MariaDB compone ...)
-	TODO: check
+	NOT-FOR-US: YAOOK Operator
 CVE-2025-14749 (A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impa ...)
-	TODO: check
+	NOT-FOR-US: Ningyuanda TC155
 CVE-2025-14748 (A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affe ...)
-	TODO: check
+	NOT-FOR-US: Ningyuanda TC155
 CVE-2025-14747 (A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted e ...)
-	TODO: check
+	NOT-FOR-US: Ningyuanda TC155
 CVE-2025-14746 (A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affec ...)
-	TODO: check
+	NOT-FOR-US: Ningyuanda TC155
 CVE-2025-14731 (A weakness has been identified in CTCMS Content Management System up t ...)
-	TODO: check
+	NOT-FOR-US: CTCMS Content Management System
 CVE-2025-14730 (A security flaw has been discovered in CTCMS Content Management System ...)
-	TODO: check
+	NOT-FOR-US: CTCMS Content Management System
 CVE-2025-14729 (A vulnerability was identified in CTCMS Content Management System up t ...)
-	TODO: check
+	NOT-FOR-US: CTCMS Content Management System
 CVE-2025-14722 (A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537 ...)
-	TODO: check
+	NOT-FOR-US: vion707 DMadmin
 CVE-2025-14593 (A maliciously crafted CATPART file, when parsed through certain Autode ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-14553 (Exposure of password hashes through an unauthenticated API response in ...)
 	NOT-FOR-US: TP-Link
 CVE-2025-14443 (A flaw was found in ose-openshift-apiserver. This vulnerability allows ...)
-	TODO: check
+	NOT-FOR-US: ose-openshift-apiserver
 CVE-2025-14432 (In limited scenarios, sensitive data might be written to the log file  ...)
 	NOT-FOR-US: HP
 CVE-2025-14252 (An Improper Access Control vulnerability in Advantech SUSI driver (sus ...)
@@ -1100,7 +1100,7 @@ CVE-2025-13741 (The Schedule Post Changes With PublishPress Future: Unpublish, D
 CVE-2025-13532 (Insecure defaults in the Server Agent component of Fortra's Core Privi ...)
 	NOT-FOR-US: Fortra
 CVE-2025-13474 (Authorization Bypass Through User-Controlled Key vulnerability in Menu ...)
-	TODO: check
+	NOT-FOR-US: Menulux Mobile App
 CVE-2025-13439 (The Fancy Product Designer plugin for WordPress is vulnerable to Infor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13231 (The Fancy Product Designer plugin for WordPress is vulnerable to Serve ...)
@@ -1136,83 +1136,83 @@ CVE-2025-10881 (A maliciously crafted CATPRODUCT file, when parsed through certa
 CVE-2025-10450 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
 	NOT-FOR-US: RTI Connext
 CVE-2025-0836 (Missing Authorization vulnerability in Milestone Systems XProtect VMS  ...)
-	TODO: check
+	NOT-FOR-US: Milestone Systems
 CVE-2023-53903 (WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WebsiteBaker
 CVE-2023-53902 (WebsiteBaker 2.13.3 contains a directory traversal vulnerability that  ...)
-	TODO: check
+	NOT-FOR-US: WebsiteBaker
 CVE-2023-53901 (WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allo ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2023-53900 (Spip 4.1.10 contains a file upload vulnerability that allows attackers ...)
 	TODO: check
 CVE-2023-53899 (PodcastGenerator 3.2.9 contains a blind server-side request forgery vu ...)
-	TODO: check
+	NOT-FOR-US: PodcastGenerator
 CVE-2023-53898 (Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabiliti ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2023-53897 (Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulner ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2023-53896 (D-Link DAP-1325 firmware version 1.01 contains a broken access control ...)
 	NOT-FOR-US: D-Link
 CVE-2023-53895 (PimpMyLog 1.7.14 contains an improper access control vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: PimpMyLog
 CVE-2023-53894 (phpfm 1.7.9 contains an authentication bypass vulnerability that allow ...)
-	TODO: check
+	NOT-FOR-US: PHPFM
 CVE-2023-53893 (Ateme TITAN File 3.9.12.4 contains an authenticated server-side reques ...)
-	TODO: check
+	NOT-FOR-US: Ateme TITAN File
 CVE-2023-53892 (Blackcat CMS 1.4 contains a remote code execution vulnerability that a ...)
-	TODO: check
+	NOT-FOR-US: Blackcat CMS
 CVE-2023-53891 (Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Blackcat CMS
 CVE-2023-53890 (Perch CMS 3.2 contains a stored cross-site scripting vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: Perch CMS
 CVE-2023-53889 (Perch CMS 3.2 contains a remote code execution vulnerability that allo ...)
-	TODO: check
+	NOT-FOR-US: Perch CMS
 CVE-2023-53888 (Zomplog 3.9 contains a remote code execution vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Zomplog
 CVE-2023-53887 (Zomplog 3.9 contains a cross-site scripting vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: Zomplog
 CVE-2023-53886 (Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Xlight FTP Server
 CVE-2023-53885 (Webutler v3.2 contains a remote code execution vulnerability that allo ...)
-	TODO: check
+	NOT-FOR-US: Webutler
 CVE-2023-53884 (Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnera ...)
-	TODO: check
+	NOT-FOR-US: Webedition CMS
 CVE-2023-53883 (Webedition CMS v2.9.8.8 contains a remote code execution vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Webedition CMS
 CVE-2023-53882 (JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnera ...)
-	TODO: check
+	NOT-FOR-US: JLex GuestBook
 CVE-2023-53881 (ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerab ...)
-	TODO: check
+	NOT-FOR-US: ReyeeOS
 CVE-2023-53880 (Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Lucee
 CVE-2023-53879 (NVClient 5.0 contains a stack buffer overflow vulnerability in the use ...)
 	TODO: check
 CVE-2023-53878 (Member Login Script 3.3 contains a client-side desynchronization vulne ...)
-	TODO: check
+	NOT-FOR-US: Member Login Script
 CVE-2023-53877 (Bus Reservation System 1.1 contains a SQL injection vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Bus Reservation System
 CVE-2023-53876 (Academy LMS 6.1 contains a file upload vulnerability that allows authe ...)
-	TODO: check
+	NOT-FOR-US: Academy LMS
 CVE-2023-53875 (GOM Player 2.3.90.5360 contains a remote code execution vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: GOM Player
 CVE-2023-53874 (GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: GOM Player
 CVE-2023-53873 (SyncBreeze 15.2.24 contains a denial of service vulnerability in the l ...)
-	TODO: check
+	NOT-FOR-US: SyncBreeze
 CVE-2023-53872 (Wp2Fac 1.0 contains an OS command injection vulnerability in the send. ...)
-	TODO: check
+	NOT-FOR-US: Wp2Fac
 CVE-2023-53871 (Soosyze 2.0.0 contains a file upload vulnerability that allows attacke ...)
-	TODO: check
+	NOT-FOR-US: Soosyze
 CVE-2023-53870 (Jorani 1.0.3 contains a reflected cross-site scripting vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Jorani
 CVE-2023-53869 (WEBIGniter 28.7.23 contains a file upload vulnerability that allows au ...)
-	TODO: check
+	NOT-FOR-US: WEBIGniter
 CVE-2023-53868 (Coppermine Gallery 1.6.25 contains a remote code execution vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Gallery
 CVE-2023-38913 (SQL injection vulnerability in anirbandutta9 NEWS-BUZZ v.1.0 allows a  ...)
-	TODO: check
+	NOT-FOR-US: anirbandutta9 NEWS-BUZZ
 CVE-2023-36338 (Inventory Management System 1 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Inventory Management System
 CVE-2025-14282 [privilege escalation via unix stream socket forwarding]
 	- dropbear 2025.89-1 (bug #1123069)
 	[bookworm] - dropbear <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946591f16da7718895e81d3ca4fc63a0a7188ae6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946591f16da7718895e81d3ca4fc63a0a7188ae6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/500c06a9/attachment.htm>

More information about the debian-security-tracker-commits mailing list