[Git][security-tracker-team/security-tracker][master] Add some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 19 08:28:42 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e963307 by Salvatore Bonaccorso at 2025-12-19T09:27:58+01:00
Add some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,33 +45,33 @@ CVE-2025-68279 (Weblate is a web based localization tool. In versions prior to 5
 CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...)
 	TODO: check
 CVE-2025-67846 (The Deployment Infrastructure in Mintlify Platform before 2025-11-15 a ...)
-	TODO: check
+	NOT-FOR-US: Deployment Infrastructure in Mintlify Platform
 CVE-2025-67845 (A Directory Traversal vulnerability in the Static Asset Proxy Endpoint ...)
-	TODO: check
+	NOT-FOR-US: Mintlify Platform
 CVE-2025-67844 (The GitHub Integration API in Mintlify Platform before 2025-11-15 allo ...)
-	TODO: check
+	NOT-FOR-US: Mintlify Platform
 CVE-2025-67843 (A Server-Side Template Injection (SSTI) vulnerability in the MDX Rende ...)
-	TODO: check
+	NOT-FOR-US: Mintlify Platform
 CVE-2025-67842 (The Static Asset API in Mintlify Platform before 2025-11-15 allows rem ...)
-	TODO: check
+	NOT-FOR-US: Mintlify Platform
 CVE-2025-67653 (Advantech WebAccess/SCADAis vulnerable to directory traversal, which m ...)
 	NOT-FOR-US: Advantech
 CVE-2025-67163 (A stored cross-site scripting (XSS) vulnerability in Simple Machines F ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines Forum
 CVE-2025-66522 (A stored cross-site scripting (XSS) vulnerability exists in the Digita ...)
 	NOT-FOR-US: Foxit
 CVE-2025-66521 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2025-66520 (A stored cross-site scripting (XSS) vulnerability exists in the Portfo ...)
 	NOT-FOR-US: Foxit
 CVE-2025-66519 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2025-66502 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2025-66501 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
 	NOT-FOR-US: Foxit
 CVE-2025-66500 (A stored cross-site scripting (XSS) vulnerability exists in webplugins ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2025-66499 (A heap-based buffer overflow vulnerability exists in the PDF parsing o ...)
 	NOT-FOR-US: Foxit
 CVE-2025-66498 (A memory corruption vulnerability exists in the 3D annotation handling ...)
@@ -91,29 +91,29 @@ CVE-2025-66174 (There is an improper authentication vulnerability in some Hikvis
 CVE-2025-66173 (There is a privilege escalation vulnerability in some Hikvision DVR pr ...)
 	NOT-FOR-US: Hikvision
 CVE-2025-65046 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-65041 (Improper authorization in Microsoft Partner Center allows an unauthori ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-65037 (Improper control of generation of code ('code injection') in Azure Con ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-64677 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-64676 ('.../...//' in Microsoft Purview allows an authorized attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-64675 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-64663 (Custom Question Answering Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-63951 (An insecure deserialization vulnerability exists in the rss-mp3.php sc ...)
-	TODO: check
+	NOT-FOR-US: MiczFlor RPi-Jukebox-RFID project
 CVE-2025-63950 (An insecure deserialization vulnerability exists in the download.php s ...)
-	TODO: check
+	NOT-FOR-US: to3k Twittodon application
 CVE-2025-63949 (A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel ...)
-	TODO: check
+	NOT-FOR-US: yohanawi Hotel Management System
 CVE-2025-63948 (A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the  ...)
-	TODO: check
+	NOT-FOR-US: phpMsAdmin
 CVE-2025-63947 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAd ...)
-	TODO: check
+	NOT-FOR-US: phpMsAdmin
 CVE-2025-62004 (BullWall Server Intrusion Protection services are initialized after lo ...)
 	TODO: check
 CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable delay before the ...)
@@ -147,11 +147,11 @@ CVE-2025-14940 (A vulnerability was determined in code-projects Scholars Trackin
 CVE-2025-14939 (A vulnerability was found in code-projects Online Appointment Booking  ...)
 	NOT-FOR-US: code-projects
 CVE-2025-14910 (A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts th ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2025-14909 (A weakness has been identified in JeecgBoot up to 3.9.0. The impacted  ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2025-14908 (A security flaw has been discovered in JeecgBoot up to 3.9.0. The affe ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2025-14900 (A security vulnerability has been detected in CodeAstro Real Estate Ma ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-14899 (A weakness has been identified in CodeAstro Real Estate Management Sys ...)
@@ -183,7 +183,7 @@ CVE-2025-13911 (The vulnerability affects Ignition SCADA applications where Pyth
 CVE-2025-13754 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13427 (An authentication bypass vulnerability in Google Cloud Dialogflow CX M ...)
-	TODO: check
+	NOT-FOR-US: Google Cloud Dialogflow CX Messenger
 CVE-2025-13307 (The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13008 (An information disclosure vulnerability in M-Files Server before versi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e963307b5bb871e98fb16a16208cfa5c0957e7f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e963307b5bb871e98fb16a16208cfa5c0957e7f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251219/59aed3b6/attachment.htm>

More information about the debian-security-tracker-commits mailing list