[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 23 21:20:51 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5eb66ef3 by Salvatore Bonaccorso at 2025-12-23T22:20:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,7 +40,7 @@ CVE-2025-65354 (Improper input handling in /Grocery/search_products_itname.php i
 CVE-2025-59886 (Improper input validation at one of the endpoints of Eaton xComfort EC ...)
 	NOT-FOR-US: Eaton
 CVE-2025-51511 (Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Cadmium CMS
 CVE-2025-50526 (Netgear EX8000 V1.0.0.126 was discovered to contain a command injectio ...)
 	NOT-FOR-US: Netgear
 CVE-2025-48864
@@ -60,7 +60,7 @@ CVE-2025-29229 (linksys E5600 V1.1.0.26 is vulnerable to command injection in th
 CVE-2025-29228 (Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runt ...)
 	NOT-FOR-US: Linksys
 CVE-2025-25364 (A command injection vulnerability in the me.connectify.SMJobBlessHelpe ...)
-	TODO: check
+	NOT-FOR-US: Speedify VPN
 CVE-2025-14635 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14548 (The Calendar plugin for WordPress is vulnerable to Stored Cross-Site S ...)
@@ -74,7 +74,7 @@ CVE-2025-14155 (The Premium Addons for Elementor \u2013 Powerful Elementor Templ
 CVE-2025-14000 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13183 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Otello
 CVE-2025-13074
 	REJECTED
 CVE-2025-12934 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
@@ -82,9 +82,9 @@ CVE-2025-12934 (The Beaver Builder \u2013 WordPress Page Builder plugin for Word
 CVE-2025-10863
 	REJECTED
 CVE-2024-9684 (FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: FreyrSCADA/IEC-60870-5-104 server
 CVE-2024-57521 (SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remot ...)
-	TODO: check
+	NOT-FOR-US: RuoYi
 CVE-2024-24844 (Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2024-10398
@@ -96,33 +96,33 @@ CVE-2023-5093
 CVE-2023-5092
 	REJECTED
 CVE-2023-53982 (PMB 7.4.6 contains a SQL injection vulnerability in the storage parame ...)
-	TODO: check
+	NOT-FOR-US: PMB
 CVE-2023-52210 (Vulnerability in Tyche softwares Product Delivery Date for WooCommerce ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2021-47739 (Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulne ...)
 	TODO: check
 CVE-2021-47738 (CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability ...)
-	TODO: check
+	NOT-FOR-US: CSZ CMS
 CVE-2021-47737 (CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows aut ...)
-	TODO: check
+	NOT-FOR-US: CSZ CMS
 CVE-2021-47736 (CMSimple_XH 1.7.4 contains an authenticated remote code execution vuln ...)
-	TODO: check
+	NOT-FOR-US: CMSimple_XH
 CVE-2021-47735 (CMSimple 5.4 contains an authenticated remote code execution vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2021-47734 (CMSimple 5.4 contains an authenticated local file inclusion vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2021-47733 (CMSimple 5.4 contains a cross-site scripting vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2021-47732 (CMSimple 5.2 contains a stored cross-site scripting vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2021-47722 (Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site reques ...)
-	TODO: check
+	NOT-FOR-US: Zucchetti Axess CLOKI Access Control
 CVE-2021-47721 (Orangescrum 1.8.0 contains a privilege escalation vulnerability that a ...)
-	TODO: check
+	NOT-FOR-US: OrangeScrum
 CVE-2021-47720 (Orangescrum 1.8.0 contains an authenticated SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OrangeScrum
 CVE-2021-47716 (Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabiliti ...)
-	TODO: check
+	NOT-FOR-US: OrangeScrum
 CVE-2025-68343 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.17.11-1
 	NOTE: https://git.kernel.org/linus/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf (6.18)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5eb66ef365cb119f0a743357632e5925d9fecdbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5eb66ef365cb119f0a743357632e5925d9fecdbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251223/1c75b7ad/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list