[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 24 22:33:24 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9be3c27 by Salvatore Bonaccorso at 2025-12-24T23:32:47+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1124,7 +1124,7 @@ CVE-2019-25245 (Ross Video DashBoard 8.5.1 contains an elevation of privileges v
 CVE-2019-25244 (Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulne ...)
 	NOT-FOR-US: Legrand BTicino Driver Manager F454
 CVE-2019-25243 (FaceSentry 6.4.8 contains an authenticated remote command injection vu ...)
-	TODO: check
+	NOT-FOR-US: FaceSentry
 CVE-2019-25242 (FaceSentry Access Control System 6.4.8 contains a cross-site request f ...)
 	NOT-FOR-US: FaceSentry Access Control System
 CVE-2019-25241 (FaceSentry Access Control System 6.4.8 contains a critical authenticat ...)
@@ -1834,7 +1834,7 @@ CVE-2025-14500 (IceWarp14 X-File-Operation Command Injection Remote Code Executi
 CVE-2025-14499 (IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability ...)
 	NOT-FOR-US: IceWarp
 CVE-2025-14498 (TradingView Desktop Electron Uncontrolled Search Path Local Privilege  ...)
-	TODO: check
+	NOT-FOR-US: TradingView Desktop
 CVE-2025-14497 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
 	NOT-FOR-US: RealDefense
 CVE-2025-14496 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
@@ -1922,33 +1922,33 @@ CVE-2025-13773 (The Print Invoice & Delivery Notes for WooCommerce plugin for Wo
 CVE-2025-13767 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10. ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2025-13716 (Tencent MimicMotion create_pipeline Deserialization of Untrusted Data  ...)
-	TODO: check
+	NOT-FOR-US: Tencent MimicMotion
 CVE-2025-13715 (Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Re ...)
-	TODO: check
+	NOT-FOR-US: Tencent FaceDetection-DSFD
 CVE-2025-13714 (Tencent MedicalNet generate_model Deserialization of Untrusted Data Re ...)
-	TODO: check
+	NOT-FOR-US: Tencent MedicalNet
 CVE-2025-13713 (Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data  ...)
-	TODO: check
+	NOT-FOR-US: Tencent Hunyuan3D-1
 CVE-2025-13712 (Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code ...)
-	TODO: check
+	NOT-FOR-US: Tencent HunyuanDiT
 CVE-2025-13711 (Tencent TFace eval Deserialization of Untrusted Data Remote Code Execu ...)
-	TODO: check
+	NOT-FOR-US: Tencent TFace
 CVE-2025-13710 (Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote ...)
-	TODO: check
+	NOT-FOR-US: Tencent HunyuanVideo
 CVE-2025-13709 (Tencent TFace restore_checkpoint Deserialization of Untrusted Data Rem ...)
-	TODO: check
+	NOT-FOR-US: Tencent TFace
 CVE-2025-13708 (Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of ...)
-	TODO: check
+	NOT-FOR-US: Tencent NeuralNLP-NeuralClassifier
 CVE-2025-13707 (Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remo ...)
-	TODO: check
+	NOT-FOR-US: Tencent HunyuanDiT
 CVE-2025-13706 (Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data ...)
-	TODO: check
+	NOT-FOR-US: Tencent PatrickStar
 CVE-2025-13703 (VIPRE Advanced Security Incorrect Permission Assignment Local Privileg ...)
-	TODO: check
+	NOT-FOR-US: VIPRE
 CVE-2025-13700 (DreamFactory saveZipFile Command Injection Remote Code Execution Vulne ...)
-	TODO: check
+	NOT-FOR-US: DreamFactory
 CVE-2025-13698 (Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary ...)
-	TODO: check
+	NOT-FOR-US: OPNsense
 CVE-2025-13407 (The Gravity Forms WordPress plugin before 2.9.23.1 does not properly p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12840 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
@@ -1960,15 +1960,15 @@ CVE-2025-12839 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-990/
 	TODO: check details
 CVE-2025-12838 (MSP360 Free Backup Link Following Local Privilege Escalation Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: MSP360
 CVE-2025-12495 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
 	- openexr <unfixed>
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-989/
 	TODO: check details
 CVE-2025-12491 (Senstar Symphony FetchStoredLicense Information Disclosure Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Senstar Symphony
 CVE-2024-58335 (OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XX ...)
-	TODO: check
+	NOT-FOR-US: OpenXRechnungToolbox
 CVE-2025-68561 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68560 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9be3c27bb5ec2e7b594e84f9c9549266b6061ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9be3c27bb5ec2e7b594e84f9c9549266b6061ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251224/e3548161/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list