[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 29 20:42:22 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e15265f1 by Salvatore Bonaccorso at 2025-12-29T21:41:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,47 +59,47 @@ CVE-2025-66862 (A buffer overflow vulnerability in function gnu_special in file
 CVE-2025-66861 (An issue was discovered in function d_unqualified_name in file cp-dema ...)
 	TODO: check
 CVE-2025-65570 (A type confusion in jsish 2.0 allows incorrect control flow during exe ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2025-65442 (DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel  ...)
-	TODO: check
+	NOT-FOR-US: 201206030 novel
 CVE-2025-60458 (UxPlay 1.72 contains a double free vulnerability in its RTSP request h ...)
 	- uxplay <unfixed>
 	NOTE: https://github.com/0pepsi/CVE-2025-60458
 	TODO: check upstream status, possibly not reported
 CVE-2025-57462 (Reflected Cross site scripting (xss) in machsol machpanel 8.0.32 allow ...)
-	TODO: check
+	NOT-FOR-US: machsol machpanel
 CVE-2025-57460 (File upload vulnerability in machsol machpanel 8.0.32 allows attacker  ...)
-	TODO: check
+	NOT-FOR-US: machsol machpanel
 CVE-2025-56333 (An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remot ...)
-	TODO: check
+	NOT-FOR-US: Fossorial fosrl/pangolin
 CVE-2025-55064 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
-	TODO: check
+	NOT-FOR-US: Priority Web
 CVE-2025-55063 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
-	TODO: check
+	NOT-FOR-US: Priority Web
 CVE-2025-55062 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
-	TODO: check
+	NOT-FOR-US: Priority Web
 CVE-2025-55061 (CWE-434 Unrestricted Upload of File with Dangerous Type)
-	TODO: check
+	NOT-FOR-US: Priority Web
 CVE-2025-55060 (CWE-601 URL Redirection to Untrusted Site ('Open Redirect'))
-	TODO: check
+	NOT-FOR-US: Priority Web
 CVE-2025-53627 (Meshtastic is an open source mesh networking solution. The Meshtastic  ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic
 CVE-2025-15202 (A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This  ...)
-	TODO: check
+	NOT-FOR-US: SohuTV CacheCloud
 CVE-2025-15201 (A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted e ...)
-	TODO: check
+	NOT-FOR-US: SohuTV CacheCloud
 CVE-2025-15200 (A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The aff ...)
-	TODO: check
+	NOT-FOR-US: SohuTV CacheCloud
 CVE-2025-15199 (A security vulnerability has been detected in code-projects College No ...)
 	NOT-FOR-US: code-projects
 CVE-2025-15198 (A weakness has been identified in code-projects College Notes Uploadin ...)
 	NOT-FOR-US: code-projects
 CVE-2025-15197 (A security flaw has been discovered in code-projects/anirbandutta9 Con ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-15196 (A vulnerability was identified in code-projects Assessment Management  ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-15195 (A vulnerability was determined in code-projects Assessment Management  ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-15194 (A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected  ...)
 	NOT-FOR-US: D-Link
 CVE-2025-15193 (A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This aff ...)
@@ -115,7 +115,7 @@ CVE-2025-15189 (A vulnerability was identified in D-Link DWR-M920 up to 1.1.50.
 CVE-2025-15188 (A vulnerability was determined in Campcodes Complete Online Beauty Par ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-15187 (A vulnerability was found in GreenCMS up to 2.3. This affects an unkno ...)
-	TODO: check
+	NOT-FOR-US: GreenCMS
 CVE-2025-15186 (A vulnerability has been found in code-projects Refugee Food Managemen ...)
 	NOT-FOR-US: code-projects
 CVE-2025-15185 (A flaw has been found in code-projects Refugee Food Management System  ...)
@@ -131,7 +131,7 @@ CVE-2025-15181 (A security flaw has been discovered in code-projects Refugee Foo
 CVE-2025-15180 (A vulnerability was identified in Tenda WH450 1.0.0.18. The affected e ...)
 	NOT-FOR-US: Tenda
 CVE-2025-14728 (Rapid7 Velociraptor versions before 0.75.6 contain a directory travers ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 Velociraptor
 CVE-2025-14280 (The PixelYourSite plugin for WordPress is vulnerable to Sensitive Info ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14175 (A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows th ...)
@@ -141,7 +141,7 @@ CVE-2025-13592 (The Advanced Ads plugin for WordPress is vulnerable to Remote Co
 CVE-2024-30855 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...)
 	NOT-FOR-US: DedeCMS
 CVE-2024-25181 (A critical vulnerability has been identified in givanz VvvebJs 1.7.2,  ...)
-	TODO: check
+	NOT-FOR-US: givanz VvvebJs
 CVE-2025-52691 (Successful exploitation of the vulnerability could allow an unauthenti ...)
 	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2025-15228 (BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Up ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e15265f109d200c40f27afc9a33e9958ab6cb0fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e15265f109d200c40f27afc9a33e9958ab6cb0fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251229/94ec01dc/attachment.htm>

More information about the debian-security-tracker-commits mailing list