[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd0b5dec by Salvatore Bonaccorso at 2025-12-31T21:22:39+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2025-66145 (Missing Authorization vulnerability in merkulove Worker for WPBa
 CVE-2025-66144 (Missing Authorization vulnerability in merkulove Worker for Elementor  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64699 (An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC200 ...)
-	TODO: check
+	NOT-FOR-US: SevenCs ORCA G2
 CVE-2025-63053 (Authorization Bypass Through User-Controlled Key vulnerability in Jewe ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63040 (Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Sni ...)
@@ -217,7 +217,7 @@ CVE-2025-62079 (Missing Authorization vulnerability in Damian WP Export Categori
 CVE-2025-62078 (Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-61037 (A local privilege escalation vulnerability exists in SevenCs ORCA G2 2 ...)
-	TODO: check
+	NOT-FOR-US: SevenCs ORCA G2
 CVE-2025-59138 (Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy all ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-59136 (Insertion of Sensitive Information Into Sent Data vulnerability in Ef\ ...)
@@ -255,7 +255,7 @@ CVE-2025-49028 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoh
 CVE-2025-34468 (libcoap versions up to and including 4.3.5, prior to commit 30db3ea, c ...)
 	TODO: check
 CVE-2025-34467 (ZwiiCMSversions prior to13.7.00 contain a denial-of-service vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: ZwiiCMS
 CVE-2025-23757 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-23719 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -269,45 +269,45 @@ CVE-2025-23667 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-23608 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-15394 (A vulnerability was detected in iCMS up to 8.0.0. Affected is the func ...)
-	TODO: check
+	NOT-FOR-US: iCMS
 CVE-2025-15393 (A security vulnerability has been detected in Kohana KodiCMS up to 13. ...)
-	TODO: check
+	NOT-FOR-US: Kohana KodiCMS
 CVE-2025-15392 (A weakness has been identified in Kohana KodiCMS up to 13.82.135. This ...)
-	TODO: check
+	NOT-FOR-US: Kohana KodiCMS
 CVE-2025-15391 (A weakness has been identified in D-Link DIR-806A 100CNb11. Affected i ...)
 	NOT-FOR-US: D-Link
 CVE-2025-15390 (A security flaw has been discovered in PHPGurukul Small CRM 4.0. This  ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-15389 (VPN Firewall developed by QNO Technology has an OS Command Injection v ...)
-	TODO: check
+	NOT-FOR-US: QNO Technology
 CVE-2025-15388 (VPN Firewall developed by QNO Technology has an OS Command Injection v ...)
-	TODO: check
+	NOT-FOR-US: QNO Technology
 CVE-2025-15387 (VPN Firewall developed by QNO Technology has a Insufficient Entropy vu ...)
-	TODO: check
+	NOT-FOR-US: QNO Technology
 CVE-2021-47747 (meterN 1.2.3 contains an authenticated remote code execution vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: meterN
 CVE-2021-47745 (Cypress Solutions CTM-200 2.7.1 contains an authenticated command inje ...)
-	TODO: check
+	NOT-FOR-US: Cypress Solutions CTM-200
 CVE-2021-47744 (Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credential ...)
-	TODO: check
+	NOT-FOR-US: Cypress Solutions CTM-200/CTM-ONE
 CVE-2021-47743 (COMMAX Biometric Access Control System 1.0.0 contains an unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: COMMAX Biometric Access Control System
 CVE-2021-47742 (Epic Games Psyonix Rocket League <=1.95 contains an insecure permissio ...)
-	TODO: check
+	NOT-FOR-US: Epic Games Psyonix Rocket League
 CVE-2021-47741 (ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation ...)
-	TODO: check
+	NOT-FOR-US: ZBL EPON ONU Broadband Router V100R001
 CVE-2021-47740 (KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerab ...)
-	TODO: check
+	NOT-FOR-US: KZTech JT3500V 4G LTE CPE
 CVE-2021-47726 (NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vuln ...)
-	TODO: check
+	NOT-FOR-US: NuCom 11N Wireless Router
 CVE-2021-47725 (STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: STVS ProVision
 CVE-2020-36904 (Selea CarPlateServer 4.0.1.6 contains a remote program execution vulne ...)
-	TODO: check
+	NOT-FOR-US: Selea CarPlateServer
 CVE-2020-36903 (Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnera ...)
-	TODO: check
+	NOT-FOR-US: Selea CarPlateServer
 CVE-2019-25262 (A security vulnerability has been detected in elinicksic Razgover up t ...)
-	TODO: check
+	NOT-FOR-US: elinicksic Razgover
 CVE-2025-69277 (libsodium before ad3004e, in atypical use cases involving certain cust ...)
 	- libsodium <unfixed> (bug #1124375)
 	NOTE: https://00f.net/2025/12/30/libsodium-vulnerability/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd0b5dec5496f54d1b2dad73b36755eabbe7324c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd0b5dec5496f54d1b2dad73b36755eabbe7324c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251231/5951c586/attachment-0001.htm>