[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 4 20:41:13 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60da257e by Salvatore Bonaccorso at 2025-11-04T21:40:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14,77 +14,77 @@ CVE-2025-64319 (Incorrect Permission Assignment for Critical Resource vulnerabil
 CVE-2025-64318 (Improper Neutralization of Input Used for LLM Prompting vulnerability  ...)
 	NOT-FOR-US: Salesforce
 CVE-2025-63294 (WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Inse ...)
-	TODO: check
+	NOT-FOR-US: WorkDo HRM SaaS HR and Payroll Tool
 CVE-2025-61956 (Radiometrics VizAir is vulnerable to a lack of authentication mechanis ...)
-	TODO: check
+	NOT-FOR-US: Radiometrics VizAir
 CVE-2025-61945 (Radiometrics VizAir is vulnerable to any remote attacker via access to ...)
-	TODO: check
+	NOT-FOR-US: Radiometrics VizAir
 CVE-2025-61431 (A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_f ...)
-	TODO: check
+	NOT-FOR-US: Zucchetti
 CVE-2025-60925 (codeshare v1.0.0 was discovered to contain an information leakage vuln ...)
-	TODO: check
+	NOT-FOR-US: codeshare
 CVE-2025-54863 (Radiometrics VizAir is vulnerable to exposure of the system's REST API ...)
-	TODO: check
+	NOT-FOR-US: Radiometrics VizAir
 CVE-2025-54334 (An issue was discovered in the NPU driver in Samsung Mobile Processor  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54333 (An issue was discovered in NPU in Samsung Mobile Processor Exynos thro ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54332 (An issue was discovered in NPU in Samsung Mobile Processor Exynos thro ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54331 (An issue was discovered in NPU in Samsung Mobile Processor Exynos thro ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54330 (An issue was discovered in NPU in Samsung Mobile Processor Exynos thro ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54329 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54327 (An issue was discovered in VTS in Samsung Mobile Processor and Wearabl ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54325 (An issue was discovered in VTS in Samsung Mobile Processor and Wearabl ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54323 (An issue was discovered in the camera in Samsung Mobile Processor Exyn ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-52513 (An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-52512 (An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-49494 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-41345 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41344 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41343 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41342 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41341 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41340 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41339 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41338 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41337 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41336 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41335 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41114 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41113 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41112 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-41111 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
-	TODO: check
+	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-33176 (NVIDIA RunAI for all platforms contains a vulnerability where a user c ...)
 	TODO: check
 CVE-2025-23358 (NVIDIA NVApp for Windows contains a vulnerability in the installer, wh ...)
 	TODO: check
 CVE-2025-12695 (The overly permissive sandbox configuration in DSPy allows attackers t ...)
-	TODO: check
+	NOT-FOR-US: DSPy
 CVE-2025-12682 (The Easy Upload Files During Checkout plugin for WordPress is vulnerab ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12493 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +2 ...)
@@ -92,11 +92,11 @@ CVE-2025-12493 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenb
 CVE-2025-12184 (The MeetingList plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12108 (The Survision LPR Camera system does not enforce password protection b ...)
-	TODO: check
+	NOT-FOR-US: Survision LPR Camera system
 CVE-2025-12045 (The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11690 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: CFMOTO RIDE
 CVE-2025-10875 (Improper Neutralization of Input Used for LLM Prompting vulnerability  ...)
 	NOT-FOR-US: Salesforce
 CVE-2025-XXXX [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization]
@@ -413,7 +413,7 @@ CVE-2025-20726 (In Modem, there is a possible out of bounds write due to an inco
 CVE-2025-20725 (In ims service, there is a possible out of bounds write due to a missi ...)
 	NOT-FOR-US: MediaTek
 CVE-2025-12683 (The service employed by Everything, running as SYSTEM, communicates wi ...)
-	TODO: check
+	NOT-FOR-US: voidtools
 CVE-2025-12657 (The KMIP response parser built into mongo binaries is overly tolerant  ...)
 	TODO: check
 CVE-2025-12456 (The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Re ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60da257e3e30b6ceec5892aaf1625c395087f07c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60da257e3e30b6ceec5892aaf1625c395087f07c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251104/df33c553/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list