[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 6 20:25:39 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
096dfb19 by Salvatore Bonaccorso at 2025-11-06T21:25:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,13 +13,13 @@ CVE-2025-64198 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-64196 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63589 (A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php ro ...)
-	TODO: check
+	NOT-FOR-US: CMSimple_XH
 CVE-2025-63588 (An unauthenticated reflected cross-site scripting vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: CMSimple_XH
 CVE-2025-63560 (An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder  ...)
-	TODO: check
+	NOT-FOR-US: KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware
 CVE-2025-63551 (A Server-Side Request Forgery (SSRF) vulnerability, achievable through ...)
-	TODO: check
+	NOT-FOR-US: MetInfo Content Management System (CMS)
 CVE-2025-63307 (alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scrip ...)
 	TODO: check
 CVE-2025-62950 (Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker /  ...)
@@ -101,7 +101,7 @@ CVE-2025-62011 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-62010 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60541 (A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of l ...)
-	TODO: check
+	NOT-FOR-US: linshenkx prompt-optimizer
 CVE-2025-60248 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60247 (Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocomm ...)
@@ -169,9 +169,9 @@ CVE-2025-5803 (Missing Authorization vulnerability in e4jvikwp VikBooking Hotel
 CVE-2025-59556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-59396 (The default configuration of WatchGuard Firebox devices through 2025-0 ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2025-59392 (On Elspec G5 devices through 1.2.2.19, a person with physical access t ...)
-	TODO: check
+	NOT-FOR-US: Elspec G5 devices
 CVE-2025-58998 (Deserialization of Untrusted Data vulnerability in Cristi\xe1n L\xe1va ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58996 (Unrestricted Upload of File with Dangerous Type vulnerability in Helmu ...)
@@ -271,7 +271,7 @@ CVE-2025-49386 (Deserialization of Untrusted Data vulnerability in Scott Reilly
 CVE-2025-49372 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48330 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-48290 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48090 (Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Pa ...)
@@ -329,19 +329,19 @@ CVE-2025-34237 (Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored
 CVE-2025-34236 (Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross ...)
 	NOT-FOR-US: Advantech
 CVE-2025-32222 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-31029 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28953 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-27919 (An issue was discovered in AnyDesk through 9.0.4. A remotely connected ...)
-	TODO: check
+	NOT-FOR-US: AnyDesk
 CVE-2025-27918 (An issue was discovered in AnyDesk before 9.0.0. It has an integer ove ...)
-	TODO: check
+	NOT-FOR-US: AnyDesk
 CVE-2025-27917 (An issue was discovered in AnyDesk through 9.0.4. Remote Denial of Ser ...)
-	TODO: check
+	NOT-FOR-US: AnyDesk
 CVE-2025-27916 (An issue was discovered in AnyDesk through 9.0.4. When the connection  ...)
-	TODO: check
+	NOT-FOR-US: AnyDesk
 CVE-2025-22397 (Dell Integrated Dell Remote Access Controller 9, 14G versions prior to ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-22288 (Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-On ...)
@@ -355,11 +355,11 @@ CVE-2025-12556 (An argument injection vulnerability exists in the affected produ
 CVE-2025-12485 (Improper privilege management during pre-MFA cookie handling in Devolu ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-11956 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Proliz Software Ltd. Co. OBS (Student Affairs Information System)
 CVE-2025-11268 (The Strong Testimonials plugin for WordPress is vulnerable to arbitrar ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10955 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Netcad Software Inc. Netigma
 CVE-2025-10885 (A maliciously crafted file, when executed on the victim's machine, can ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-25621 (containerd is an open-source container runtime. Versions 0.1.0 through ...)
@@ -377,9 +377,9 @@ CVE-2022-50592 (Advantech iView versions prior to v5.7.04 build 6425contain a vu
 CVE-2022-50591 (Advantech iView versions prior to v5.7.04 build 6425contain a vulnerab ...)
 	NOT-FOR-US: Advantech
 CVE-2022-50590 (SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2022-50589 (SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-9338 (A improper restriction of operations within the bounds of a memory buf ...)
 	NOT-FOR-US: ASUS
 CVE-2025-64480



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/096dfb194a406b79549370dc7eb2ddeefcdebc80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/096dfb194a406b79549370dc7eb2ddeefcdebc80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251106/4838cc8f/attachment.htm>

More information about the debian-security-tracker-commits mailing list