[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 8 08:40:13 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b85b721 by Salvatore Bonaccorso at 2025-11-08T09:39:42+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,53 +3,53 @@ CVE-2025-9334 (The Better Find and Replace \u2013 AI-Powered Suggestions plugin
 CVE-2025-7663 (The Ovatheme Events Manager plugin for WordPress is vulnerable to unau ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-64496 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2025-64495 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2025-64494 (Soft Serve is a self-hostable Git server for the command line. In vers ...)
-	TODO: check
+	NOT-FOR-US: Soft Serve
 CVE-2025-64493 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-64492 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-64491 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-64490 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-64489 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-64488 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-64486 (calibre is an e-book manager. In versions 8.13.0 and prior, calibre do ...)
 	TODO: check
 CVE-2025-64485 (CVAT is an open source interactive video and image annotation tool for ...)
-	TODO: check
+	NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2025-64481 (Datasette is an open source multi-tool for exploring and publishing da ...)
-	TODO: check
+	NOT-FOR-US: Datasette
 CVE-2025-64442 (HumHub is an Open Source Enterprise Social Network. Versions below 1.1 ...)
-	TODO: check
+	NOT-FOR-US: HumHub
 CVE-2025-64439 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
-	TODO: check
+	NOT-FOR-US: LangGraph SQLite Checkpoint
 CVE-2025-64437 (KubeVirt is a virtual machine management add-on for Kubernetes. In ver ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2025-64436 (KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5 ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2025-64435 (KubeVirt is a virtual machine management add-on for Kubernetes. Prior  ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2025-64434 (KubeVirt is a virtual machine management add-on for Kubernetes. Prior  ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2025-64433 (KubeVirt is a virtual machine management add-on for Kubernetes. Prior  ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2025-63544 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_no ...)
-	TODO: check
+	NOT-FOR-US: TechStore
 CVE-2025-63543 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /sear ...)
-	TODO: check
+	NOT-FOR-US: TechStore
 CVE-2025-63420 (A stored cross-site scripting (XSS) vulnerability in the CrushFTP 11.3 ...)
-	TODO: check
+	NOT-FOR-US: CrushFTP
 CVE-2025-60574 (A Local File Inclusion (LFI) vulnerability has been identified in tQua ...)
-	TODO: check
+	NOT-FOR-US: tQuadra CMS
 CVE-2025-37736 (Improper Authorization in Elastic Cloud Enterprise can lead to Privile ...)
-	TODO: check
+	NOT-FOR-US: Elastic Cloud Enterprise
 CVE-2025-12911 (Inappropriate implementation in Permissions in Google Chrome prior to  ...)
 	TODO: check
 CVE-2025-12910 (Inappropriate implementation in Passkeys in Google Chrome prior to 140 ...)
@@ -65,9 +65,9 @@ CVE-2025-12906 (Inappropriate implementation in Permissions in Google Chrome pri
 CVE-2025-12905 (Inappropriate implementation in Downloads in Google Chrome on Windows  ...)
 	TODO: check
 CVE-2025-12902 (Improper resource management in firmware of some Solidigm DC Products  ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2025-12896 (Improper resource management in firmware of some Solidigm DC Products  ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2025-12875 (A weakness has been identified in mruby 3.4.0. This vulnerability affe ...)
 	TODO: check
 CVE-2025-12863 (A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML pa ...)
@@ -79,7 +79,7 @@ CVE-2025-12583 (The Simple Downloads List plugin for WordPress is vulnerable to
 CVE-2025-12498 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12418 (Potential Denial of Service issue in all supported versions of Revener ...)
-	TODO: check
+	NOT-FOR-US: Revenera InstallShield
 CVE-2025-12353 (The WPFunnels \u2013 The Easiest Funnel Builder For WordPress And WooC ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12193 (The Mang Board WP plugin for WordPress is vulnerable to Reflected Cros ...)
@@ -107,7 +107,7 @@ CVE-2025-11748 (The Groups plugin for WordPress is vulnerable to Insecure Direct
 CVE-2025-11452 (The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2020-36870 (Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2025-9458 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-7719 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b85b721985a8a4e93142acc0ddec197768c74c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b85b721985a8a4e93142acc0ddec197768c74c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251108/3129be5e/attachment.htm>

More information about the debian-security-tracker-commits mailing list