[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 10 20:25:16 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63b9493b by Salvatore Bonaccorso at 2025-11-10T21:24:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2025-63710 (The send_message.php endpoint in SourceCodester Simple Public Ch
 CVE-2025-63709 (A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Si ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-63497 (The patient prescription viewing functionality in his_doc_view_single_ ...)
-	TODO: check
+	NOT-FOR-US: rickxy Hospital Management System
 CVE-2025-63457 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via  ...)
 	NOT-FOR-US: Tenda
 CVE-2025-63456 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via  ...)
@@ -61,21 +61,21 @@ CVE-2025-60876 (BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and oth
 CVE-2025-56503 (An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticate ...)
 	TODO: check
 CVE-2025-47932 (Combodo iTop is a web based IT service management tool. Versions prior ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2025-47773 (Combodo iTop is a web based IT service management tool. Versions prior ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2025-47286 (Combodo iTop is a web based IT service management tool. In versions pr ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2025-46430 (Dell Display and Peripheral Manager, versions prior to 2.1.2.12, conta ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-43723 (Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0. ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-43079 (The Qualys Cloud Agent included a bundled uninstall script (qagent_uni ...)
-	TODO: check
+	NOT-FOR-US: Qualys Cloud Agent
 CVE-2025-41107 (Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 du ...)
-	TODO: check
+	NOT-FOR-US: Smart School
 CVE-2025-41001 (Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02 ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2025-33150 (IBM Cognos Analytics Certified Containers 12.1.0 could disclose packag ...)
 	NOT-FOR-US: IBM
 CVE-2025-12967 (An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for pr ...)
@@ -85,13 +85,13 @@ CVE-2025-12939 (A security flaw has been discovered in SourceCodester Interview
 CVE-2025-12938 (A vulnerability was identified in projectworlds Online Admission Syste ...)
 	NOT-FOR-US: Project Worlds
 CVE-2025-12480 (Triofox versions prior to 16.7.10368.56560, are vulnerable to an Impro ...)
-	TODO: check
+	NOT-FOR-US: Triofox
 CVE-2025-12409 (A SQL injection vulnerability was discovered in Looker Studio that all ...)
-	TODO: check
+	NOT-FOR-US: Looker Studio
 CVE-2025-12405 (An improper privilege management vulnerability was found in Looker Stu ...)
-	TODO: check
+	NOT-FOR-US: Looker Studio
 CVE-2025-12397 (A SQL injection vulnerability was found in Looker Studio.  A Looker St ...)
-	TODO: check
+	NOT-FOR-US: Looker Studio
 CVE-2025-12155 (A Command Injection vulnerability, resulting from improper file path s ...)
 	TODO: check
 CVE-2025-XXXX [GHSA-c978-wq47-pvvw]
@@ -151,7 +151,7 @@ CVE-2025-12865 (U-Office Force developed by e-Excellence has a SQL Injection vul
 CVE-2025-12864 (U-Office Force developed by e-Excellence has a SQL Injection vulnerabi ...)
 	NOT-FOR-US: U-Office Force
 CVE-2025-12613 (Versions of the package cloudinary before 2.7.0 are vulnerable to Arbi ...)
-	TODO: check
+	NOT-FOR-US: cloudinary Node.js module
 CVE-2025-64507 [GHSA-56mx-8g9f-5crf]
 	{DSA-6051-1}
 	- incus 6.0.5-4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63b9493bb3d7ae1535465d43a6341196af434f67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63b9493bb3d7ae1535465d43a6341196af434f67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251110/d60152e3/attachment.htm>

More information about the debian-security-tracker-commits mailing list