[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 12 21:17:09 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ddaa895d by Salvatore Bonaccorso at 2025-11-12T22:16:07+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,29 +40,29 @@ CVE-2025-63811 (An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0
 	- golang-github-dvsekhvalnov-jose2go <unfixed>
 	NOTE: https://github.com/dvsekhvalnov/jose2go/issues/33
 CVE-2025-63679 (free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF r ...)
-	TODO: check
+	NOT-FOR-US: Free5gc
 CVE-2025-63667 (Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92 ...)
-	TODO: check
+	NOT-FOR-US: SIMICAM
 CVE-2025-63666 (Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that ex ...)
 	NOT-FOR-US: Tenda
 CVE-2025-63419 (Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The We ...)
-	TODO: check
+	NOT-FOR-US: CrushFTP
 CVE-2025-63353 (A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the devic ...)
-	TODO: check
+	NOT-FOR-US: FiberHome GPON ONU HG6145F1 RP4423
 CVE-2025-63289 (Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in  ...)
-	TODO: check
+	NOT-FOR-US: Sogexia Android App Compile Affected SDK
 CVE-2025-62876 (A Execution with Unnecessary Privileges vulnerability in lightdm-kde-g ...)
 	TODO: check
 CVE-2025-61667 (The Datadog Agent collects events and metrics from hosts and sends the ...)
-	TODO: check
+	NOT-FOR-US: Datadog Agent
 CVE-2025-61623 (Reflected cross-site scripting vulnerability in Apache OFBiz.  This is ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-60646 (A stored cross-site scripting (XSS) in the Business Line Management mo ...)
-	TODO: check
+	NOT-FOR-US: xxl-api
 CVE-2025-60645 (A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: xxl-api
 CVE-2025-59491 (Cross Site Scripting vulnerability in CentralSquare Community Developm ...)
-	TODO: check
+	NOT-FOR-US: CentralSquare Community Development
 CVE-2025-59118 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-59089 (If an attacker causes kdcproxy to connect to an attacker-controlled KD ...)
@@ -74,7 +74,7 @@ CVE-2025-57812 (CUPS is a standards-based, open-source printing system, and `lib
 CVE-2025-57310 (A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Fa ...)
 	TODO: check
 CVE-2025-56385 (A SQL injection vulnerability exists in the login functionality of Wel ...)
-	TODO: check
+	NOT-FOR-US: WellSky Harmony
 CVE-2025-52331 (Cross-site scripting (XSS) vulnerability in the generate report functi ...)
 	TODO: check
 CVE-2025-46428 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,  contain a ...)
@@ -84,7 +84,7 @@ CVE-2025-37734 (Origin Validation Error in Kibana can lead to Server-Side Reques
 CVE-2025-27368 (IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of s ...)
 	NOT-FOR-US: IBM
 CVE-2025-25236 (Omnissa Workspace ONE UEM contains an observable response discrepancy  ...)
-	TODO: check
+	NOT-FOR-US: Omnissa
 CVE-2025-20379 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 an ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20378 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and S ...)
@@ -112,13 +112,13 @@ CVE-2025-12047 (A vulnerability was reported in the Lenovo Scanner pro applicati
 CVE-2025-11994 (The Easy Email Subscription plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11962 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Digital Corporate Warehouse
 CVE-2025-11797 (A maliciously crafted DWG file, when parsed through Autodesk 3ds Max,  ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-11795 (A maliciously crafted JPG file, when parsed through Autodesk 3ds Max,  ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to an XML External Entities ...)
-	TODO: check
+	NOT-FOR-US: N-central
 CVE-2025-11567 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2025-11566 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...)
@@ -128,9 +128,9 @@ CVE-2025-11565 (CWE-22: Improper Limitation of a Pathname to a Restricted Direct
 CVE-2025-11454 (The Specific Content For Mobile \u2013 Customize the mobile version wi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11367 (The N-central Software Probe < 2025.4 is vulnerable to Remote Code Exe ...)
-	TODO: check
+	NOT-FOR-US: N-central
 CVE-2025-11366 (N-central < 2025.4 is vulnerable to authentication bypass via path tra ...)
-	TODO: check
+	NOT-FOR-US: N-central
 CVE-2025-10495 (A potential vulnerability was reported in the Lenovo PC Manager, Lenov ...)
 	NOT-FOR-US: Lenovo
 CVE-2024-48829 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an ...)
@@ -138,7 +138,7 @@ CVE-2024-48829 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, cont
 CVE-2024-47866 (Ceph is a distributed object, block, and file storage platform. In ver ...)
 	TODO: check
 CVE-2024-45301 (Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2 ...)
-	TODO: check
+	NOT-FOR-US: Mintty
 CVE-2025-40177 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.17.6-1
 	[trixie] - linux 6.12.57-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddaa895dd767c7e809f72c558961d4bd2912b1d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddaa895dd767c7e809f72c558961d4bd2912b1d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251112/3bb6255a/attachment.htm>

More information about the debian-security-tracker-commits mailing list