[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 13 20:44:17 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3bb3c7c9 by Salvatore Bonaccorso at 2025-11-13T21:43:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,7 +39,7 @@ CVE-2025-64703 (MaxKB is an open-source AI assistant for enterprise. In versions
 CVE-2025-64525 (Astro is a web framework. In Astro versions 2.16.0 up to but excluding ...)
 	NOT-FOR-US: Astro
 CVE-2025-64523 (File Browser provides a file managing interface within a specified dir ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2025-64511 (MaxKB is an open-source AI assistant for enterprise. In versions prior ...)
 	NOT-FOR-US: MaxKB
 CVE-2025-64482 (Tuleap is an Open Source Suite to improve management of software devel ...)
@@ -93,11 +93,11 @@ CVE-2025-64261 (Missing Authorization vulnerability in codepeople Appointment Bo
 CVE-2025-64259 (Missing Authorization vulnerability in Jeroen Schmit Theater for WordP ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64186 (Evervault is a payment security solution. A vulnerability was identifi ...)
-	TODO: check
+	NOT-FOR-US: Evervault
 CVE-2025-63645 (A stored cross-site scripting (XSS) vulnerability exists in pH7Softwar ...)
-	TODO: check
+	NOT-FOR-US: pH7Software pH7-Social-Dating-CMS
 CVE-2025-63406 (An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6 ...)
-	TODO: check
+	NOT-FOR-US: Intermesh BV GroupOffice
 CVE-2025-63396 (An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profil ...)
 	TODO: check
 CVE-2025-62484 (Inefficient regular expression complexity in certain Zoom Workplace Cl ...)
@@ -163,15 +163,15 @@ CVE-2025-60672 (An unauthenticated command injection vulnerability exists in the
 CVE-2025-60671 (A command injection vulnerability exists in the D-Link DIR-823G router ...)
 	NOT-FOR-US: D-Link
 CVE-2025-59840 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	TODO: check
+	NOT-FOR-US: Vega
 CVE-2025-59480 (Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redir ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Mobile Apps
 CVE-2025-59367 (An authentication bypass vulnerability has been identified in certain  ...)
 	NOT-FOR-US: ASUS
 CVE-2025-55810 (A vulnerability was found in Alaga Home Security WiFi Camera 3K (model ...)
-	TODO: check
+	NOT-FOR-US: Alaga Home Security WiFi Camera 3K
 CVE-2025-52186 (Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2 ...)
-	TODO: check
+	NOT-FOR-US: Lichess lila
 CVE-2025-46608 (Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-46427 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an ...)
@@ -189,9 +189,9 @@ CVE-2025-46362 (Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10
 CVE-2025-43515 (The issue was addressed by refusing external connections by default. T ...)
 	NOT-FOR-US: Apple
 CVE-2025-41069 (Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of  ...)
-	TODO: check
+	NOT-FOR-US: DeporSite of T-INNOVA
 CVE-2025-40681 (Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnicha ...)
-	TODO: check
+	NOT-FOR-US: xCally's Omnichannel
 CVE-2025-36223 (IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caus ...)
 	NOT-FOR-US: IBM
 CVE-2025-33119 (IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in conf ...)
@@ -211,31 +211,31 @@ CVE-2025-20346 (A vulnerability in Cisco Catalyst Center could allow an authenti
 CVE-2025-20341 (A vulnerability in Cisco Catalyst Center Virtual Appliance could allow ...)
 	NOT-FOR-US: Cisco
 CVE-2025-13123 (A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Th ...)
-	TODO: check
+	NOT-FOR-US: AMTT Hotel Broadband Operation System
 CVE-2025-13122 (A vulnerability was detected in SourceCodester Patients Waiting Area Q ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-13121 (A security vulnerability has been detected in cameasy Liketea 1.0.0. I ...)
-	TODO: check
+	NOT-FOR-US: cameasy Liketea
 CVE-2025-13120 (A vulnerability has been found in mruby up to 3.4.0. This vulnerabilit ...)
 	TODO: check
 CVE-2025-13119 (A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking Sy ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-13118 (A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Aff ...)
-	TODO: check
+	NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13117 (A security vulnerability has been detected in macrozheng mall-swarm up ...)
-	TODO: check
+	NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13116 (A weakness has been identified in macrozheng mall-swarm up to 1.0.3. A ...)
-	TODO: check
+	NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13115 (A security flaw has been discovered in macrozheng mall-swarm up to 1.0 ...)
-	TODO: check
+	NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13114 (A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. T ...)
-	TODO: check
+	NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-13076 (A flaw has been found in code-projects Responsive Hotel Site 1.0. The  ...)
 	NOT-FOR-US: code-projects
 CVE-2025-13075 (A vulnerability was detected in code-projects Responsive Hotel Site 1. ...)
 	NOT-FOR-US: code-projects
 CVE-2025-13063 (A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an ...)
-	TODO: check
+	NOT-FOR-US: DinukaNavaratna Dee Store
 CVE-2025-13061 (A vulnerability was detected in itsourcecode Online Voting System 1.0. ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-13060 (A security vulnerability has been detected in SourceCodester Survey Ap ...)
@@ -293,27 +293,27 @@ CVE-2025-11260 (The WP Headless CMS Framework plugin for WordPress is vulnerable
 CVE-2025-10295 (The Angel \u2013 Fashion Model Agency WordPress CMS Theme theme for Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7329 (Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (har ...)
-	TODO: check
+	NOT-FOR-US: Tinycontrol LAN Controller v3 (LK3) firmware
 CVE-2023-7327 (Ozeki SMS Gateway versions up to and including 10.3.208 contain a path ...)
-	TODO: check
+	NOT-FOR-US: Ozeki SMS Gateway
 CVE-2023-7326 (The Epson Stylus SX510W embedded web management service fails to prope ...)
-	TODO: check
+	NOT-FOR-US: Epson
 CVE-2022-4984 (ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, ...)
-	TODO: check
+	NOT-FOR-US: ZenTao
 CVE-2022-4983 (TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode ...)
-	TODO: check
+	NOT-FOR-US: TEC-IT TBarCode
 CVE-2022-4982 (DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 co ...)
-	TODO: check
+	NOT-FOR-US: DBLTek GoIP-1 firmware
 CVE-2021-4464 (FiberHome AN5506-04-FA firmware versions up to and including RP2631 an ...)
-	TODO: check
+	NOT-FOR-US: FiberHome AN5506-04-FA firmware
 CVE-2021-4463 (Longjing Technology BEMS API versions up to and including 1.21 contain ...)
-	TODO: check
+	NOT-FOR-US: Longjing Technology BEMS API
 CVE-2017-20211 (UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted p ...)
-	TODO: check
+	NOT-FOR-US: UCanCode E-XD++ Visualization Enterprise Suite
 CVE-2016-15055 (JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirme ...)
-	TODO: check
+	NOT-FOR-US: JVC VN-T IP-camera models firmware
 CVE-2011-10034 (AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.02 ...)
-	TODO: check
+	NOT-FOR-US: AUTOMGEN
 CVE-2025-12983
 	- gitlab <unfixed>
 CVE-2025-7736
@@ -624,7 +624,7 @@ CVE-2025-57310 (A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Sim
 CVE-2025-56385 (A SQL injection vulnerability exists in the login functionality of Wel ...)
 	NOT-FOR-US: WellSky Harmony
 CVE-2025-52331 (Cross-site scripting (XSS) vulnerability in the generate report functi ...)
-	TODO: check
+	NOT-FOR-US: Rarlab WinRAR
 CVE-2025-46428 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,  contain a ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-37734 (Origin Validation Error in Kibana can lead to Server-Side Request Forg ...)
@@ -648,7 +648,7 @@ CVE-2025-12903 (The Payment Plugins Braintree For WooCommerce plugin for WordPre
 CVE-2025-12732 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12382 (Improper Limitation of a Pathname 'Path Traversal') vulnerability in A ...)
-	TODO: check
+	NOT-FOR-US: Algosec Firewall Analyzer
 CVE-2025-12152
 	REJECTED
 CVE-2025-12068



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bb3c7c9fc0f6473d3fa0a658f55874a6116e9c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bb3c7c9fc0f6473d3fa0a658f55874a6116e9c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251113/637214b8/attachment.htm>

More information about the debian-security-tracker-commits mailing list