[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 14 20:30:05 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44b000b6 by Salvatore Bonaccorso at 2025-11-14T21:29:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,45 +1,45 @@
 CVE-2025-9982 (A vulnerability exists in QuickCMS version 6.8 where sensitive admin c ...)
-	TODO: check
+	NOT-FOR-US: QuickCMS
 CVE-2025-8870 (On affected platforms running Arista EOS, certain serial console input ...)
 	NOT-FOR-US: Arista Networks
 CVE-2025-8855 (Authorization Bypass Through User-Controlled Key, Weak Password Recove ...)
-	TODO: check
+	NOT-FOR-US: Brokerage Automation
 CVE-2025-64446 (A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 thr ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-63830 (CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File ...)
-	TODO: check
+	NOT-FOR-US: CKFinder
 CVE-2025-63725 (Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A  ...)
-	TODO: check
+	NOT-FOR-US: SVX Portal
 CVE-2025-63724 (SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POS ...)
-	TODO: check
+	NOT-FOR-US: SVX Portal
 CVE-2025-63701 (A heap corruption vulnerability exists in the Advantech TP-3250 printe ...)
 	NOT-FOR-US: Advantech
 CVE-2025-63680 (Nero BackItUp in the Nero Productline is vulnerable to a path parsing/ ...)
-	TODO: check
+	NOT-FOR-US: Nero BackItUp
 CVE-2025-63291 (When processing API requests, the Alteryx server 2022.1.1.42654 and 20 ...)
-	TODO: check
+	NOT-FOR-US: Alteryx server
 CVE-2025-54562 (A vulnerability was found in the Application Server of Desktop Alert P ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54561 (An Incorrect Access Control vulnerability was found in the Application ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54560 (A Server-side Request Forgery vulnerability was found in the Applicati ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54559 (An issue was found in the Application Server of Desktop Alert PingAler ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54348 (A Stored Cross Site Scripting (XSS) vulnerability was found in the App ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54346 (A Reflected Cross Site Scripting (XSS) vulnerability was found in the  ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54345 (An issue was found in the Application Server of Desktop Alert PingAler ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54343 (An Incorrect Access Control vulnerability was found in the Application ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54342 (A vulnerability was found in the Application Server of Desktop Alert P ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54340 (A vulnerability was found in the Application Server of Desktop Alert P ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-54339 (An Incorrect Access Control vulnerability was found in the Application ...)
-	TODO: check
+	NOT-FOR-US: Desktop Alert
 CVE-2025-4618 (A sensitive information disclosure vulnerability in Palo Alto Networks ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2025-4617 (An insufficient policy enforcement vulnerability in Palo Alto Networks ...)
@@ -47,27 +47,27 @@ CVE-2025-4617 (An insufficient policy enforcement vulnerability in Palo Alto Net
 CVE-2025-4616 (An insufficient validation of an untrusted input vulnerability in Palo ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2025-13204 (npm package `expr-eval` is vulnerable to Prototype Pollution. An attac ...)
-	TODO: check
+	NOT-FOR-US: Node expr-eval
 CVE-2025-13180 (A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Con ...)
-	TODO: check
+	NOT-FOR-US: Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System
 CVE-2025-13179 (A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventor ...)
-	TODO: check
+	NOT-FOR-US: Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System
 CVE-2025-13178 (A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. Th ...)
-	TODO: check
+	NOT-FOR-US: Bdtask/CodeCanyon SalesERP
 CVE-2025-13177 (A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250 ...)
-	TODO: check
+	NOT-FOR-US: Bdtask/CodeCanyon SalesERP
 CVE-2025-13174 (A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7 ...)
-	TODO: check
+	NOT-FOR-US: rachelos WeRSS we-mp-rss
 CVE-2025-13172 (A security flaw has been discovered in CodeAstro Gym Management System ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-13171 (A vulnerability was identified in ZZCMS 2023. This impacts an unknown  ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2025-13170 (A vulnerability was detected in code-projects Simple Online Hotel Rese ...)
 	NOT-FOR-US: code-projects
 CVE-2025-13169 (A security vulnerability has been detected in code-projects Simple Onl ...)
 	NOT-FOR-US: code-projects
 CVE-2025-13168 (A weakness has been identified in ury-erp ury up to 0.2.0. This affect ...)
-	TODO: check
+	NOT-FOR-US: ury-erp ury
 CVE-2025-13033 (A vulnerability was identified in the email parsing library due to imp ...)
 	TODO: check
 CVE-2025-12897
@@ -75,7 +75,7 @@ CVE-2025-12897
 CVE-2025-12187
 	REJECTED
 CVE-2025-12149 (In Search Guard FLX versions 3.1.2 and earlier, while Document-Level S ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2025-11981 (The School Management System \u2013 WPSchoolPress plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11918 (Rockwell Automation Arena\xae suffers from a stack-based buffer overfl ...)
@@ -83,7 +83,7 @@ CVE-2025-11918 (Rockwell Automation Arena\xae suffers from a stack-based buffer
 CVE-2025-11794 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <=  ...)
 	TODO: check
 CVE-2025-10018 (QuickCMS is vulnerable to multiple Stored XSS in language editor funct ...)
-	TODO: check
+	NOT-FOR-US: QuickCMS
 CVE-2024-55016 (PHPGurukul Student Record Management System 3.20 is vulnerable to SQL  ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2024-44640 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
@@ -101,9 +101,9 @@ CVE-2024-44632 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injec
 CVE-2024-44630 (Multiple parameters in register.php in PHPGurukul Student Record Syste ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2024-42749 (Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local ...)
-	TODO: check
+	NOT-FOR-US: Alto CMS
 CVE-2024-21635 (Memos is a privacy-first, lightweight note-taking service that uses Ac ...)
-	TODO: check
+	NOT-FOR-US: Memos
 CVE-2025-9479 (Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allo ...)
 	{DSA-5875-1}
 	- chromium 133.0.6943.141-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44b000b613215f7e5b6649e698515d8568d7e79f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44b000b613215f7e5b6649e698515d8568d7e79f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251114/3e313311/attachment.htm>

More information about the debian-security-tracker-commits mailing list