[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 15 08:43:32 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22275591 by Salvatore Bonaccorso at 2025-11-15T09:43:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-9317 (The vulnerability, if exploited, could allow a miscreant with read  ac ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2025-8994 (The Project Management, Team Collaboration, Kanban Board, Gantt Charts ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8386 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2025-65072
 	REJECTED
 CVE-2025-65071
@@ -23,13 +23,13 @@ CVE-2025-65065
 CVE-2025-65064
 	REJECTED
 CVE-2025-64309 (Brightpick Mission Control  discloses device telemetry, configuration, ...)
-	TODO: check
+	NOT-FOR-US: Brightpick Mission Control
 CVE-2025-64308 (The Brightpick Mission Control web application exposes hardcoded crede ...)
-	TODO: check
+	NOT-FOR-US: Brightpick Mission Control
 CVE-2025-64307 (The Brightpick Internal Logic Control web interface is accessible  wit ...)
-	TODO: check
+	NOT-FOR-US: Brightpick
 CVE-2025-64084 (An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5  ...)
-	TODO: check
+	NOT-FOR-US: Cloudlog
 CVE-2025-63891 (Information Disclosure in web-accessible backup file in SourceCodester ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-63745 (A NULL pointer dereference vulnerability was discovered in radare2 6.0 ...)
@@ -37,13 +37,13 @@ CVE-2025-63745 (A NULL pointer dereference vulnerability was discovered in radar
 CVE-2025-63744 (A NULL pointer dereference vulnerability was discovered in radare2 6.0 ...)
 	TODO: check
 CVE-2025-62765 (General Industrial Controls Lynx+ Gatewayis vulnerable to a cleartext  ...)
-	TODO: check
+	NOT-FOR-US: General Industrial Controls Lynx+ Gateway
 CVE-2025-59780 (General Industrial Controls Lynx+ Gatewayis missing critical authentic ...)
-	TODO: check
+	NOT-FOR-US: General Industrial Controls Lynx+ Gateway
 CVE-2025-58083 (General Industrial Controls Lynx+ Gateway  is missing critical authent ...)
-	TODO: check
+	NOT-FOR-US: General Industrial Controls Lynx+ Gateway
 CVE-2025-55034 (General Industrial Controls Lynx+ Gatewayis vulnerable to a weak passw ...)
-	TODO: check
+	NOT-FOR-US: General Industrial Controls Lynx+ Gateway
 CVE-2025-1256
 	REJECTED
 CVE-2025-13191 (A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This  ...)
@@ -57,13 +57,13 @@ CVE-2025-13188 (A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. A
 CVE-2025-13187 (A security vulnerability has been detected in Intelbras ICIP 2.0.20. A ...)
 	NOT-FOR-US: Intelbras
 CVE-2025-13186 (A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store ...)
-	TODO: check
+	NOT-FOR-US: Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution
 CVE-2025-13185 (A security flaw has been discovered in Bdtask/CodeCanyon News365 up to ...)
-	TODO: check
+	NOT-FOR-US: Bdtask/CodeCanyon News365
 CVE-2025-13182 (A vulnerability was identified in pojoin h3blog 1.0. The impacted elem ...)
-	TODO: check
+	NOT-FOR-US: pojoin h3blog
 CVE-2025-13181 (A vulnerability was determined in pojoin h3blog 1.0. The affected elem ...)
-	TODO: check
+	NOT-FOR-US: pojoin h3blog
 CVE-2025-12849 (The Contest Gallery plugin for WordPress is vulnerable to authorizatio ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12847 (The All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings &  ...)
@@ -73,27 +73,27 @@ CVE-2025-12494 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for W
 CVE-2025-12182 (The Qi Blocks plugin for WordPress is vulnerable to unauthorized acces ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7328 (Screen SFT DAB 600/C firmware versions up to and including 1.9.3 conta ...)
-	TODO: check
+	NOT-FOR-US: Screen SFT DAB 600/C firmware
 CVE-2022-4985 (Vodafone H500s devices running firmware v3.5.10 (hardware model Sercom ...)
-	TODO: check
+	NOT-FOR-US: Vodafone
 CVE-2021-4471 (TG8 Firewall exposes a directory such as /data/ over HTTP without auth ...)
-	TODO: check
+	NOT-FOR-US: TG8 Firewall
 CVE-2021-4470 (TG8 Firewall contains a pre-authentication remote code execution vulne ...)
-	TODO: check
+	NOT-FOR-US: TG8 Firewall
 CVE-2021-4469 (Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port  ...)
-	TODO: check
+	NOT-FOR-US: Denver SHO-110 IP cameras
 CVE-2021-4468 (PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup inter ...)
-	TODO: check
+	NOT-FOR-US: PLANEX CS-QP50F-ING2 smart cameras
 CVE-2021-4467 (Positive Technologies MaxPatrol 8 and XSpider contain a remote denial- ...)
-	TODO: check
+	NOT-FOR-US: Positive Technologies MaxPatrol 8 and XSpider
 CVE-2021-4466 (IPCop versions up to and including 2.1.9 contain an authenticated remo ...)
-	TODO: check
+	NOT-FOR-US: IPCop
 CVE-2021-4465 (ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2. ...)
-	TODO: check
+	NOT-FOR-US: ReQuest Serious Play F3 Media Server
 CVE-2018-25125 (Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflo ...)
-	TODO: check
+	NOT-FOR-US: Netis ADSL Router DL4322D firmware RTK
 CVE-2016-15056 (Ubee EVW3226 cable modem/routers firmware versions up to and including ...)
-	TODO: check
+	NOT-FOR-US: Ubee EVW3226 cable modem/routers firmware
 CVE-2025-9982 (A vulnerability exists in QuickCMS version 6.8 where sensitive admin c ...)
 	NOT-FOR-US: QuickCMS
 CVE-2025-8870 (On affected platforms running Arista EOS, certain serial console input ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2227559140f920410a18f84efa36fdb7421cdae7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2227559140f920410a18f84efa36fdb7421cdae7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251115/919d94c0/attachment.htm>

More information about the debian-security-tracker-commits mailing list