[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 18 20:34:09 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27a65cfc by Salvatore Bonaccorso at 2025-11-18T21:33:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9977 (Value provided in one of POST parameters sent during the process of lo ...)
-	TODO: check
+	NOT-FOR-US: Times Software E-Payroll
 CVE-2025-9625 (The Coil Web Monetization plugin for WordPress is vulnerable to Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9312 (A missing authentication enforcement vulnerability exists in the mutua ...)
@@ -20,51 +20,51 @@ CVE-2025-64076 (Multiple vulnerabilities exist in cbor2 through version 5.7.0 in
 	NOTE: https://github.com/agronholm/cbor2/pull/265
 	NOTE: https://github.com/agronholm/cbor2/commit/2349197bea8ebd1bf57a68f4a6549d8fd7585e66 (5.7.1)
 CVE-2025-63994 (An arbitrary file upload vulnerability in the /php/UploadHandler.php c ...)
-	TODO: check
+	NOT-FOR-US: RichFilemanager
 CVE-2025-63955 (A Cross-Site Request Forgery (CSRF) vulnerability in the manage-studen ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-63892 (A vulnerability was determined in SourceCodester Student Grades Manage ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-63883 (A DOM-based cross-site scripting vulnerability exists in electic-shop  ...)
-	TODO: check
+	NOT-FOR-US: electic-shop
 CVE-2025-63829 (eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability c ...)
 	TODO: check
 CVE-2025-63828 (Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows atta ...)
 	- backdrop <itp> (bug #914257)
 CVE-2025-63800 (The password change endpoint in Open Source Point of Sale 3.4.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Open Source Point of Sale
 CVE-2025-63749 (pnetlab 5.3.11 is vulnerable to Command Injection via the qemu_options ...)
-	TODO: check
+	NOT-FOR-US: PNETLab
 CVE-2025-63695 (DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in  ...)
-	TODO: check
+	NOT-FOR-US: DzzOffice
 CVE-2025-63694 (DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer ...)
-	TODO: check
+	NOT-FOR-US: DzzOffice
 CVE-2025-63693 (The comment editing template (dzz/comment/template/edit_form.htm) in D ...)
-	TODO: check
+	NOT-FOR-US: DzzOffice
 CVE-2025-63604 (A code injection vulnerability exists in baryhuang/mcp-server-aws-reso ...)
-	TODO: check
+	NOT-FOR-US: baryhuang/mcp-server-aws-resources-python
 CVE-2025-63603 (A command injection vulnerability exists in the MCP Data Science Serve ...)
-	TODO: check
+	NOT-FOR-US: reading-plus-ai/mcp-server-data-exploration
 CVE-2025-63602 (A vulnerability was discovered in Awesome Miner thru 11.2.4 that allow ...)
-	TODO: check
+	NOT-FOR-US: Awesome Miner
 CVE-2025-63514 (kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: kishan0725 Hospital Management System
 CVE-2025-63513 (kishan0725 Hospital Management System v4 has an Insecure Direct Object ...)
-	TODO: check
+	NOT-FOR-US: kishan0725 Hospital Management System
 CVE-2025-63512 (kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: kishan0725 Hospital Management System
 CVE-2025-63408 (Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory trav ...)
-	TODO: check
+	NOT-FOR-US: Local Agent DVR
 CVE-2025-63258 (A remote command execution (RCE) vulnerability was discovered in all H ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-63228 (The Mozart FM Transmitter web management interface on version WEBMOZZI ...)
-	TODO: check
+	NOT-FOR-US: Mozart FM Transmitter
 CVE-2025-63227 (The Mozart FM Transmitter web management interface on version WEBMOZZI ...)
-	TODO: check
+	NOT-FOR-US: Mozart FM Transmitter
 CVE-2025-63226 (The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60 ...)
-	TODO: check
+	NOT-FOR-US: Sencore SMP100 SMP Media Platform
 CVE-2025-63225 (The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vul ...)
-	TODO: check
+	NOT-FOR-US: Eurolab ELTS100_UBX device
 CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory vulnerability [ ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in the nor ...)
@@ -76,25 +76,25 @@ CVE-2025-61662 (A Use-After-Free vulnerability has been discovered in GRUB's get
 CVE-2025-61661 (A vulnerability has been identified in the GRUB (Grand Unified Bootloa ...)
 	TODO: check
 CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, ...)
-	TODO: check
+	NOT-FOR-US: Modular Max Serve
 CVE-2025-59669 (A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6 ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-59117 (Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: Windu CMS
 CVE-2025-59116 (Windu CMS is vulnerable to User Enumeration. This issue occurs during  ...)
-	TODO: check
+	NOT-FOR-US: Windu CMS
 CVE-2025-59115 (Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the lo ...)
-	TODO: check
+	NOT-FOR-US: Windu CMS
 CVE-2025-59114 (Windu CMS is vulnerable to Cross-Site Request Forgery in file uploadin ...)
-	TODO: check
+	NOT-FOR-US: Windu CMS
 CVE-2025-59113 (Windu CMS implements weak client-side brute-force protection by using  ...)
-	TODO: check
+	NOT-FOR-US: Windu CMS
 CVE-2025-59112 (Windu CMS is vulnerable to Cross-Site Request Forgery in user editing  ...)
-	TODO: check
+	NOT-FOR-US: Windu CMS
 CVE-2025-59111 (Windu CMS is vulnerable to Broken Access Control in user editing funct ...)
-	TODO: check
+	NOT-FOR-US: Windu CMS
 CVE-2025-59110 (Windu CMS is vulnerable to Cross-Site Request Forgery in user editing  ...)
-	TODO: check
+	NOT-FOR-US: Windu CMS
 CVE-2025-58692 (An improper neutralization of special elements used in an SQL Command  ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-58413 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, ...)
@@ -106,17 +106,17 @@ CVE-2025-58121 (Insufficient permission validation on multiple REST API endpoint
 CVE-2025-58034 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-56643 (Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active ...)
-	TODO: check
+	NOT-FOR-US: Requarks Wiki.js
 CVE-2025-56527 (Plaintext password storage in Kotaemon 0.11.0 in the client's localSto ...)
-	TODO: check
+	NOT-FOR-US: Kotaemon
 CVE-2025-56526 (Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing a ...)
-	TODO: check
+	NOT-FOR-US: Kotaemon
 CVE-2025-56499 (Incorrect access control in mihomo v1.19.11 allows authenticated attac ...)
-	TODO: check
+	NOT-FOR-US: mihomo
 CVE-2025-55796 (The openml/openml.org web application version v2.0.20241110 uses predi ...)
 	TODO: check
 CVE-2025-55179 (Incomplete validation of rich response messages in WhatsApp for iOS pr ...)
-	TODO: check
+	NOT-FOR-US: WhatsApp
 CVE-2025-55074 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enfo ...)
 	TODO: check
 CVE-2025-54972 (An improper neutralization of crlf sequences ('crlf injection') in For ...)
@@ -132,13 +132,13 @@ CVE-2025-54770 (A vulnerability has been identified in the GRUB2 bootloader's ne
 CVE-2025-54660 (An active debug code vulnerability in Fortinet FortiClientWindows 7.4. ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)
-	TODO: check
+	NOT-FOR-US: Ascertia SigningHub
 CVE-2025-54320 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)
-	TODO: check
+	NOT-FOR-US: Ascertia SigningHub
 CVE-2025-53843 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-53360 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventor ...)
-	TODO: check
+	NOT-FOR-US: GLPI plugin
 CVE-2025-52639 (HCL Connections is vulnerable to a sensitive information disclosure vu ...)
 	NOT-FOR-US: HCL
 CVE-2025-4212 (The Checkout Files Upload for WooCommerce plugin for WordPress is vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a65cfcd162dd99697eb330b2855607c5a7e1c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a65cfcd162dd99697eb330b2855607c5a7e1c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251118/6fa76845/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list