[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 20 20:39:32 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b9ed335 by Salvatore Bonaccorso at 2025-11-20T21:38:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2025-63888 (The read function in file thinkphp\library\think\template\driver
 CVE-2025-63848 (Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2 ...)
 	TODO: check
 CVE-2025-63700 (An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypas ...)
-	TODO: check
+	NOT-FOR-US: Clerk-js
 CVE-2025-62731 (SOPlanning is vulnerable to Stored XSS in /feriesendpoint. Malicious a ...)
 	NOT-FOR-US: SOPlanning
 CVE-2025-62730 (SOPlanning is vulnerable to Privilege Escalation in user management ta ...)
@@ -53,11 +53,11 @@ CVE-2025-60797 (phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerabi
 CVE-2025-60796 (phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...)
 	TODO: check
 CVE-2025-60794 (Session tokens and passwords in couch-auth 0.21.2 are stored in JavaSc ...)
-	TODO: check
+	NOT-FOR-US: couch-auth
 CVE-2025-60738 (An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and b ...)
-	TODO: check
+	NOT-FOR-US: Ilevia EVE X1 Server Firmware
 CVE-2025-60737 (Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Ve ...)
-	TODO: check
+	NOT-FOR-US: Ilevia EVE X1 Server Firmware
 CVE-2025-55128 (HackerOne community member Dao Hoang Anh (yoyomiski) has reported an u ...)
 	TODO: check
 CVE-2025-55127 (HackerOne community member Dao Hoang Anh (yoyomiski) has reported an i ...)
@@ -65,27 +65,27 @@ CVE-2025-55127 (HackerOne community member Dao Hoang Anh (yoyomiski) has reporte
 CVE-2025-55126 (HackerOne community member Dang Hung Vi (vidang04) has reported a stor ...)
 	TODO: check
 CVE-2025-55124 (Improper neutralisation of input in Revive Adserver 6.0.0+ causes a re ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-55123 (Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 an ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-52671 (Debug information disclosure in the SQL error message to in Revive Ads ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-52670 (Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and ear ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-52669 (Insecure design policies in the user management system of Revive Adser ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-52668 (Improper input neutralization in the stats-conversions.php script in R ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-52667 (Missing JSON Content-Type header in a script in Revive Adserver 6.0.1  ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-52666 (Improper neutralisation of format characters in the settings of Revive ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-52410 (Institute-of-Current-Students v1.0 contains a time-based blind SQL inj ...)
 	TODO: check
 CVE-2025-48987 (Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 an ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-48986 (Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier ve ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-41076 (In version 6.13.0 of LimeSurvey, any external user can cause a 500 err ...)
 	TODO: check
 CVE-2025-41075 (Vulnerability in LimeSurvey 6.13.0 in the endpoint /optinthat causes i ...)
@@ -101,11 +101,11 @@ CVE-2025-40601 (A Stack-based buffer overflow vulnerability in the SonicOS SSLVP
 CVE-2025-36161 (IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtai ...)
 	NOT-FOR-US: IBM
 CVE-2025-35029 (Medical Informatics Engineering Enterprise Health has a stored cross s ...)
-	TODO: check
+	NOT-FOR-US: Medical Informatics Engineering Enterprise Health
 CVE-2025-34320 (BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint  ...)
-	TODO: check
+	NOT-FOR-US: BASIS BBj
 CVE-2025-13469 (A security vulnerability has been detected in Public Knowledge Project ...)
-	TODO: check
+	NOT-FOR-US: Public Knowledge Project omp and ojs
 CVE-2025-13468 (A weakness has been identified in SourceCodester Alumni Management Sys ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-13437 (When zx is invoked with --prefer-local=<path>, the CLI creates a symli ...)
@@ -113,7 +113,7 @@ CVE-2025-13437 (When zx is invoked with --prefer-local=<path>, the CLI creates a
 CVE-2025-13425 (A bug in the filesystem traversal fallback path causes fs/diriterate/d ...)
 	TODO: check
 CVE-2025-12414 (An attacker could take over a Looker account in a Looker instance conf ...)
-	TODO: check
+	NOT-FOR-US: Looker
 CVE-2025-12121 (Lite XL versions 2.1.8 and prior contain a vulnerability in the system ...)
 	TODO: check
 CVE-2025-12120 (Lite XL versions 2.1.8 and prior automatically execute the .lite_proje ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b9ed3355880a97dbe7ace3adbe4a09e1b2f7781

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b9ed3355880a97dbe7ace3adbe4a09e1b2f7781
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251120/ad3d0aef/attachment.htm>

More information about the debian-security-tracker-commits mailing list