[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 20 21:01:15 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e9e65ac by Salvatore Bonaccorso at 2025-11-20T22:00:48+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2025-63889 (The fetch function in file thinkphp\library\think\Template.php i
 CVE-2025-63888 (The read function in file thinkphp\library\think\template\driver\File. ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2025-63848 (Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2 ...)
-	TODO: check
+	NOT-FOR-US: SWISH SWI-Prolog
 CVE-2025-63700 (An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypas ...)
 	NOT-FOR-US: Clerk-js
 CVE-2025-62731 (SOPlanning is vulnerable to Stored XSS in /feriesendpoint. Malicious a ...)
@@ -59,11 +59,11 @@ CVE-2025-60738 (An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden
 CVE-2025-60737 (Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Ve ...)
 	NOT-FOR-US: Ilevia EVE X1 Server Firmware
 CVE-2025-55128 (HackerOne community member Dao Hoang Anh (yoyomiski) has reported an u ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-55127 (HackerOne community member Dao Hoang Anh (yoyomiski) has reported an i ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-55126 (HackerOne community member Dang Hung Vi (vidang04) has reported a stor ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-55124 (Improper neutralisation of input in Revive Adserver 6.0.0+ causes a re ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2025-55123 (Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 an ...)
@@ -81,7 +81,7 @@ CVE-2025-52667 (Missing JSON Content-Type header in a script in Revive Adserver
 CVE-2025-52666 (Improper neutralisation of format characters in the settings of Revive ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2025-52410 (Institute-of-Current-Students v1.0 contains a time-based blind SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Institute-of-Current-Students
 CVE-2025-48987 (Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 an ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2025-48986 (Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier ve ...)
@@ -109,23 +109,23 @@ CVE-2025-13469 (A security vulnerability has been detected in Public Knowledge P
 CVE-2025-13468 (A weakness has been identified in SourceCodester Alumni Management Sys ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-13437 (When zx is invoked with --prefer-local=<path>, the CLI creates a symli ...)
-	TODO: check
+	NOT-FOR-US: google/zx
 CVE-2025-13425 (A bug in the filesystem traversal fallback path causes fs/diriterate/d ...)
-	TODO: check
+	NOT-FOR-US: OSV-SCALIBR
 CVE-2025-12414 (An attacker could take over a Looker account in a Looker instance conf ...)
 	NOT-FOR-US: Looker
 CVE-2025-12121 (Lite XL versions 2.1.8 and prior contain a vulnerability in the system ...)
-	TODO: check
+	NOT-FOR-US: Lite XL
 CVE-2025-12120 (Lite XL versions 2.1.8 and prior automatically execute the .lite_proje ...)
-	TODO: check
+	NOT-FOR-US: Lite XL
 CVE-2025-11676 (Improper input validation vulnerability in TP-Link System Inc. TL-WR94 ...)
 	NOT-FOR-US: TP-Link
 CVE-2025-10571 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
 	NOT-FOR-US: ABB group
 CVE-2025-0645 (Unrestricted Upload of File with Dangerous Type vulnerability in Narko ...)
-	TODO: check
+	NOT-FOR-US: Pyxis Signage
 CVE-2025-0643 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Pyxis Signage
 CVE-2024-31405
 	REJECTED
 CVE-2025-13402 [RNP PKESK Session Keys Generated as All-Zero]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e9e65ac84bf61ab8dbdeefb8b85e6fd394c87fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e9e65ac84bf61ab8dbdeefb8b85e6fd394c87fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251120/ba3ea39f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list