[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 21 08:23:24 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98650d1a by Salvatore Bonaccorso at 2025-11-21T09:22:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
 CVE-2025-64770 (The affected products allow unauthenticated access to Open Network Vid ...)
-	TODO: check
+	NOT-FOR-US: iCam365 P201
 CVE-2025-64762 (The AuthKit library for Next.js provides convenient helpers for authen ...)
 	NOT-FOR-US: Next.js
 CVE-2025-64755 (Claude Code is an agentic coding tool. Prior to version 2.0.31, due to ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2025-64751 (OpenFGA is a high-performance and flexible authorization/permission en ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2025-64695 (Uncontrolled search path element issue exists in the installer of LogS ...)
-	TODO: check
+	NOT-FOR-US: LogStare
 CVE-2025-64660 (Improper access control in GitHub Copilot and Visual Studio Code allow ...)
-	TODO: check
+	NOT-FOR-US: GitHub Copilot and Visual Studio Code
 CVE-2025-64655 (Improper authorization in Dynamics OmniChannel SDK Storage Containers  ...)
-	TODO: check
+	NOT-FOR-US: Dynamics OmniChannel SDK Storage Containers
 CVE-2025-64310 (EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Produc ...)
-	TODO: check
+	NOT-FOR-US: EPSON
 CVE-2025-64299 (LogStare Collector improperly handles the password hash data. An admin ...)
-	TODO: check
+	NOT-FOR-US: LogStare
 CVE-2025-63807 (An issue was discovered in weijiang1994 university-bbs (aka Blogin) in ...)
-	TODO: check
+	NOT-FOR-US: weijiang1994 university-bbs
 CVE-2025-63685 (Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vuln ...)
-	TODO: check
+	NOT-FOR-US: Quark Cloud Drive
 CVE-2025-62687 (Cross-site request forgery vulnerability exists in LogStare Collector. ...)
-	TODO: check
+	NOT-FOR-US: LogStare
 CVE-2025-62674 (The affected product allows unauthenticated access to Real Time Stream ...)
-	TODO: check
+	NOT-FOR-US: iCam365 P201
 CVE-2025-62459 (Microsoft Defender Portal Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-62426 (vLLM is an inference and serving engine for large language models (LLM ...)
 	TODO: check
 CVE-2025-62372 (vLLM is an inference and serving engine for large language models (LLM ...)
 	TODO: check
 CVE-2025-62207 (Azure Monitor Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-62189 (LogStare Collector contains an incorrect authorization vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: LogStare
 CVE-2025-62164 (vLLM is an inference and serving engine for large language models (LLM ...)
 	TODO: check
 CVE-2025-61949 (LogStare Collector contains a stored cross-site scripting vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: LogStare
 CVE-2025-61138 (Qlik Sense Enterprise v14.212.13 was discovered to contain an informat ...)
-	TODO: check
+	NOT-FOR-US: Qlik Sense Enterprise
 CVE-2025-59245 (Microsoft SharePoint Online Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-58097 (The installation directory of LogStare Collector is configured with in ...)
-	TODO: check
+	NOT-FOR-US: LogStare
 CVE-2025-49752 (Azure Bastion Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-36160 (IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server inform ...)
 	NOT-FOR-US: IBM
 CVE-2025-36159 (IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log  ...)
@@ -57,7 +57,7 @@ CVE-2025-36153 (IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scri
 CVE-2025-36072 (IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 throu ...)
 	NOT-FOR-US: IBM
 CVE-2025-25613 (FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45 ...)
-	TODO: check
+	NOT-FOR-US: FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless
 CVE-2025-13499 (Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows de ...)
 	TODO: check
 CVE-2025-13485 (A security flaw has been discovered in itsourcecode Online File Manage ...)
@@ -75,7 +75,7 @@ CVE-2025-13135 (The HotelRunner Booking Widget plugin for WordPress is vulnerabl
 CVE-2025-13134 (The AuthorSure plugin for WordPress is vulnerable to Cross-Site Reques ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13087 (A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC ...)
-	TODO: check
+	NOT-FOR-US: Opto22
 CVE-2025-12894 (The Import WP \u2013 Export and Import CSV and XML files to WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12881 (The Return Refund and Exchange For WooCommerce plugin for WordPress is ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98650d1af5fd39901aeb9af88462373bfa2e6df9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98650d1af5fd39901aeb9af88462373bfa2e6df9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251121/fad2a0f2/attachment.htm>

More information about the debian-security-tracker-commits mailing list