[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 27 14:52:59 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dfcd84a6 by Salvatore Bonaccorso at 2025-11-27T15:52:30+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52,11 +52,11 @@ CVE-2025-64330 (Suricata is a network IDS, IPS and NSM engine developed by the O
 	NOTE: https://redmine.openinfosecfoundation.org/issues/8021
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/482e5eac9218d007adbe2410d6c00173368ce947 (suricata-8.0.2)
 CVE-2025-62593 (Ray is an AI compute engine. Prior to version 2.52.0, developers worki ...)
-	TODO: check
+	NOT-FOR-US: Ray
 CVE-2025-3784 (Cleartext Storage of Sensitive Information Vulnerability in GX Works2  ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2025-34351 (Anyscale Ray 2.52.0 contains an insecure default configuration in whic ...)
-	TODO: check
+	NOT-FOR-US: Ray
 CVE-2025-13762 (Improper Input Validation vulnerability in CyberArk CyberArk Secure We ...)
 	TODO: check
 CVE-2025-13680 (The Tiger theme for WordPress is vulnerable to Privilege Escalation in ...)
@@ -108,17 +108,17 @@ CVE-2024-5540 (The reflective cross-site scripting vulnerability found in ALC We
 CVE-2024-5539 (The Access Control Bypass vulnerability found in ALC WebCTRL and Carri ...)
 	NOT-FOR-US: Carrier Global
 CVE-2020-36874 (ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configura ...)
-	TODO: check
+	NOT-FOR-US: ACE SECURITY WIP-90113 HD cameras
 CVE-2020-36873 (Astak CM-818T3 2.4GHz wireless security surveillance cameras contain a ...)
-	TODO: check
+	NOT-FOR-US: Astak CM-818T3 2.4GHz wireless security surveillance cameras
 CVE-2020-36872 (BACnet Test Server versions up to and including 1.01 contains a remote ...)
-	TODO: check
+	NOT-FOR-US: BACnet Test Server
 CVE-2020-36871 (ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration  ...)
-	TODO: check
+	NOT-FOR-US: ESCAM QD-900 WIFI HD cameras
 CVE-2019-25227 (Tellion HN-2204AP routers contain an unauthenticated configuration dis ...)
-	TODO: check
+	NOT-FOR-US: Tellion HN-2204AP routers
 CVE-2019-25226 (Dongyoung Media DM-AP240T/W wireless access points contain an unauthen ...)
-	TODO: check
+	NOT-FOR-US: Dongyoung Media DM-AP240T/W wireless access points
 CVE-2025-40934 (XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML  ...)
 	NOT-FOR-US: XML-Sig Perl module
 CVE-2025-66270
@@ -532,7 +532,7 @@ CVE-2025-54341 (A vulnerability was found in the Application Server of Desktop A
 CVE-2025-54338 (An Incorrect Access Control vulnerability was found in the Application ...)
 	NOT-FOR-US: Desktop Alert PingAlert
 CVE-2025-52538 (Improper input validation within the XOCL driver may allow a local att ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-36150 (IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographi ...)
 	NOT-FOR-US: IBM
 CVE-2025-13644 (MongoDB Server may experience an invariant failure during batched dele ...)
@@ -606,9 +606,9 @@ CVE-2025-10646 (The Search Exclude plugin for WordPress is vulnerable to unautho
 CVE-2025-10144 (The Perfect Brands for WooCommerce plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0007 (Insufficient validation within Xilinx Run Time framework could allow a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-0003 (Inadequate lock protection within Xilinx Run time may allow a local at ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-47856 (In RSA Authentication Agent before 7.4.7, service paths and shortcut p ...)
 	NOT-FOR-US: RSA Authentication Agent
 CVE-2024-14007 (Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by  ...)
@@ -727,7 +727,7 @@ CVE-2025-56401 (ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceL
 CVE-2025-56400 (Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implement ...)
 	NOT-FOR-US: Tuya SDK
 CVE-2025-52539 (A buffer overflow with Xilinx Run Time Environment may allow a local a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-44018 (A firmware downgrade vulnerability exists in the OTA Update functional ...)
 	NOT-FOR-US: GL-Inet GL-AXT1800
 CVE-2025-41729 (An unauthenticated remote attacker can send a specially crafted Modbus ...)
@@ -781,7 +781,7 @@ CVE-2025-10555 (A stored Cross-site Scripting (XSS) vulnerability affecting Serv
 CVE-2025-10554 (A stored Cross-site Scripting (XSS) vulnerability affecting Requiremen ...)
 	NOT-FOR-US: Dassault Systemes
 CVE-2025-0005 (Improper input validation within the XOCL driver may allow a local att ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-59820 (In KDE Krita before 5.2.13, loading a manipulated TGA file could resul ...)
 	- krita 1:5.2.13+dfsg-1
 	NOTE: https://kde.org/info/security/advisory-20250929-1.txt
@@ -855,9 +855,9 @@ CVE-2025-12394 (The Backup Migration WordPress plugin before 2.0.0 does not prop
 CVE-2024-14015 (The WordPress eCommerce Plugin  WordPress plugin through 2.9.0 does no ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-54515 (The Secure Flag passed to Versal\u2122 Adaptive SoC\u2019s Arm\xae Tru ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-48507 (The security state of the calling processor into Arm\xae Trusted Firmw ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-13567 (A vulnerability was detected in itsourcecode COVID Tracking System 1.0 ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-13566 (A security vulnerability has been detected in jarun nnn up to 5.1. The ...)
@@ -907,9 +907,9 @@ CVE-2025-12561
 CVE-2025-12541
 	REJECTED
 CVE-2024-21923 (Incorrect default permissions in AMD StoreMI\u2122 could allow an atta ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-21922 (A DLL hijacking vulnerability in AMD StoreMI\u2122 could allow an atta ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-XXXX [Export data does not enforce access rights]
 	- tryton-server 7.0.40-1 (bug #1121243)
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue-14366/8953



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfcd84a6d45d555bcb2fa521ea9e7b0ed567649d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfcd84a6d45d555bcb2fa521ea9e7b0ed567649d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251127/624a12ef/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list