[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 2 05:05:30 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1ff58da by Salvatore Bonaccorso at 2025-10-02T06:05:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2025-9512 (The Schema & Structured Data for WP & AMP WordPress plugin before
 CVE-2025-9075 (The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8679 (In ExtremeGuest Essentials before 25.5.0, captive-portal may permit un ...)
-	TODO: check
+	NOT-FOR-US: ExtremeGuest Essentials
 CVE-2025-61792 (Quadient DS-700 iQ devices through 2025-09-30 might have a race condit ...)
-	TODO: check
+	NOT-FOR-US: Quadient DS-700 iQ devices
 CVE-2025-61722
 	REJECTED
 CVE-2025-61721
@@ -29,23 +29,23 @@ CVE-2025-61622 (Deserialization of untrusted data inpython in pyforyversions 0.1
 CVE-2025-61596
 	REJECTED
 CVE-2025-61189 (Jeecgboot versions 3.8.2 and earlier are affected by a path traversal  ...)
-	TODO: check
+	NOT-FOR-US: Jeecgboot
 CVE-2025-61188 (Jeecgboot versions 3.8.2 and earlier are affected by a path traversal  ...)
-	TODO: check
+	NOT-FOR-US: Jeecgboot
 CVE-2025-61045 (TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a comma ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-61044 (TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a comma ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-60991 (A reflected cross-site scripted (XSS) vulnerability in Codazon Magento ...)
-	TODO: check
+	NOT-FOR-US: Codazon Magento Themes
 CVE-2025-59687 (IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference att ...)
-	TODO: check
+	NOT-FOR-US: IMPAQTR Aurora
 CVE-2025-59686 (Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls w ...)
-	TODO: check
+	NOT-FOR-US: Kazaar
 CVE-2025-59685 (Kazaar 1.25.12 allows a JWT with none in the alg field.)
-	TODO: check
+	NOT-FOR-US: Kazaar
 CVE-2025-59684 (DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.)
-	TODO: check
+	NOT-FOR-US: DigiSign DigiSigner ONE
 CVE-2025-59149 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
 	TODO: check
 CVE-2025-59148 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
@@ -53,33 +53,33 @@ CVE-2025-59148 (Suricata is a network IDS, IPS and NSM engine developed by the O
 CVE-2025-59147 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
 	TODO: check
 CVE-2025-58769 (auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In v ...)
-	TODO: check
+	NOT-FOR-US: auth0-PHP
 CVE-2025-58055 (Discourse is an open-source community discussion platform. In versions ...)
 	NOT-FOR-US: Discourse
 CVE-2025-58054 (Discourse is an open-source community discussion platform. Versions 3. ...)
 	NOT-FOR-US: Discourse
 CVE-2025-57444 (An authenticated cross-site scripting (XSS) vulnerability in the Admin ...)
-	TODO: check
+	NOT-FOR-US: Radware AlteonOS Web UI Management
 CVE-2025-57393 (A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow ...)
-	TODO: check
+	NOT-FOR-US: Kissflow
 CVE-2025-57275 (Storage Performance Development Kit (SPDK) 25.05 is vulnerable to Buff ...)
-	TODO: check
+	NOT-FOR-US: Storage Performance Development Kit (SPDK)
 CVE-2025-56588 (Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code ex ...)
 	TODO: check
 CVE-2025-56515 (File upload vulnerability in Fiora chat application 1.0.0 through user ...)
-	TODO: check
+	NOT-FOR-US: Fiora chat application
 CVE-2025-56514 (Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Fiora chat application
 CVE-2025-55191 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2025-52042 (In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier()  ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-52041 (In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erp ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-52040 (In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnex ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-52039 (In Frappe ERPNext 15.57.5, the function get_material_requests_based_on ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-46205 (A heap-use-after free in the PdfTokenizer::ReadDictionary function of  ...)
 	TODO: check
 CVE-2025-43826 (Stored cross-site scripting (XSS) vulnerabilities in Web Content trans ...)
@@ -89,15 +89,15 @@ CVE-2025-43718 (Poppler 24.06.1 through 25.x before 25.04.0 allows stack consump
 CVE-2025-41421 (Improper handling of symbolic links in the TeamViewer Full Client and  ...)
 	NOT-FOR-US: TeamViewer
 CVE-2025-40648 (Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, con ...)
-	TODO: check
+	NOT-FOR-US: Issabel
 CVE-2025-40647 (Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, con ...)
-	TODO: check
+	NOT-FOR-US: Issabel
 CVE-2025-34182 (In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Device ...)
 	TODO: check
 CVE-2025-28357 (A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 a ...)
-	TODO: check
+	NOT-FOR-US: Neto CMS
 CVE-2025-24525 (Keysight Ixia Vision has an issue with hardcoded cryptographic materia ...)
-	TODO: check
+	NOT-FOR-US: Keysight Ixia
 CVE-2025-20371 (In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, an ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20370 (In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, a ...)
@@ -113,9 +113,9 @@ CVE-2025-20366 (In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and
 CVE-2025-20361 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20357 (A vulnerability in the web-based management interface of Cisco Cyber V ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20356 (A vulnerability in the web-based management interface of Cisco Cyber V ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-11233 (Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin ta ...)
 	TODO: check
 CVE-2025-11226 (ACE vulnerability in conditional configuration file processing  by QOS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1ff58da4f4e3adce85c8d7df3d2a667252c6dab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1ff58da4f4e3adce85c8d7df3d2a667252c6dab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251002/948cad0a/attachment.htm>

More information about the debian-security-tracker-commits mailing list