[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 3 14:24:42 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f71eef5a by Salvatore Bonaccorso at 2025-10-03T15:24:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -224,11 +224,11 @@ CVE-2025-56162 (YOSHOP 2.0 suffers from an unauthenticated SQL injection in the
 CVE-2025-56161 (YOSHOP 2.0 allows unauthenticated information disclosure via comment-l ...)
 	NOT-FOR-US: YOSHOP
 CVE-2025-56154 (htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /autho ...)
-	TODO: check
+	NOT-FOR-US: htmly
 CVE-2025-56019 (An insecure permission vulnerability exists in the Agasta Easytouch+ v ...)
 	NOT-FOR-US: Agasta Easytouch+
 CVE-2025-54468 (A vulnerability has been identified within Rancher Manager whereby `Im ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2025-54315 (The Matrix specification before 1.16 (i.e., with a room version before ...)
 	TODO: check
 CVE-2025-54293 (Path Traversal in the log file retrieval function in Canonical LXD 5.0 ...)
@@ -270,39 +270,39 @@ CVE-2025-53881 (A UNIX Symbolic Link (Symlink) Following vulnerability in logrot
 CVE-2025-49090 (The Matrix specification before 1.16 (i.e., with a room version before ...)
 	TODO: check
 CVE-2025-41064 (Incorrect authentication vulnerability in OpenSIAC, which could allow  ...)
-	TODO: check
+	NOT-FOR-US: OpenSIAC
 CVE-2025-41010 (Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberu ...)
-	TODO: check
+	NOT-FOR-US: Hiberus Sintra
 CVE-2025-40992 (Stored XSS vulnerability in Creativeitem Sociopro due to lack of prope ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Sociopro
 CVE-2025-40991 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creat ...)
-	TODO: check
+	NOT-FOR-US: Ekushey CRM
 CVE-2025-40990 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creat ...)
-	TODO: check
+	NOT-FOR-US: Ekushey CRM
 CVE-2025-40989 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creat ...)
-	TODO: check
+	NOT-FOR-US: Ekushey CRM
 CVE-2025-40646 (Exposure of sensitive information in Viday. This vulnerability could a ...)
-	TODO: check
+	NOT-FOR-US: Viday
 CVE-2025-40645 (Exposure of sensitive information in Viday. This vulnerability could a ...)
-	TODO: check
+	NOT-FOR-US: Viday
 CVE-2025-34210 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
-	TODO: check
+	NOT-FOR-US: Vasion Print (formerly PrinterLogic)
 CVE-2025-34208 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
-	TODO: check
+	NOT-FOR-US: Vasion Print (formerly PrinterLogic)
 CVE-2025-32942 (SSH Tectia Server before 6.6.6 sometimes allows attackers to read and  ...)
-	TODO: check
+	NOT-FOR-US: SSH Tectia Server
 CVE-2025-22862 (AnAuthentication Bypass Using an Alternate Path or Channel vulnerabili ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-11240 (An open redirect vulnerability existed in KNIME Business Hub prior to  ...)
-	TODO: check
+	NOT-FOR-US: KNIME
 CVE-2025-11239 (Potentially sensitive information in jobs on KNIME Business Hub prior  ...)
-	TODO: check
+	NOT-FOR-US: KNIME
 CVE-2025-0642 (Use of Hard-coded Credentials, Authorization Bypass Through User-Contr ...)
-	TODO: check
+	NOT-FOR-US: PosCube Hardware Software and Consulting Ltd. Co. Assist
 CVE-2024-58267 (A vulnerability has been identified within Rancher Manager whereby the ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2024-58260 (A vulnerability has been identified within Rancher Manager where a mis ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2025-61642 [Escape submit button label for Codex-based HTMLForms]
 	- mediawiki <unfixed>
 	[bookworm] - mediawiki <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71eef5a589b6ee29c6ecfa43c563d765687f1b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71eef5a589b6ee29c6ecfa43c563d765687f1b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251003/90dc3d6c/attachment.htm>

More information about the debian-security-tracker-commits mailing list