[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 17 22:20:18 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5f81fd2 by Salvatore Bonaccorso at 2025-10-17T23:19:54+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -56,11 +56,11 @@ CVE-2025-57164 (Flowise through v3.0.4 is vulnerable to remote code execution vi
 CVE-2025-56320 (Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored ...)
 	NOT-FOR-US: Enterprise Contract Management Portal
 CVE-2025-56316 (A SQL injection vulnerability in the content_title parameter of the /c ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2025-56221 (A lack of rate limiting in the login mechanism of SigningHub v8.6.8 al ...)
-	TODO: check
+	NOT-FOR-US: SigningHub
 CVE-2025-56218 (An arbitrary file upload vulnerability in SigningHub v8.6.8 allows att ...)
-	TODO: check
+	NOT-FOR-US: SigningHub
 CVE-2025-55085 (In NextX Duo before 6.4.4, in the HTTP client module, the network supp ...)
 	NOT-FOR-US: Eclipse
 CVE-2025-49655 (Deserialization of untrusted data can occur in versions of the Keras f ...)
@@ -69,11 +69,11 @@ CVE-2025-49655 (Deserialization of untrusted data can occur in versions of the K
 CVE-2025-48087 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48044 (Incorrect Authorization vulnerability in ash-project ash allows Authen ...)
-	TODO: check
+	NOT-FOR-US: ash-project ash
 CVE-2025-34282 (ThingsBoard versions < 4.2.1 contain a server-side request forgery (SS ...)
-	TODO: check
+	NOT-FOR-US: ThingsBoard
 CVE-2025-34281 (ThingsBoard versions < 4.2.1 contain a stored cross-site scripting (XS ...)
-	TODO: check
+	NOT-FOR-US: ThingsBoard
 CVE-2025-26625 (Git LFS is a Git extension for versioning large files. In Git LFS vers ...)
 	- git-lfs <unfixed>
 	NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5
@@ -81,23 +81,23 @@ CVE-2025-26625 (Git LFS is a Git extension for versioning large files. In Git LF
 	NOTE: https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8 (main)
 	NOTE: https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615 (main)
 CVE-2025-11925 (Incorrect Content-Type header in one of the APIs (`text/html` instead  ...)
-	TODO: check
+	NOT-FOR-US: BLU-IC2 and BLU-IC4
 CVE-2025-11911 (A vulnerability was detected in Shenzhen Ruiming Technology Streamax C ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Ruiming Technology Streamax Crocus
 CVE-2025-11910 (A security vulnerability has been detected in Shenzhen Ruiming Technol ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Ruiming Technology Streamax Crocus
 CVE-2025-11909 (A weakness has been identified in Shenzhen Ruiming Technology Streamax ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Ruiming Technology Streamax Crocus
 CVE-2025-11908 (A security flaw has been discovered in Shenzhen Ruiming Technology Str ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Ruiming Technology Streamax Crocus
 CVE-2025-11905 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vu ...)
-	TODO: check
+	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2025-11904 (A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. Th ...)
-	TODO: check
+	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2025-11903 (A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by ...)
-	TODO: check
+	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2025-11902 (A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affe ...)
-	TODO: check
+	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2025-11895 (The Binary MLM Plan plugin for WordPress is vulnerable to insecure dir ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-31573 (XMLUnit for Java before 2.10.0, in the default configuration, might al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f81fd27195f1b56028617cd6b15c0975d66a40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f81fd27195f1b56028617cd6b15c0975d66a40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251017/1132ecc5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list