[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Oct 18 16:11:22 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c68d13e by Moritz Muehlenhoff at 2025-10-18T17:11:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,53 +1,53 @@
 CVE-2025-9562 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-62671 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension Cargo
 CVE-2025-62670 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension FlexDiagrams
 CVE-2025-62669 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension CentralAuth
 CVE-2025-62668 (Incorrect Default Permissions vulnerability in The Wikimedia Foundatio ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension GrowthExperiments
 CVE-2025-62667 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension GrowthExperiments
 CVE-2025-62666 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension CirrusSearch
 CVE-2025-62665 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki skin BlueSky
 CVE-2025-62664 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension ImageRating
 CVE-2025-62663 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension UploadWizard
 CVE-2025-62662 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension AdvancedSearch
 CVE-2025-62655 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension Cargo
 CVE-2025-62654 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension QuizGame
 CVE-2025-62653 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension PollNY
 CVE-2025-62652 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension WebAuthn
 CVE-2025-62651 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62650 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62649 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62648 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62647 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62646 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62645 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62644 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62643 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62642 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Brands International (RBI) assistant platform
 CVE-2025-62640
 	REJECTED
 CVE-2025-62639
@@ -67,11 +67,11 @@ CVE-2025-62633
 CVE-2025-62632
 	REJECTED
 CVE-2025-62515 (pyquokka is a framework for making data lakes work for time series. In ...)
-	TODO: check
+	NOT-FOR-US: pyquokka
 CVE-2025-62508 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki skin Citizen
 CVE-2025-5555 (A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to  ...)
-	TODO: check
+	NOT-FOR-US: Nixdorf WincorMediaWiki skin Citizen
 CVE-2025-40003 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	TODO: check
 CVE-2025-40002 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
@@ -79,13 +79,13 @@ CVE-2025-40002 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-40001 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	TODO: check
 CVE-2025-11937 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension SecurePoll
 CVE-2025-11914 (A vulnerability was found in Shenzhen Ruiming Technology Streamax Croc ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Ruiming Technology
 CVE-2025-11913 (A vulnerability has been found in Shenzhen Ruiming Technology Streamax ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Ruiming Technology
 CVE-2025-11912 (A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1 ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Ruiming Technology
 CVE-2025-11857 (The XX2WP Integration Tools plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11742 (The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c68d13e3349f01d7e03757a9cddb597c9f98631

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c68d13e3349f01d7e03757a9cddb597c9f98631
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251018/0141431b/attachment.htm>

More information about the debian-security-tracker-commits mailing list