[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19e49c21 by Moritz Muehlenhoff at 2025-10-21T23:57:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -110,7 +110,7 @@ CVE-2025-61457 (code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS)
 CVE-2025-61255 (Bank Locker Management System by PHPGurukul is affected by a Cross-Sit ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-61220 (The incomplete verification mechanism in the AutoBizLine com.mysecondl ...)
-	TODO: check
+	NOT-FOR-US: AutoBizLine com.mysecondline.app
 CVE-2025-61194 (daicuocms V1.3.13 contains a SQL injection vulnerability in the file l ...)
 	NOT-FOR-US: daicuocms
 CVE-2025-61181 (daicuocms V1.3.13 contains an arbitrary file upload vulnerability in t ...)
@@ -257,23 +257,23 @@ CVE-2025-12031 (HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Att
 CVE-2025-12024
 	REJECTED
 CVE-2025-11757 (The CloudEdge Cloud does not sanitize the MQTT topic input, which coul ...)
-	TODO: check
+	NOT-FOR-US: CloudEdge
 CVE-2025-11625 (Improper host authentication vulnerability in wolfSSH version 1.4.20 a ...)
-	TODO: check
+	- wolfssh <itp> (bug #983449)
 CVE-2025-11624 (Potential stack buffer overwrite on the SFTP server side when receivin ...)
-	TODO: check
+	- wolfssh <itp> (bug #983449)
 CVE-2025-11534 (The affected Raisecom devices allow SSH sessions to be established wit ...)
-	TODO: check
+	NOT-FOR-US: Raisecom
 CVE-2025-11151 (Exposure of Sensitive Information to an Unauthorized Actor, Exposure o ...)
-	TODO: check
+	NOT-FOR-US: Beyaz Bilgisayar Software
 CVE-2025-10641 (All WorkExaminer Professional traffic between monitoring client, conso ...)
-	TODO: check
+	NOT-FOR-US: WorkExaminer Professional
 CVE-2025-10640 (An unauthenticated attacker with access to TCP port 12306 of the WorkE ...)
-	TODO: check
+	NOT-FOR-US: WorkExaminer Professional
 CVE-2025-10639 (The WorkExaminer Professional server installation comes with an FTP se ...)
-	TODO: check
+	NOT-FOR-US: WorkExaminer Professional
 CVE-2025-10612 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: giSoft Information Technologies City Guide
 CVE-2025-10020 (Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerabl ...)
 	NOT-FOR-US: Zoho
 CVE-2022-4981 (A vulnerability was detected in DCMTK up to 3.6.7. The impacted elemen ...)
@@ -357,7 +357,7 @@ CVE-2025-11536 (The Element Pack Addons for Elementor plugin for WordPress is vu
 CVE-2025-10916 (The FormGent  WordPress plugin before 1.0.4 is vulnerable to arbitrary ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2018-25118 (GeoVision embedded IP devices, confirmed onGV-BX1500 andGV-MFD1501, co ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2025-9574 (Missing Authentication for Critical Function vulnerability in ABB ALS- ...)
 	NOT-FOR-US: ABB group
 CVE-2025-8884 (Authorization Bypass Through User-Controlled Key vulnerability in VHS  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19e49c21100f1b92c80a4064cc7d014ccc5ef8e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19e49c21100f1b92c80a4064cc7d014ccc5ef8e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/2cb24ab5/attachment-0001.htm>