[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Oct 23 22:21:18 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c9a76d8 by Salvatore Bonaccorso at 2025-10-23T23:20:49+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -160,15 +160,15 @@ CVE-2025-47699 (Exposure of Sensitive System Information to an Unauthorized Cont
 CVE-2025-41402 (Client-Side Enforcement of Server-Side Security (CWE-602) in the Comma ...)
 	NOT-FOR-US: Gallagher
 CVE-2025-41073 (Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Inte ...)
-	TODO: check
+	NOT-FOR-US: TESI Gandia Integra Total
 CVE-2025-40643 (Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by ...)
-	TODO: check
+	NOT-FOR-US: Energy CRM
 CVE-2025-35981 (Exposure of Private Personal Information to an Unauthorized Actor (CWE ...)
 	NOT-FOR-US: Gallagher
 CVE-2025-34156 (Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system inf ...)
-	TODO: check
+	NOT-FOR-US: Tibbo AggreGate Network Manager
 CVE-2025-34155 (Tibbo AggreGate Network Manager < 6.40.05 contains an observable respo ...)
-	TODO: check
+	NOT-FOR-US: Tibbo AggreGate Network Manager
 CVE-2025-23352 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
 	TODO: check
 CVE-2025-23347 (NVIDIA Project G-Assist contains a vulnerability where an attacker mig ...)
@@ -186,25 +186,25 @@ CVE-2025-12105 (A flaw was found in the asynchronous message queue handling of t
 CVE-2025-12104 (Outdated and Vulnerable UI Dependencies might potentially lead to expl ...)
 	NOT-FOR-US: Azure Access Technology
 CVE-2025-12044 (Vault and Vault Enterprise (\u201cVault\u201d) are vulnerable to an un ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2025-11621 (Vault and Vault Enterprise\u2019s (\u201cVault\u201d) AWS Auth method  ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2025-11575 (Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC  ...)
-	TODO: check
+	NOT-FOR-US: MongoDB Atlas SQL ODBC driver
 CVE-2025-11128 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11023 (Inclusion of Functionality from Untrusted Control Sphere, Improper Con ...)
-	TODO: check
+	NOT-FOR-US: AcBakImzala
 CVE-2025-10937 (Oxford Nanopore Technologies' MinKNOW software at or prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Oxford Nanopore Technologies MinKNOW
 CVE-2025-10914 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: OBS (Student Affairs Information System)
 CVE-2025-10727 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: AcBakImzala
 CVE-2025-10705 (The MxChat \u2013 AI Chatbot for WordPress plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10355 (Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnera ...)
-	TODO: check
+	NOT-FOR-US: MOLGENIS EMX2
 CVE-2024-14011
 	REJECTED
 CVE-2025-11989
@@ -774,7 +774,7 @@ CVE-2025-11867 (The Bg Book Publisher plugin for WordPress is vulnerable to Stor
 CVE-2025-11866 (The Photographers galleries plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11844 (Hugging Face Smolagents version 1.20.0 contains an XPath injection vul ...)
-	TODO: check
+	NOT-FOR-US: Hugging Face Smolagents
 CVE-2025-11834 (The WP AD Gallery plugin for WordPress is vulnerable to Stored Cross-S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11830 (The WP Restaurant Listings plugin for WordPress is vulnerable to Store ...)
@@ -804,7 +804,7 @@ CVE-2025-11807 (The Mixlr Shortcode plugin for WordPress is vulnerable to Stored
 CVE-2025-11804 (The JB News Ticker plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication mechanism rev ...)
-	TODO: check
+	NOT-FOR-US: langgenius/dify-web
 CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to ...)
 	- unbound 1.24.1-1
 	NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
@@ -816,7 +816,7 @@ CVE-2025-10138 (The This-or-That plugin for WordPress is vulnerable to Stored Cr
 CVE-2025-10047 (The Email Tracker \u2013 Email Log, Email Open Tracking, Email Analyti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2016-15048 (AMTT Hotel Broadband Operation System (HiBOS) contains an unauthentica ...)
-	TODO: check
+	NOT-FOR-US: AMTT Hotel Broadband Operation System (HiBOS)
 CVE-2023-53732 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.3.7-1
 	[bookworm] - linux 6.1.82-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c9a76d8f8e9c3df36a261304a37eb975e17a27c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c9a76d8f8e9c3df36a261304a37eb975e17a27c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251023/0878066f/attachment.htm>
