[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 27 20:31:07 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4200536 by Salvatore Bonaccorso at 2025-10-27T21:29:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-9164 (Docker Desktop Installer.exe is vulnerable to DLL hijacking due t
 CVE-2025-8432 (Incorrect Default Permissions vulnerability in Centreon Infra Monitori ...)
 	NOT-FOR-US: Centreon
 CVE-2025-62516 (Landlord Onboarding & Rental Signup introduces the landlord onboarding ...)
-	TODO: check
+	NOT-FOR-US: Landlord Onboarding & Rental Signup
 CVE-2025-62263 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal  ...)
 	NOT-FOR-US: Liferay
 CVE-2025-62253 (Open redirect vulnerability in page administration in Liferay Portal 7 ...)
@@ -11,13 +11,13 @@ CVE-2025-62253 (Open redirect vulnerability in page administration in Liferay Po
 CVE-2025-61795 (Improper Resource Shutdown or Release vulnerability in Apache Tomcat.  ...)
 	TODO: check
 CVE-2025-61482 (Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyID ...)
-	TODO: check
+	NOT-FOR-US: NetKnights GmbH privacyIDEA Authenticator
 CVE-2025-61481 (An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a re ...)
 	NOT-FOR-US: MikroTik
 CVE-2025-61385 (SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote atta ...)
-	TODO: check
+	NOT-FOR-US: tlocke pg8000
 CVE-2025-61247 (indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: indieka900 online-shopping-system-php
 CVE-2025-61105 (FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NU ...)
 	- frr <unfixed>
 	NOTE: https://github.com/FRRouting/frr/issues/19471
@@ -39,17 +39,17 @@ CVE-2025-61099 (FRRouting/frr from v2.0 through v10.4.1 was discovered to contai
 	NOTE: https://github.com/FRRouting/frr/issues/19471
 	NOTE: https://github.com/FRRouting/frr/pull/19480
 CVE-2025-60983 (Reflected Cross Site Scripting vulnerability in Rubikon Banking Soluti ...)
-	TODO: check
+	NOT-FOR-US: Rubikon Banking Solution
 CVE-2025-60982 (IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized ...)
-	TODO: check
+	NOT-FOR-US: Educare ERP
 CVE-2025-60791 (Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Se ...)
-	TODO: check
+	NOT-FOR-US: Easywork Enterprise
 CVE-2025-60425 (Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existi ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2025-60424 (A lack of rate limiting in the OTP verification component of Nagios Fu ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2025-60291 (An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). Th ...)
-	TODO: check
+	NOT-FOR-US: eTimeTrackLite Web
 CVE-2025-59463 (An attacker may cause chunk-size mismatches that block file transfers  ...)
 	NOT-FOR-US: SICK AG
 CVE-2025-59462 (An attacker who tampers with the C++ CLI client may crash the UpdateSe ...)
@@ -61,7 +61,7 @@ CVE-2025-59460 (The system is deployed in its default state, with configuration
 CVE-2025-59459 (An attacker that gains SSH access to an unprivileged account may be ab ...)
 	NOT-FOR-US: SICK AG
 CVE-2025-59151 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2025-58356 (Constellation is the first Confidential Kubernetes. The Constellation  ...)
 	TODO: check
 CVE-2025-55754 (Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...)
@@ -69,23 +69,23 @@ CVE-2025-55754 (Improper Neutralization of Escape, Meta, or Control Sequences vu
 CVE-2025-55752 (Relative Path Traversal vulnerability in Apache Tomcat.  The fix for b ...)
 	TODO: check
 CVE-2025-54970 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP ...)
-	TODO: check
+	NOT-FOR-US: BAE SOCET GXP
 CVE-2025-54969 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP ...)
-	TODO: check
+	NOT-FOR-US: BAE SOCET GXP
 CVE-2025-54968 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP ...)
-	TODO: check
+	NOT-FOR-US: BAE SOCET GXP
 CVE-2025-54967 (An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits ex ...)
-	TODO: check
+	NOT-FOR-US: BAE SOCET GXP
 CVE-2025-54965 (An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET ...)
-	TODO: check
+	NOT-FOR-US: BAE SOCET GXP
 CVE-2025-53533 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2025-52268 (StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: StarCharge Artemis AC Charger
 CVE-2025-52264 (StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: StarCharge Artemis AC Charger
 CVE-2025-52263 (An issue in the Web Configuration module of Startcharge Artemis AC Cha ...)
-	TODO: check
+	NOT-FOR-US: StarCharge Artemis AC Charger
 CVE-2025-50055 (Cross-site scripting (XSS) vulnerability in the SAML Authentication mo ...)
 	TODO: check
 CVE-2025-46602 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an ...)
@@ -95,13 +95,13 @@ CVE-2025-46583 (There is a Denial of Service\uff08DoS\uff09vulnerability in the
 CVE-2025-46582 (A private key disclosure vulnerability exists in ZTE's ZXMP M721 produ ...)
 	NOT-FOR-US: ZTE
 CVE-2025-41384 (Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1 ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-41068 (Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allow ...)
 	TODO: check
 CVE-2025-41067 (Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allow ...)
 	TODO: check
 CVE-2025-41009 (SQL injection vulnerability in the DRED virtual campus platform. This  ...)
-	TODO: check
+	NOT-FOR-US: DRED virtual campus platform
 CVE-2025-36170 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is ...)
 	NOT-FOR-US: IBM
 CVE-2025-36138 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is ...)
@@ -113,17 +113,17 @@ CVE-2025-36007 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix
 CVE-2025-34292 (Rox, the software running BeWelcome,contains a PHP object injection vu ...)
 	TODO: check
 CVE-2025-34133 (Wimi Teamwork versions prior to 7.38.17 contains a cross-site request  ...)
-	TODO: check
+	NOT-FOR-US: Wimi Teamwork
 CVE-2025-32785 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2025-27225 (TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp ...)
-	TODO: check
+	NOT-FOR-US: TRUfusion Enterprise
 CVE-2025-27224 (TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileup ...)
-	TODO: check
+	NOT-FOR-US: TRUfusion Enterprise
 CVE-2025-27223 (TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID a ...)
-	TODO: check
+	NOT-FOR-US: TRUfusion Enterprise
 CVE-2025-27222 (TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCob ...)
-	TODO: check
+	NOT-FOR-US: TRUfusion Enterprise
 CVE-2025-26862 (Unexpected authentication form rendering in HTML Form Adapter using on ...)
 	TODO: check
 CVE-2025-12365 (Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: thro ...)
@@ -139,7 +139,7 @@ CVE-2025-12312 (A flaw has been found in PHPGurukul Curfew e-Pass Management Sys
 CVE-2025-12311 (A vulnerability was detected in PHPGurukul Curfew e-Pass Management Sy ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-12310 (A security vulnerability has been detected in VirtFusion up to 6.0.2.  ...)
-	TODO: check
+	NOT-FOR-US: VirtFusion
 CVE-2025-12309 (A weakness has been identified in code-projects Nero Social Networking ...)
 	NOT-FOR-US: code-projects
 CVE-2025-12308 (A security flaw has been discovered in code-projects Nero Social Netwo ...)
@@ -149,9 +149,9 @@ CVE-2025-12307 (A vulnerability was identified in code-projects Nero Social Netw
 CVE-2025-12306 (A vulnerability was determined in code-projects Nero Social Networking ...)
 	NOT-FOR-US: code-projects
 CVE-2025-12305 (A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This i ...)
-	TODO: check
+	NOT-FOR-US: quequnlong shiyi-blog
 CVE-2025-12304 (A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to f ...)
-	TODO: check
+	NOT-FOR-US: dulaiduwang003 TIME-SEA-PLUS
 CVE-2025-12303 (A flaw has been found in PHPGurukul Curfew e-Pass Management System 1. ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-12302 (A vulnerability was detected in code-projects Simple Food Ordering Sys ...)
@@ -165,7 +165,7 @@ CVE-2025-12299 (A security flaw has been discovered in code-projects Simple Food
 CVE-2025-12298 (A vulnerability was identified in code-projects Simple Food Ordering S ...)
 	NOT-FOR-US: code-projects
 CVE-2025-12297 (A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects  ...)
-	TODO: check
+	NOT-FOR-US: atjiu pybbs
 CVE-2025-12296 (A security vulnerability has been detected in D-Link DAP-2695 2.00RC13 ...)
 	NOT-FOR-US: D-Link
 CVE-2025-12295 (A weakness has been identified in D-Link DAP-2695 2.00RC13. The affect ...)
@@ -177,7 +177,7 @@ CVE-2025-12293 (A vulnerability was identified in SourceCodester Point of Sales
 CVE-2025-12292 (A vulnerability was determined in SourceCodester Point of Sales 1.0. T ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-12291 (A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzu ...)
-	TODO: check
+	NOT-FOR-US: ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System
 CVE-2025-12290 (A vulnerability has been found in Sui Shang Information Technology Sui ...)
 	TODO: check
 CVE-2025-12289 (A flaw has been found in Sui Shang Information Technology Suishang Ent ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4200536d21f80bb2fc988f2f3c97ab9a2579d41

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4200536d21f80bb2fc988f2f3c97ab9a2579d41
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251027/47c03c7e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list