[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 31 20:29:31 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1fcaa198 by Salvatore Bonaccorso at 2025-10-31T21:29:09+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,17 +61,17 @@ CVE-2025-64351 (Insertion of Sensitive Information Into Sent Data vulnerability
 CVE-2025-64350 (Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64349 (ELOG allows an authenticated user to modify another user's profile. An ...)
-	TODO: check
+	NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2025-64348 (ELOG allows an authenticated user to modify or overwrite the configura ...)
-	TODO: check
+	NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2025-64168 (Agno is a multi-agent framework, runtime and control plane. From 2.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Agno
 CVE-2025-63675 (cryptidy through 1.2.4 allows code execution via untrusted data becaus ...)
-	TODO: check
+	NOT-FOR-US: cryptidy
 CVE-2025-63562 (Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Summer Pearl Group Vacation Rental Management Platform
 CVE-2025-63561 (Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2  ...)
-	TODO: check
+	NOT-FOR-US: Summer Pearl Group Vacation Rental Management Platform
 CVE-2025-63469 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-63468 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
@@ -99,7 +99,7 @@ CVE-2025-63458 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflo
 CVE-2025-63454 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow  ...)
 	NOT-FOR-US: Tenda
 CVE-2025-62618 (ELOG allows an authenticated user to upload arbitrary HTML files. The  ...)
-	TODO: check
+	NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2025-62267 (Multiple cross-site scripting (XSS) vulnerabilities in web content tem ...)
 	NOT-FOR-US: Liferay
 CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in Languauge Overri ...)
@@ -107,19 +107,19 @@ CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in Languauge
 CVE-2025-62232 (Sensitive data exposure via logging in basic-auth leads to plaintext u ...)
 	TODO: check
 CVE-2025-61427 (A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO A ...)
-	TODO: check
+	NOT-FOR-US: BEO GmbH BEO Atlas Einfuhr Ausfuhr
 CVE-2025-61141 (sqls-server/sqls 0.2.28 is vulnerable to command injection in the conf ...)
-	TODO: check
+	NOT-FOR-US: sqls-server/sqls
 CVE-2025-60749 (DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via craft ...)
-	TODO: check
+	NOT-FOR-US: Trimble SketchUp desktop
 CVE-2025-60711 (Protection mechanism failure in Microsoft Edge (Chromium-based) allows ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-5397 (The Noo JobMonster theme for WordPress is vulnerable to Authentication ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-59501 (Authentication bypass by spoofing in Microsoft Configuration Manager a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-58152 (FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put ...)
-	TODO: check
+	NOT-FOR-US: Century Systems
 CVE-2025-57108 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use- ...)
 	TODO: check
 CVE-2025-57107 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buff ...)
@@ -127,7 +127,7 @@ CVE-2025-57107 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a hea
 CVE-2025-57106 (Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffe ...)
 	TODO: check
 CVE-2025-54763 (FutureNet MA and IP-K series provided by Century Systems Co., Ltd. con ...)
-	TODO: check
+	NOT-FOR-US: Century Systems
 CVE-2025-52665 (A malicious actor with access to the management network could exploit  ...)
 	TODO: check
 CVE-2025-52664 (SQL injection in Revive Adserver 6.0.0 causes potential disruption or  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fcaa19850c04ca8213daa07d1b2a5fe5d4c60ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fcaa19850c04ca8213daa07d1b2a5fe5d4c60ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251031/c1f4402e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list