[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 10 21:25:26 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e27df84b by Salvatore Bonaccorso at 2025-09-10T22:24:59+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,9 +17,9 @@ CVE-2025-9367 (The Welcart e-Commerce plugin for WordPress is vulnerable to Stor
 CVE-2025-8778 (The NitroPack plugin for WordPress is vulnerable to unauthorized modif ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8696 (If an unauthenticated user sends a large amount of data to the Stork U ...)
-	TODO: check
+	NOT-FOR-US: Stork UI
 CVE-2025-8681 (Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stor ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2025-8388 (The PowerPack Elementor Addons (Free Widgets, Extensions and Templates ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7843 (The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerabl ...)
@@ -35,45 +35,45 @@ CVE-2025-7049 (The WPGYM - Wordpress Gym Management System plugin for WordPress
 CVE-2025-6189 (The Duplicate Page and Post plugin for WordPress is vulnerable to time ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-59049 (Mockoon provides way to design and run mock APIs. Prior to version 9.2 ...)
-	TODO: check
+	NOT-FOR-US: Mockoon
 CVE-2025-59046 (The npm package `interactive-git-checkout` is an interactive command-l ...)
 	TODO: check
 CVE-2025-59045 (Stalwart is a mail and collaboration server. Starting in version 0.12. ...)
 	TODO: check
 CVE-2025-59044 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
-	TODO: check
+	NOT-FOR-US: Himmelblau
 CVE-2025-59042 (PyInstaller bundles a Python application and all its dependencies into ...)
 	TODO: check
 CVE-2025-59041 (Claude Code is an agentic coding tool. At startup, Claude Code execute ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2025-59039 (Prebid Universal Creative (PUC) is a JavaScript API to render multiple ...)
-	TODO: check
+	NOT-FOR-US: Prebid Universal Creative (PUC)
 CVE-2025-59038 (Prebid.js is a free and open source library for publishers to quickly  ...)
-	TODO: check
+	NOT-FOR-US: Prebid.js
 CVE-2025-59037 (DuckDB is an analytical in-process SQL database management system. On  ...)
 	TODO: check
 CVE-2025-59036 (Infrahub offers a central hub to manage data, templates, and playbooks ...)
-	TODO: check
+	NOT-FOR-US: Infrahub
 CVE-2025-59035 (Indico is an event management system that uses Flask-Multipass, a mult ...)
-	TODO: check
+	NOT-FOR-US: Indico
 CVE-2025-59034 (Indico is an event management system that uses Flask-Multipass, a mult ...)
-	TODO: check
+	NOT-FOR-US: Indico
 CVE-2025-58768 (DeepChat is a smart assistant uses artificial intelligence. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: DeepChat
 CVE-2025-58765 (wabac.js provides a full web archive replay system, or 'wayback machin ...)
 	TODO: check
 CVE-2025-58764 (Claude Code is an agentic coding tool. Due to an error in command pars ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2025-58763 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2025-58750 (rAthena is an open-source cross-platform massively multiplayer online  ...)
-	TODO: check
+	NOT-FOR-US: rAthena
 CVE-2025-58462 (OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 al ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS FOIAXpress
 CVE-2025-58448 (rAthena is an open-source cross-platform massively multiplayer online  ...)
-	TODO: check
+	NOT-FOR-US: rAthena
 CVE-2025-58447 (rAthena is an open-source cross-platform massively multiplayer online  ...)
-	TODO: check
+	NOT-FOR-US: rAthena
 CVE-2025-58135 (Improper action enforcement in certain Zoom Workplace Clients for Wind ...)
 	NOT-FOR-US: Zoom
 CVE-2025-58134 (Incorrect authorization in certain Zoom Workplace Clients for Windows  ...)
@@ -81,7 +81,7 @@ CVE-2025-58134 (Incorrect authorization in certain Zoom Workplace Clients for Wi
 CVE-2025-58131 (Race condition in the Zoom Workplace VDI Plugin macOS Universal instal ...)
 	NOT-FOR-US: Zoom
 CVE-2025-57642 (A Shell Upload vulnerability in Tourism Management System 2.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: Tourism Management System
 CVE-2025-57633 (A command injection vulnerability in FTP-Flask-python through 5173b68  ...)
 	TODO: check
 CVE-2025-57573 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
@@ -95,9 +95,9 @@ CVE-2025-57570 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Ov
 CVE-2025-57569 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
 	NOT-FOR-US: Tenda
 CVE-2025-57520 (A Cross Site Scripting (XSS) vulnerability exists in Decap CMS thru 3. ...)
-	TODO: check
+	NOT-FOR-US: Decap CMS
 CVE-2025-57392 (BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The  ...)
-	TODO: check
+	NOT-FOR-US: BenimPOS Masaustu
 CVE-2025-56578 (An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensi ...)
 	TODO: check
 CVE-2025-56466 (Hardcoded credentials in Dietly v1.25.0 for android allows attackers t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27df84b29b11cc10b10e3fc0b1fd28c101f6367

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27df84b29b11cc10b10e3fc0b1fd28c101f6367
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250910/04cad198/attachment.htm>

More information about the debian-security-tracker-commits mailing list