[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 11 09:55:17 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0bffab6a by Salvatore Bonaccorso at 2025-09-11T10:54:45+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-9918 (A Path Traversal vulnerability in the archive extraction component in  ...)
-	TODO: check
+	NOT-FOR-US: Google SecOps SOAR Server
 CVE-2025-9910 (Versions of the package jsondiffpatch before 0.7.2 are vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: jsondiffpatch
 CVE-2025-9874 (The Ultimate Classified Listings plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9861 (The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cro ...)
@@ -93,27 +93,27 @@ CVE-2025-5801 (The Digital Events Calendar plugin for WordPress is vulnerable to
 CVE-2025-59052 (Angular is a development platform for building mobile and desktop web  ...)
 	TODO: check
 CVE-2025-10247 (A security vulnerability has been detected in JEPaaS 7.2.8. This vulne ...)
-	TODO: check
+	NOT-FOR-US: JEPaaS
 CVE-2025-10246 (A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited- ...)
-	TODO: check
+	NOT-FOR-US: lokibhardwaj PHP-Code-For-Unlimited-File-Upload
 CVE-2025-10245 (A security flaw has been discovered in Display Pain\xe9is TGA up to 7. ...)
-	TODO: check
+	NOT-FOR-US: Display Paineis TGA
 CVE-2025-10236 (A vulnerability has been found in binary-husky gpt_academic up to 3.91 ...)
-	TODO: check
+	NOT-FOR-US: binary-husky gpt_academic
 CVE-2025-10235 (A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects s ...)
-	TODO: check
+	NOT-FOR-US: Scada-LTS
 CVE-2025-10234 (A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Scada-LTS
 CVE-2025-10233 (A security vulnerability has been detected in kalcaddle kodbox 1.61. T ...)
-	TODO: check
+	NOT-FOR-US: kalcaddle kodbox
 CVE-2025-10232 (A weakness has been identified in 299ko up to 2.0.0. Affected by this  ...)
-	TODO: check
+	NOT-FOR-US: 299ko
 CVE-2025-10229 (A vulnerability has been found in Freshwork up to 1.2.3. This impacts  ...)
-	TODO: check
+	NOT-FOR-US: Freshwork
 CVE-2025-10218 (A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the fu ...)
-	TODO: check
+	NOT-FOR-US: lostvip-com ruoyi-go
 CVE-2025-10216 (A vulnerability was detected in GrandNode up to 2.3.0. The impacted el ...)
-	TODO: check
+	NOT-FOR-US: GrandNode
 CVE-2025-0763 (The Ultimate Classified Listings plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9997 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
@@ -217,7 +217,7 @@ CVE-2025-57520 (A Cross Site Scripting (XSS) vulnerability exists in Decap CMS t
 CVE-2025-57392 (BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The  ...)
 	NOT-FOR-US: BenimPOS Masaustu
 CVE-2025-56578 (An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensi ...)
-	TODO: check
+	NOT-FOR-US: RTSPtoWeb (not the python client library for RTSPtoWeb and RTSPtoWebRTC)
 CVE-2025-56466 (Hardcoded credentials in Dietly v1.25.0 for android allows attackers t ...)
 	TODO: check
 CVE-2025-56413 (OS Command injection vulnerability in function OperateSSH in 1panel 2. ...)
@@ -349,11 +349,11 @@ CVE-2025-10220 (Use of Unmaintained Third Party Components (CWE-1104) in the NuG
 CVE-2025-10219
 	REJECTED
 CVE-2025-10215 (DLL search path hijacking vulnerability in the UPDF.exe executable for ...)
-	TODO: check
+	NOT-FOR-US: UPDF
 CVE-2025-10214 (DLL search path hijacking vulnerability in the UPDF.exe executable for ...)
-	TODO: check
+	NOT-FOR-US: UPDF
 CVE-2025-10213 (DLL search path hijacking vulnerability in the UPDF.exe executable for ...)
-	TODO: check
+	NOT-FOR-US: UPDF
 CVE-2025-10211 (A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3 ...)
 	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2025-10210 (A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Im ...)
@@ -365,13 +365,13 @@ CVE-2025-10197 (A vulnerability was found in HJSoft HCM Human Resources Manageme
 CVE-2025-10195 (A vulnerability has been found in Seismic App 2.4.2 on Android. Affect ...)
 	NOT-FOR-US: Seismic App
 CVE-2025-10172 (A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affec ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2025-10171 (A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vu ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2025-10170 (A security vulnerability has been detected in UTT 1200GW up to 3.0.0-1 ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2025-10169 (A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affec ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2025-10159 (An authentication bypass vulnerability allows remote attackers to gain ...)
 	NOT-FOR-US: Sophos
 CVE-2025-10142 (The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bffab6a0f30c1fee1efa4fc6d8082f305076978

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bffab6a0f30c1fee1efa4fc6d8082f305076978
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250911/c979f20c/attachment.htm>

More information about the debian-security-tracker-commits mailing list