[Git][security-tracker-team/security-tracker][master] Process some new NFUs

Tue Sep 16 09:24:08 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a88b99d6 by Salvatore Bonaccorso at 2025-09-16T10:23:34+02:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,29 +5,29 @@ CVE-2025-6999 (An HTTP Request Smuggling [CWE-444] vulnerability in the Authenti
 CVE-2025-6947 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WatchGuard
 CVE-2025-5518 (Authorization Bypass Through User-Controlled Key vulnerability with us ...)
-	TODO: check
+	NOT-FOR-US: ArgusTech BILGER
 CVE-2025-59453 (Click Studios Passwordstate before 9.9 Build 9972 has a potential auth ...)
-	TODO: check
+	NOT-FOR-US: Click Studios Passwordstate
 CVE-2025-59437 (The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...)
 	TODO: check
 CVE-2025-59436 (The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...)
 	TODO: check
 CVE-2025-59332 (3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0 through 1.8 ...)
-	TODO: check
+	NOT-FOR-US: 3DAlloy
 CVE-2025-59145 (color-name is a JSON with CSS color names. On 8 September 2025, an npm ...)
 	NOT-FOR-US: Next.js
 CVE-2025-59056 (FreePBX is an open-source web-based graphical user interface. In FreeP ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2025-57118 (An issue in PHPGurukul Online-Library-Management-System v3.0 allows an ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-57117 (A Clickjacking vulnerability exists in Rems' Employee Management Syste ...)
-	TODO: check
+	NOT-FOR-US: Rems' Employee Management System
 CVE-2025-56448 (The Positron PX360BT SW REV 8 car alarm system is vulnerable to a repl ...)
-	TODO: check
+	NOT-FOR-US: Positron PX360BT SW REV 8 car alarm system
 CVE-2025-56274 (SourceCodester Web-based Pharmacy Product Management System 1.0 is vul ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-55211 (FreePBX is an open-source web-based graphical user interface. From 17. ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2025-43802 (Stored cross-site scripting (XSS) vulnerability in a custom object\u20 ...)
 	NOT-FOR-US: Liferay
 CVE-2025-43799 (Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions ...)
@@ -203,7 +203,7 @@ CVE-2025-24133 (This issue was addressed by restricting options offered on a loc
 CVE-2025-24088 (The issue was addressed by adding additional logic. This issue is fixe ...)
 	NOT-FOR-US: Apple
 CVE-2025-10485 (A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4 ...)
-	TODO: check
+	NOT-FOR-US: pojoin h3blog
 CVE-2025-10483 (A flaw has been found in SourceCodester Online Student File Management ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-10482 (A vulnerability was detected in SourceCodester Online Student File Man ...)
@@ -215,7 +215,7 @@ CVE-2025-10480 (A weakness has been identified in SourceCodester Online Student
 CVE-2025-10479 (A security flaw has been discovered in SourceCodester Online Student F ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-10477 (A vulnerability was identified in kidaze CourseSelectionSystem up to 4 ...)
-	TODO: check
+	NOT-FOR-US: kidaze CourseSelectionSystem
 CVE-2024-12367 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
 	TODO: check
 CVE-2025-24293



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a88b99d6cf58d99274f3ccbce2937919ff727487

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a88b99d6cf58d99274f3ccbce2937919ff727487
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250916/2b7010ce/attachment-0001.htm>
