[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 16 21:27:04 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf023c4f by Salvatore Bonaccorso at 2025-09-16T22:26:37+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,55 +5,55 @@ CVE-2025-8893 (A maliciously crafted PDF file, when parsed through certain Autod
 CVE-2025-8446 (The Blaze Demo Importer plugin for WordPress is vulnerable to unauthor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8276 (Improper Encoding or Escaping of Output, Improper Neutralization of Sp ...)
-	TODO: check
+	NOT-FOR-US: Patika Global Technologies HumanSuite
 CVE-2025-8057 (Authorization Bypass Through User-Controlled Key, Externally Controlle ...)
-	TODO: check
+	NOT-FOR-US: Patika Global Technologies HumanSuite
 CVE-2025-7744 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Dolusoft Omaspot
 CVE-2025-7743 (Cleartext Transmission of Sensitive Information vulnerability in Dolus ...)
-	TODO: check
+	NOT-FOR-US: Omaspot
 CVE-2025-7355 (Authorization Bypass Through User-Controlled Key vulnerability in Beef ...)
-	TODO: check
+	NOT-FOR-US: Beefull App
 CVE-2025-6575 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Omaspot
 CVE-2025-5519 (Insertion of Sensitive Information Into Sent Data vulnerability in Arg ...)
-	TODO: check
+	NOT-FOR-US: ArgusTech BILGER
 CVE-2025-59336 (Luanox is a module host for Lua packages. Prior to 0.1.1, a file trave ...)
-	TODO: check
+	NOT-FOR-US: Luanox
 CVE-2025-59334 (Linkr is a lightweight file delivery system that downloads files from  ...)
-	TODO: check
+	NOT-FOR-US: Linkr
 CVE-2025-59333 (The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed ...)
-	TODO: check
+	NOT-FOR-US: mcp-database-server (MCP Server)
 CVE-2025-59270 (psPAS PowerShell module does not explicitly enforce TLS 1.2 within the ...)
-	TODO: check
+	NOT-FOR-US: psPAS PowerShell module
 CVE-2025-59161 (Element Web is a Matrix web client built using the Matrix React SDK. E ...)
 	TODO: check
 CVE-2025-59160 (Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and ...)
 	TODO: check
 CVE-2025-59050 (Greenshot is an open source Windows screenshot utility. Greenshot 1.3. ...)
-	TODO: check
+	NOT-FOR-US: Greenshot
 CVE-2025-58749 (WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssemb ...)
-	TODO: check
+	NOT-FOR-US: WebAssembly Micro Runtime (WAMR)
 CVE-2025-58174 (LDAP Account Manager (LAM) is a webfrontend for managing entries store ...)
 	TODO: check
 CVE-2025-57631 (SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attack ...)
-	TODO: check
+	NOT-FOR-US: TDuckCloud
 CVE-2025-57625 (CYRISMA Sensor before 444 for Windows has an Insecure Folder and File  ...)
-	TODO: check
+	NOT-FOR-US: CYRISMA Sensor
 CVE-2025-57624 (A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local ...)
-	TODO: check
+	NOT-FOR-US: CYRISMA Agent
 CVE-2025-57145 (A cross-site scripting (XSS) vulnerability exists in the search-autoot ...)
-	TODO: check
+	NOT-FOR-US: ATSMS web application
 CVE-2025-57119 (An issue in Online Library Management System v.3.0 allows an attacker  ...)
-	TODO: check
+	NOT-FOR-US: Online Library Management System
 CVE-2025-56706 (Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execu ...)
-	TODO: check
+	NOT-FOR-US: Edimax BR-6473AX
 CVE-2025-56697 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in th ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Computer Base Test
 CVE-2025-56562 (An incorrect API discovered in Signify Wiz Connected 1.9.1 allows atta ...)
-	TODO: check
+	NOT-FOR-US: Signify Wiz Connected
 CVE-2025-56557 (An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: Tuya Smart Life App
 CVE-2025-56295 (code-projects Computer Laboratory System 1.0 has a file upload vulnera ...)
 	NOT-FOR-US: code-projects
 CVE-2025-56293 (code-projects Human Resource Integrated System 1.0 is vulnerable to Cr ...)
@@ -65,11 +65,11 @@ CVE-2025-56280 (code-projects Food Ordering Review System 1.0 is vulnerable to C
 CVE-2025-56276 (code-projects Food Ordering Review System 1.0 is vulnerable to Cross S ...)
 	NOT-FOR-US: code-projects
 CVE-2025-56264 (The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial ...)
-	TODO: check
+	NOT-FOR-US: zhangyd-c OneBlog
 CVE-2025-56263 (by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api ...)
-	TODO: check
+	NOT-FOR-US: by-night sms
 CVE-2025-55834 (A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows ...)
-	TODO: check
+	NOT-FOR-US: JeeWMS
 CVE-2025-55118 (Memory corruptions can be remotely triggered in the Control-M/Agent wh ...)
 	TODO: check
 CVE-2025-55117 (A stack-based buffer overflow can be remotely triggered when formattin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf023c4f7c88905aef476b9ba968f2cd6038d44d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf023c4f7c88905aef476b9ba968f2cd6038d44d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250916/b779054a/attachment.htm>

More information about the debian-security-tracker-commits mailing list