[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 18 05:00:42 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07556df4 by Salvatore Bonaccorso at 2025-09-18T06:00:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-9862 (Server-Side Request Forgery (SSRF) vulnerability in Ghost allows
 CVE-2025-8999 (The Sydney theme for WordPress is vulnerable to unauthorized modificat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8463 (Authorization Bypass Through User-Controlled Key vulnerability in Nebu ...)
-	TODO: check
+	NOT-FOR-US: Nebula Informatics SecHard
 CVE-2025-8411 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Dokuzsoft Technology E-Commerce Web Design Product
 CVE-2025-8077 (A vulnerability exists in NeuVector versions up to and including 5.4.5 ...)
-	TODO: check
+	NOT-FOR-US: NeuVectorNeuVector
 CVE-2025-59476 (Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict o ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-59475 (Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a  ...)
@@ -23,81 +23,81 @@ CVE-2025-59456 (In JetBrains TeamCity before 2025.07.2 path traversal was possib
 CVE-2025-59455 (In JetBrains TeamCity before 2025.07.2 project isolation bypass was po ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-59416 (The Scratch Channel is a news website. If the user makes a fork, they  ...)
-	TODO: check
+	NOT-FOR-US: Scratch Channel
 CVE-2025-59414 (Nuxt is an open-source web development framework for Vue.js. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: Nuxt
 CVE-2025-59410 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59354 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59353 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59352 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59351 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59350 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59349 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59348 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59347 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59346 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59345 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2025-59342 (esm.sh is a nobuild content delivery network(CDN) for modern web devel ...)
-	TODO: check
+	NOT-FOR-US: esm.sh
 CVE-2025-59341 (esm.sh is a nobuild content delivery network(CDN) for modern web devel ...)
-	TODO: check
+	NOT-FOR-US: esm.sh
 CVE-2025-59340 (jinjava is a Java-based template engine based on django template synta ...)
 	TODO: check
 CVE-2025-59339 (The Bastion provides authentication, authorization, traceability and a ...)
-	TODO: check
+	NOT-FOR-US: Bastion
 CVE-2025-59304 (A directory traversal issue in Swetrix Web Analytics API 3.1.1 before  ...)
-	TODO: check
+	NOT-FOR-US: Swetrix Web Analytics API
 CVE-2025-58767 (REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 h ...)
 	TODO: check
 CVE-2025-58766 (Dyad is a local AI app builder. A critical security vulnerability has  ...)
-	TODO: check
+	NOT-FOR-US: Dyad
 CVE-2025-58432 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
-	TODO: check
+	NOT-FOR-US: ZimaOS
 CVE-2025-58431 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
-	TODO: check
+	NOT-FOR-US: ZimaOS
 CVE-2025-57055 (WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in ...)
-	TODO: check
+	NOT-FOR-US: WonderCMS
 CVE-2025-56648 (npm parcel 2.0.0-alpha and before has an Origin Validation Error vulne ...)
 	TODO: check
 CVE-2025-55904 (Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b646 ...)
 	TODO: check
 CVE-2025-54467 (When a Java command with password parameters is executed and terminate ...)
-	TODO: check
+	NOT-FOR-US: NeuVector
 CVE-2025-54390 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetP ...)
 	NOT-FOR-US: Zimbra
 CVE-2025-53884 (NeuVector stores user passwords and API keys using a simple, unsalted  ...)
-	TODO: check
+	NOT-FOR-US: NeuVector
 CVE-2025-50709 (An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sen ...)
-	TODO: check
+	NOT-FOR-US: Perplexity AI GPT-4
 CVE-2025-37122 (A vulnerability in the web-based management interface of network acces ...)
 	NOT-FOR-US: HPE
 CVE-2025-35436 (CISA Thorium uses '.unwrap()' to handle errors related to account veri ...)
-	TODO: check
+	NOT-FOR-US: CISA Thorium
 CVE-2025-35435 (CISA Thorium accepts a stream split size of zero then divides by this  ...)
-	TODO: check
+	NOT-FOR-US: CISA Thorium
 CVE-2025-35434 (CISA Thorium does not validate TLS certificates when connecting to Ela ...)
-	TODO: check
+	NOT-FOR-US: CISA Thorium
 CVE-2025-35433 (CISA Thorium does not properly invalidate previously used tokens when  ...)
-	TODO: check
+	NOT-FOR-US: CISA Thorium
 CVE-2025-35432 (CISA Thorium does not rate limit requests to send account verification ...)
-	TODO: check
+	NOT-FOR-US: CISA Thorium
 CVE-2025-35431 (CISA Thorium does not escape user controlled strings used in LDAP quer ...)
-	TODO: check
+	NOT-FOR-US: CISA Thorium
 CVE-2025-35430 (CISA Thorium does not adequately validate the paths of downloaded file ...)
-	TODO: check
+	NOT-FOR-US: CISA Thorium
 CVE-2025-10615 (A vulnerability was identified in itsourcecode E-Commerce Website 1.0. ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode E-Commerce Website
 CVE-2025-10614 (A vulnerability was determined in itsourcecode E-Logbook with Health M ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-10613 (A vulnerability has been found in itsourcecode Student Information Sys ...)
@@ -125,7 +125,7 @@ CVE-2025-10599 (A security flaw has been discovered in itsourcecode Web-Based In
 CVE-2025-10598 (A vulnerability was identified in SourceCodester Pet Grooming Manageme ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-10597 (A vulnerability was determined in kidaze CourseSelectionSystem up to 4 ...)
-	TODO: check
+	NOT-FOR-US: kidaze CourseSelectionSystem
 CVE-2025-10596 (A vulnerability was found in SourceCodester Online Exam Form Submissio ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-10595 (A vulnerability has been found in SourceCodester Online Student File M ...)
@@ -135,29 +135,29 @@ CVE-2025-10594 (A flaw has been found in SourceCodester Online Student File Mana
 CVE-2025-10593 (A vulnerability was detected in SourceCodester Online Student File Man ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-10592 (A security vulnerability has been detected in itsourcecode Online Publ ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Online Public Access Catalog OPAC
 CVE-2025-10591 (A weakness has been identified in Portabilis i-Educar up to 2.10. This ...)
 	NOT-FOR-US: Portabilis
 CVE-2025-10590 (A security flaw has been discovered in Portabilis i-Educar up to 2.10. ...)
 	NOT-FOR-US: Portabilis
 CVE-2025-10439 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Yordam Informatics Yordam Library Automation System
 CVE-2025-10205 (Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLX ...)
 	NOT-FOR-US: ABB group
 CVE-2025-10157 (A Protection Mechanism Failure vulnerability in mmaitre314 picklescan  ...)
-	TODO: check
+	NOT-FOR-US: mmaitre314 picklescan
 CVE-2025-10156 (An Improper Handling of Exceptional Conditions vulnerability in the ZI ...)
 	TODO: check
 CVE-2025-10155 (An Improper Input Validation vulnerability in the scanning logic of mm ...)
-	TODO: check
+	NOT-FOR-US: mmaitre314 picklescan
 CVE-2025-0879 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Shopside Software Shopside App
 CVE-2025-0546 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Mevzuattr Software MevzuatTR
 CVE-2025-0420 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Parasut Software Prasut
 CVE-2025-0419 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Zirve Nova
 CVE-2024-48842 (Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue a ...)
 	NOT-FOR-US: ABB group
 CVE-2023-53368 (In the Linux kernel, the following vulnerability has been resolved:  t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07556df4bf5ce4a3c54f6427cd7a83a5fb175936

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07556df4bf5ce4a3c54f6427cd7a83a5fb175936
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250918/698682ac/attachment.htm>

More information about the debian-security-tracker-commits mailing list