[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 19 21:43:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14d8b04e by Salvatore Bonaccorso at 2025-09-19T22:42:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9969 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Vizly Web Design Real Estate
 CVE-2025-9906 (The Keras Model.load_modelmethod can be exploited to achieve arbitrary ...)
 	- keras <removed>
 	NOTE: https://github.com/keras-team/keras/pull/21429
@@ -12,23 +12,23 @@ CVE-2025-9081 (Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to p
 CVE-2025-9079 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2025-8664 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: StarCities E-Municipality Management
 CVE-2025-8532 (Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing  ...)
-	TODO: check
+	NOT-FOR-US: eBA Document and Workflow Management System
 CVE-2025-8531 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2025-8487 (The Kubio AI Page Builder plugin for WordPress is vulnerable to unauth ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7937 (There is a vulnerability in the Supermicro BMC firmware validation log ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2025-7702 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
-	TODO: check
+	NOT-FOR-US: Manageable Email Sending System
 CVE-2025-7665 (The Miniorange OTP Verification with Firebase plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7403 (Unsafe handling in bt_conn_tx_processor causes a use-after-free, resul ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-6198 (There is a vulnerability in the Supermicro BMC firmware validation log ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2025-5955 (The Service Finder SMS System plugin for WordPress is vulnerable to au ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5948 (The Service Finder Bookings plugin for WordPress is vulnerable to priv ...)
@@ -36,17 +36,17 @@ CVE-2025-5948 (The Service Finder Bookings plugin for WordPress is vulnerable to
 CVE-2025-59717 (In the @digitalocean/do-markdownit package through 1.16.1 (in npm), th ...)
 	TODO: check
 CVE-2025-59715 (SMSEagle before 6.11 allows reflected XSS via a username or contact ph ...)
-	TODO: check
+	NOT-FOR-US: SMSEagle
 CVE-2025-59714 (In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Gr ...)
-	TODO: check
+	NOT-FOR-US: Internet2 Grouper
 CVE-2025-59713 (Snipe-IT before 8.1.18 allows unsafe deserialization.)
 	TODO: check
 CVE-2025-59712 (Snipe-IT before 8.1.18 allows XSS.)
 	TODO: check
 CVE-2025-59692 (PureVPN client applications on Linux through September 2025 mishandle  ...)
-	TODO: check
+	NOT-FOR-US: PureVPN
 CVE-2025-59691 (PureVPN client applications on Linux through September 2025 allow IPv6 ...)
-	TODO: check
+	NOT-FOR-US: PureVPN
 CVE-2025-59678
 	REJECTED
 CVE-2025-59677
@@ -68,71 +68,71 @@ CVE-2025-59670
 CVE-2025-59431 (MapServer is a system for developing web-based GIS applications. Prior ...)
 	TODO: check
 CVE-2025-59427 (The Cloudflare Vite plugin enables a full-featured integration between ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare Vite plugin
 CVE-2025-59344 (AliasVault is a privacy-first password manager with built-in email ali ...)
-	TODO: check
+	NOT-FOR-US: AliasVault
 CVE-2025-59220 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-59216 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-59215 (Use after free in Microsoft Graphics Component allows an authorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-58114 (Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice  ...)
-	TODO: check
+	NOT-FOR-US: BlueSpice
 CVE-2025-57880 (Improper Encoding or Escaping of Output vulnerability in Hallo Welt! G ...)
-	TODO: check
+	NOT-FOR-US: BlueSpice
 CVE-2025-57644 (Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Accela Automation Platform
 CVE-2025-57528 (An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_T ...)
 	NOT-FOR-US: Tenda
 CVE-2025-57396 (Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Tandoor Recipes
 CVE-2025-57296 (Tenda AC6 router firmware 15.03.05.19 contains a command injection vul ...)
 	NOT-FOR-US: Tenda
 CVE-2025-57295 (H3C devices running firmware version NX15V100R015 are vulnerable to un ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-57293 (A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) ...)
-	TODO: check
+	NOT-FOR-US: COMFAST CF-XR11
 CVE-2025-56869 (Directory traversal vulnerability in Sync In server thru 1.1.1 allowin ...)
-	TODO: check
+	NOT-FOR-US: Sync In
 CVE-2025-56762 (Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in erro ...)
-	TODO: check
+	NOT-FOR-US: Paracrawl KeOPs
 CVE-2025-55910 (CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion i ...)
-	TODO: check
+	NOT-FOR-US: CMSEasy
 CVE-2025-55068 (Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Un ...)
-	TODO: check
+	NOT-FOR-US: Dover Fueling Solutions
 CVE-2025-54860 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet- ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-54818 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose   a propr ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-54815 (Server-side template injection (SSTI) vulnerability in PPress 0.0.9 al ...)
-	TODO: check
+	NOT-FOR-US: PPress
 CVE-2025-54810 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose   a propr ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-54807 (The secret used for validating authentication tokens is hardcoded in   ...)
-	TODO: check
+	NOT-FOR-US: Dover Fueling Solutions
 CVE-2025-54761 (An issue was discovered in PPress 0.0.9 allowing attackers to gain esc ...)
-	TODO: check
+	NOT-FOR-US: PPress
 CVE-2025-54754 (An attacker with adjacent access, without authentication, can exploit  ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-54497 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose  a telnet ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-53969 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose  a servic ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-53947 (A local attacker with low privileges on the Windows system where the   ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-52873 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose  a telnet ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-52159 (Hardcoded credentials in default configuration of PPress 0.0.9.)
-	TODO: check
+	NOT-FOR-US: PPress
 CVE-2025-48703 (CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allo ...)
-	TODO: check
+	NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel)
 CVE-2025-48007 (Improper Encoding or Escaping of Output vulnerability in Hallo Welt! G ...)
-	TODO: check
+	NOT-FOR-US: BlueSpice
 CVE-2025-47698 (An adjacent attacker without authentication can exploit this vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2025-46703 (Improper Encoding or Escaping of Output vulnerability in Hallo Welt! G ...)
-	TODO: check
+	NOT-FOR-US: BlueSpice
 CVE-2025-43809 (Cross-Site Request Forgery (CSRF) vulnerability in the server (license ...)
 	NOT-FOR-US: Liferay
 CVE-2025-43803 (Insecure direct object reference (IDOR) vulnerability in the Contacts  ...)
@@ -176,9 +176,9 @@ CVE-2025-34189 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host vers
 CVE-2025-34188 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
 	TODO: check
 CVE-2025-30755 (OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when  ...)
-	TODO: check
+	NOT-FOR-US: OpenGrok
 CVE-2025-30519 (Dover Fueling Solutions ProGauge MagLink LX4 Deviceshave default root  ...)
-	TODO: check
+	NOT-FOR-US: Dover Fueling Solutions
 CVE-2025-26517 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 11.8.0. ...)
 	NOT-FOR-US: NetApp
 CVE-2025-26516 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 11.8.0. ...)
@@ -188,31 +188,31 @@ CVE-2025-26515 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 1
 CVE-2025-26514 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 11.8.0. ...)
 	NOT-FOR-US: NetApp
 CVE-2025-10722 (A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. ...)
-	TODO: check
+	NOT-FOR-US: SKTLab Mukbee App
 CVE-2025-10721 (A vulnerability was determined in Webull Investing & Trading App 11.2. ...)
-	TODO: check
+	NOT-FOR-US: Webull Investing & Trading App
 CVE-2025-10719 (Tronclass developed by WisdomGarden has an Insecure Direct object Refe ...)
-	TODO: check
+	NOT-FOR-US: Tronclass
 CVE-2025-10718 (A vulnerability was found in Ooma Office Business Phone App up to 7.2. ...)
-	TODO: check
+	NOT-FOR-US: Ooma Office Business Phone App
 CVE-2025-10717 (A vulnerability has been found in intsig CamScanner App 6.91.1.5.25071 ...)
-	TODO: check
+	NOT-FOR-US: intsig CamScanner App
 CVE-2025-10716 (A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Af ...)
-	TODO: check
+	NOT-FOR-US: Creality Cloud App
 CVE-2025-10715 (A security flaw has been discovered in APEUni PTE Exam Practice App up ...)
-	TODO: check
+	NOT-FOR-US: APEUni PTE Exam Practice App
 CVE-2025-10712 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20 ...)
-	TODO: check
+	NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
 CVE-2025-10711 (A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up  ...)
-	TODO: check
+	NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
 CVE-2025-10710 (A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 202508 ...)
-	TODO: check
+	NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
 CVE-2025-10709 (A vulnerability was detected in Four-Faith Water Conservancy Informati ...)
-	TODO: check
+	NOT-FOR-US: Four-Faith Water Conservancy Informatization Platform
 CVE-2025-10708 (A security vulnerability has been detected in Four-Faith Water Conserv ...)
-	TODO: check
+	NOT-FOR-US: Four-Faith Water Conservancy Informatization Platform
 CVE-2025-10707 (A weakness has been identified in JeecgBoot up to 3.8.2. Affected is a ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2025-10690 (The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10689 (A vulnerability was identified in D-Link DIR-645 105B01. This issue af ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14d8b04e27022965e2de2204b0f02442b545a25e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14d8b04e27022965e2de2204b0f02442b545a25e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250919/7fe00211/attachment.htm>

More information about the debian-security-tracker-commits mailing list