[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 26 21:44:31 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
620cd7d1 by Salvatore Bonaccorso at 2025-09-26T22:43:34+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-9958 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2025-9642 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2025-9267 (In Seagate Toolkit on Windows avulnerability exists in the Toolkit Ins ...)
-	TODO: check
+	NOT-FOR-US: Seagate
 CVE-2025-7691 (A privilege escalation issue has been discovered in GitLab EE affectin ...)
 	- gitlab <unfixed>
 CVE-2025-6396 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Webbeyaz Website Design Website Software
 CVE-2025-60219 (Unrestricted Upload of File with Dangerous Type vulnerability in HaruT ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -179,9 +179,9 @@ CVE-2025-60040 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-5069 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <not-affected> (Vulnerable code not present)
 CVE-2025-59844 (SonarQube Server and Cloud is a static analysis solution for continuou ...)
-	TODO: check
+	NOT-FOR-US: SonarQube Server and Cloud
 CVE-2025-59843 (Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 t ...)
-	TODO: check
+	NOT-FOR-US: Flag Forge
 CVE-2025-59842 (jupyterlab is an extensible environment for interactive and reproducib ...)
 	TODO: check
 CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This oc ...)
@@ -201,23 +201,23 @@ CVE-2025-58917 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-58914 (Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58385 (In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be d ...)
-	TODO: check
+	NOT-FOR-US: DOXENSE WATCHDOC
 CVE-2025-58384 (In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Da ...)
-	TODO: check
+	NOT-FOR-US: DOXENSE WATCHDOC
 CVE-2025-57692 (PiranhaCMS 12.0 allows stored XSS in the Text content block of Standar ...)
-	TODO: check
+	NOT-FOR-US: PiranhaCMS
 CVE-2025-57292 (Todoist v8484 contains a stored cross-site scripting (XSS) vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Todoist
 CVE-2025-56463 (Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) ...)
-	TODO: check
+	NOT-FOR-US: Mercusys MW305R
 CVE-2025-56383 (Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace  ...)
-	TODO: check
+	NOT-FOR-US: Notepad++
 CVE-2025-55848 (An issue was discovered in DIR-823 firmware 20250416. There is an RCE  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-55847 (Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the ...)
 	NOT-FOR-US: Wavlink
 CVE-2025-55187 (In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 be ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-4957 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48326 (Missing Authorization vulnerability in Acclectic Media Acclectic Media ...)
@@ -225,7 +225,7 @@ CVE-2025-48326 (Missing Authorization vulnerability in Acclectic Media Acclectic
 CVE-2025-48107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-45994 (An issue in Aranda PassRecovery v1.0 allows attackers to enumerate val ...)
-	TODO: check
+	NOT-FOR-US: Aranda PassRecovery
 CVE-2025-36326 (IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 ...)
 	NOT-FOR-US: IBM
 CVE-2025-36274 (IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive informati ...)
@@ -245,41 +245,41 @@ CVE-2025-11039 (A security vulnerability has been detected in Campcodes Computer
 CVE-2025-11038 (A weakness has been identified in itsourcecode Online Clinic Managemen ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-11037 (A security flaw has been discovered in code-projects E-Commerce Websit ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-11036 (A vulnerability was identified in code-projects E-Commerce Website 1.0 ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-11035 (A vulnerability was determined in Jinher OA 2.0. The impacted element  ...)
-	TODO: check
+	NOT-FOR-US: Jinher OA
 CVE-2025-11034 (A vulnerability was found in Dibo Data Decision Making System up to 2. ...)
-	TODO: check
+	NOT-FOR-US: Dibo Data Decision Making System
 CVE-2025-11033 (A vulnerability has been found in kidaze CourseSelectionSystem up to 4 ...)
-	TODO: check
+	NOT-FOR-US: kidaze CourseSelectionSystem
 CVE-2025-11032 (A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40 ...)
-	TODO: check
+	NOT-FOR-US: kidaze CourseSelectionSystem
 CVE-2025-11031 (A flaw has been found in DataTables up to 1.10.13. The affected elemen ...)
 	NOT-FOR-US: code-projects
 CVE-2025-11030 (A vulnerability was detected in Tutorials-Website Employee Management  ...)
-	TODO: check
+	NOT-FOR-US: Tutorials-Website Employee Management System
 CVE-2025-11029 (A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vul ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-11028 (A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. Thi ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-11027 (A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-11026 (A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-11025 (Insertion of Sensitive Information Into Sent Data vulnerability in Vim ...)
-	TODO: check
+	NOT-FOR-US: Vimesoft Corporate Messaging Platform
 CVE-2025-11021 (A flaw was found in the cookie date handling logic of the libsoup HTTP ...)
 	TODO: check
 CVE-2025-11019 (A vulnerability has been found in Total.js CMS up to 19.9.0. This impa ...)
-	TODO: check
+	NOT-FOR-US: Total.js CMS
 CVE-2025-11018 (A flaw has been found in Four-Faith Water Conservancy Informatization  ...)
-	TODO: check
+	NOT-FOR-US: Four-Faith Water Conservancy Informatization Platform
 CVE-2025-11017 (A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impact ...)
 	TODO: check
 CVE-2025-11016 (A security vulnerability has been detected in kalcaddle kodbox up to 1 ...)
-	TODO: check
+	NOT-FOR-US: kalcaddle kodbox
 CVE-2025-11015 (A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted ...)
 	TODO: check
 CVE-2025-11014 (A security flaw has been discovered in OGRECave Ogre up to 14.4.1. Thi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/620cd7d1ca5e729a4521b1cb8bb8d9bc921e9e20

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/620cd7d1ca5e729a4521b1cb8bb8d9bc921e9e20
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250926/ab2030b2/attachment.htm>

More information about the debian-security-tracker-commits mailing list