[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 5 20:37:58 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e272385 by Salvatore Bonaccorso at 2026-01-05T21:34:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,57 +63,57 @@ CVE-2025-67316 (An issue in realme Internet browser v.45.13.4.1 allows a remote
 CVE-2025-67315 (Cross Site Request Forgery vulnerability in Employee Leave Management  ...)
 	NOT-FOR-US: Employee Leave Management System
 CVE-2025-67303 (An issue in ComfyUI-Manager prior to version 3.38 allowed remote attac ...)
-	TODO: check
+	NOT-FOR-US: ComfyUI-Manager
 CVE-2025-66518 (Any client who can access to Apache Kyuubi Server via Kyuubi frontend  ...)
 	TODO: check
 CVE-2025-66376 (Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 a ...)
 	NOT-FOR-US: Zimbra
 CVE-2025-65922 (PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, al ...)
-	TODO: check
+	NOT-FOR-US: plankanban/planka
 CVE-2025-65328 (Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value o ...)
-	TODO: check
+	NOT-FOR-US: Mega-Fence (webgate-lib.*)
 CVE-2025-64421 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-64420 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-64419 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-61781 (OpenCTI is an open source platform for managing cyber threat intellige ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2025-5965 (In the backup parameters, a user with high privilege is able to concat ...)
 	NOT-FOR-US: Centreon
 CVE-2025-59955 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-59467 (A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP  ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti
 CVE-2025-59158 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-59157 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-59156 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-57836 (An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Win ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-55204 (muffon is a cross-platform music streaming client for desktop. Version ...)
-	TODO: check
+	NOT-FOR-US: muffon
 CVE-2025-53966 (An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-53344 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52519 (An issue was discovered in the Camera in Samsung Mobile Processor and  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-52517 (An issue was discovered in the Camera in Samsung Mobile Processor and  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-52516 (An issue was discovered in the Camera in Samsung Mobile Processor and  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-52515 (An issue was discovered in the Camera in Samsung Mobile Processor and  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-49495 (An issue was discovered in the WiFi driver in Samsung Mobile Processor ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-46255 (Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pr ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-43706 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-39561 (Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - P ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-39497 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -121,27 +121,27 @@ CVE-2025-39497 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-39484 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31048 (Unrestricted Upload of File with Dangerous Type vulnerability in Themi ...)
-	TODO: check
+	NOT-FOR-US: Shopo
 CVE-2025-31047 (Deserialization of Untrusted Data vulnerability in Themify Themify Edm ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31046 (Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31044 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Premium SEO Pack
 CVE-2025-30633 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-27807 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-15240 (QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an ...)
-	TODO: check
+	NOT-FOR-US: Quanta Computer
 CVE-2025-15239 (QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a  ...)
-	TODO: check
+	NOT-FOR-US: Quanta Computer
 CVE-2025-15029 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Centreon
 CVE-2025-15026 (Missing Authentication for Critical Function vulnerability in Centreon ...)
 	NOT-FOR-US: Centreon
 CVE-2025-14346 (WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not en ...)
-	TODO: check
+	NOT-FOR-US: WHILL
 CVE-2025-13056 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: Centreon
 CVE-2025-12519 (Missing Authorization vulnerability in Centreon Infra Monitoring (Admi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e27238588e1a59faedead85e70aa2370b99648a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e27238588e1a59faedead85e70aa2370b99648a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260105/ffd2997c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list