[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 01 Oct 2025 21:30:44 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c1ff58da by Salvatore Bonaccorso at 2025-10-02T06:05:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2025-9512 (The Schema & Structured Data for WP & AMP 
WordPress plugin before
 CVE-2025-9075 (The ZoloBlocks plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-8679 (In ExtremeGuest Essentials before 25.5.0, captive-portal may 
permit un ...)
-       TODO: check
+       NOT-FOR-US: ExtremeGuest Essentials
 CVE-2025-61792 (Quadient DS-700 iQ devices through 2025-09-30 might have a 
race condit ...)
-       TODO: check
+       NOT-FOR-US: Quadient DS-700 iQ devices
 CVE-2025-61722
        REJECTED
 CVE-2025-61721
@@ -29,23 +29,23 @@ CVE-2025-61622 (Deserialization of untrusted data inpython 
in pyforyversions 0.1
 CVE-2025-61596
        REJECTED
 CVE-2025-61189 (Jeecgboot versions 3.8.2 and earlier are affected by a path 
traversal  ...)
-       TODO: check
+       NOT-FOR-US: Jeecgboot
 CVE-2025-61188 (Jeecgboot versions 3.8.2 and earlier are affected by a path 
traversal  ...)
-       TODO: check
+       NOT-FOR-US: Jeecgboot
 CVE-2025-61045 (TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain 
a comma ...)
        NOT-FOR-US: TOTOLINK
 CVE-2025-61044 (TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain 
a comma ...)
        NOT-FOR-US: TOTOLINK
 CVE-2025-60991 (A reflected cross-site scripted (XSS) vulnerability in Codazon 
Magento ...)
-       TODO: check
+       NOT-FOR-US: Codazon Magento Themes
 CVE-2025-59687 (IMPAQTR Aurora before 1.36 allows Insecure Direct Object 
Reference att ...)
-       TODO: check
+       NOT-FOR-US: IMPAQTR Aurora
 CVE-2025-59686 (Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents 
calls w ...)
-       TODO: check
+       NOT-FOR-US: Kazaar
 CVE-2025-59685 (Kazaar 1.25.12 allows a JWT with none in the alg field.)
-       TODO: check
+       NOT-FOR-US: Kazaar
 CVE-2025-59684 (DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.)
-       TODO: check
+       NOT-FOR-US: DigiSign DigiSigner ONE
 CVE-2025-59149 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
        TODO: check
 CVE-2025-59148 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
@@ -53,33 +53,33 @@ CVE-2025-59148 (Suricata is a network IDS, IPS and NSM 
engine developed by the O
 CVE-2025-59147 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
        TODO: check
 CVE-2025-58769 (auth0-PHP is an SDK for Auth0 Authentication and Management 
APIs. In v ...)
-       TODO: check
+       NOT-FOR-US: auth0-PHP
 CVE-2025-58055 (Discourse is an open-source community discussion platform. In 
versions ...)
        NOT-FOR-US: Discourse
 CVE-2025-58054 (Discourse is an open-source community discussion platform. 
Versions 3. ...)
        NOT-FOR-US: Discourse
 CVE-2025-57444 (An authenticated cross-site scripting (XSS) vulnerability in 
the Admin ...)
-       TODO: check
+       NOT-FOR-US: Radware AlteonOS Web UI Management
 CVE-2025-57393 (A stored cross-site scripting (XSS) in Kissflow Work Platform 
Kissflow ...)
-       TODO: check
+       NOT-FOR-US: Kissflow
 CVE-2025-57275 (Storage Performance Development Kit (SPDK) 25.05 is vulnerable 
to Buff ...)
-       TODO: check
+       NOT-FOR-US: Storage Performance Development Kit (SPDK)
 CVE-2025-56588 (Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote 
code ex ...)
        TODO: check
 CVE-2025-56515 (File upload vulnerability in Fiora chat application 1.0.0 
through user ...)
-       TODO: check
+       NOT-FOR-US: Fiora chat application
 CVE-2025-56514 (Cross Site Scripting (XSS) vulnerability in Fiora chat 
application 1.0 ...)
-       TODO: check
+       NOT-FOR-US: Fiora chat application
 CVE-2025-55191 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
        NOT-FOR-US: Argo CD
 CVE-2025-52042 (In Frappe ERPNext 15.57.5, the function 
get_rfq_containing_supplier()  ...)
-       TODO: check
+       NOT-FOR-US: Frappe ERPNext
 CVE-2025-52041 (In Frappe ERPNext 15.57.5, the function 
get_stock_balance_for() at erp ...)
-       TODO: check
+       NOT-FOR-US: Frappe ERPNext
 CVE-2025-52040 (In Frappe ERPNext 15.57.5, the function get_blanket_orders() 
at erpnex ...)
-       TODO: check
+       NOT-FOR-US: Frappe ERPNext
 CVE-2025-52039 (In Frappe ERPNext 15.57.5, the function 
get_material_requests_based_on ...)
-       TODO: check
+       NOT-FOR-US: Frappe ERPNext
 CVE-2025-46205 (A heap-use-after free in the PdfTokenizer::ReadDictionary 
function of  ...)
        TODO: check
 CVE-2025-43826 (Stored cross-site scripting (XSS) vulnerabilities in Web 
Content trans ...)
@@ -89,15 +89,15 @@ CVE-2025-43718 (Poppler 24.06.1 through 25.x before 25.04.0 
allows stack consump
 CVE-2025-41421 (Improper handling of symbolic links in the TeamViewer Full 
Client and  ...)
        NOT-FOR-US: TeamViewer
 CVE-2025-40648 (Stored Cross-Site Scripting (XSS) vulnerability in Issabel 
v5.0.0, con ...)
-       TODO: check
+       NOT-FOR-US: Issabel
 CVE-2025-40647 (Stored Cross-Site Scripting (XSS) vulnerability in Issabel 
v5.0.0, con ...)
-       TODO: check
+       NOT-FOR-US: Issabel
 CVE-2025-34182 (In Deciso OPNsense before 25.7.4, when creating an 
"Interfaces: Device ...)
        TODO: check
 CVE-2025-28357 (A CRLF injection vulnerability in Neto CMS v6.313.0 through 
v6.314.0 a ...)
-       TODO: check
+       NOT-FOR-US: Neto CMS
 CVE-2025-24525 (Keysight Ixia Vision has an issue with hardcoded cryptographic 
materia ...)
-       TODO: check
+       NOT-FOR-US: Keysight Ixia
 CVE-2025-20371 (In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 
9.2.8, an ...)
        NOT-FOR-US: Cisco
 CVE-2025-20370 (In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 
9.2.8, a ...)
@@ -113,9 +113,9 @@ CVE-2025-20366 (In Splunk Enterprise versions below 9.4.4, 
9.3.6, and 9.2.8, and
 CVE-2025-20361 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
        NOT-FOR-US: Cisco
 CVE-2025-20357 (A vulnerability in the web-based management interface of Cisco 
Cyber V ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20356 (A vulnerability in the web-based management interface of Cisco 
Cyber V ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-11233 (Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 
Cygwin ta ...)
        TODO: check
 CVE-2025-11226 (ACE vulnerability in conditional configuration file processing 
 by QOS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1ff58da4f4e3adce85c8d7df3d2a667252c6dab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1ff58da4f4e3adce85c8d7df3d2a667252c6dab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to