[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Aug 21 21:44:58 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea2845c9 by Salvatore Bonaccorso at 2025-08-21T22:44:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,9 +62,9 @@ CVE-2025-57761 (WeGIA is a Web manager for charitable institutions. Prior to 3.4
 CVE-2025-57755 (claude-code-router is a powerful tool to route Claude Code requests to ...)
 	NOT-FOR-US: claude-code-router
 CVE-2025-57754 (eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In ...)
-	TODO: check
+	NOT-FOR-US: eslint-ban-moment Eslint plugin
 CVE-2025-57753 (vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server ...)
-	TODO: check
+	NOT-FOR-US: vite-plugin-static-copy rollup-plugin-copy for Vite
 CVE-2025-57751 (pyLoad is the free and open-source Download Manager written in pure Py ...)
 	- pyload <itp> (bug #1001980)
 CVE-2025-55744 (UnoPim is an open-source Product Information Management (PIM) system b ...)
@@ -76,27 +76,27 @@ CVE-2025-55742 (UnoPim is an open-source Product Information Management (PIM) sy
 CVE-2025-55564 (Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list p ...)
 	NOT-FOR-US: Tenda
 CVE-2025-55524 (Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrari ...)
-	TODO: check
+	NOT-FOR-US: Agent-Zero
 CVE-2025-55523 (An issue in the component /api/download_work_dir_file.py of Agent-Zero ...)
-	TODO: check
+	NOT-FOR-US: Agent-Zero
 CVE-2025-55522 (Cross-site scripting (XSS) vulnerability in the component /common/repo ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2025-55521 (An issue in the component /settings/localisation of Akaunting v3.1.18  ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2025-55420 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /ind ...)
-	TODO: check
+	NOT-FOR-US: FoxCMS
 CVE-2025-55383 (Moss before v0.15 has a file upload vulnerability. The "upload" functi ...)
 	TODO: check
 CVE-2025-55371 (Incorrect access control in the component /controller/PersonController ...)
-	TODO: check
+	NOT-FOR-US: jshERP
 CVE-2025-55370 (Incorrect access control in the component \controller\ResourceControll ...)
-	TODO: check
+	NOT-FOR-US: jshERP
 CVE-2025-55368 (Incorrect access control in the component \controller\RoleController.j ...)
-	TODO: check
+	NOT-FOR-US: jshERP
 CVE-2025-55367 (Incorrect access control in the component \controller\SupplierControll ...)
-	TODO: check
+	NOT-FOR-US: jshERP
 CVE-2025-55366 (Incorrect access control in the component \controller\UserController.j ...)
-	TODO: check
+	NOT-FOR-US: jshERP
 CVE-2025-55297 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
 	TODO: check
 CVE-2025-55231 (Concurrent execution using shared resource with improper synchronizati ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea2845c9002b9dcfa0dc168d3b50645becd1d7ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea2845c9002b9dcfa0dc168d3b50645becd1d7ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250821/2cd9cb53/attachment-0001.htm>
