[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 2 21:31:20 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c2a2230 by Salvatore Bonaccorso at 2025-12-02T22:30:49+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,75 +77,75 @@ CVE-2025-60854 (A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 an
 CVE-2025-60736 (code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection ...)
 	NOT-FOR-US: code-projects Online Medicine Guide
 CVE-2025-59705 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59704 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59703 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59702 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59701 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59700 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59699 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59698 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59697 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59696 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59695 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6. ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59694 (The Chassis Management Board in Entrust nShield Connect XC, nShield 5c ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-59693 (The Chassis Management Board in Entrust nShield Connect XC, nShield 5c ...)
-	TODO: check
+	NOT-FOR-US: Entrust
 CVE-2025-58386 (In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user ...)
-	TODO: check
+	NOT-FOR-US: Terminalfour
 CVE-2025-58113 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
 	NOT-FOR-US: PDF-XChange
 CVE-2025-57850 (A container privilege escalation flaw was found in certain CodeReady W ...)
-	TODO: check
+	NOT-FOR-US: CodeReady Workspaces images
 CVE-2025-52622 (The BigFix SaaS's HTTP responses were missing some security headers. T ...)
 	NOT-FOR-US: HCL
 CVE-2025-41744 (Sprecher Automations SPRECON-E seriesuses default cryptographic keys t ...)
-	TODO: check
+	NOT-FOR-US: Sprecher Automation
 CVE-2025-41743 (Insufficient encryption strength in Sprecher Automation SPRECON-E-C, S ...)
-	TODO: check
+	NOT-FOR-US: Sprecher Automation
 CVE-2025-41742 (Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Sprecher Automation
 CVE-2025-41086 (Vulnerability in the access control system of the GAMS licensing syste ...)
-	TODO: check
+	NOT-FOR-US: GAMS licensing system
 CVE-2025-41066 (Horde Groupware v5.2.22 has a user enumeration vulnerability that allo ...)
 	TODO: check
 CVE-2025-41015 (User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This ...)
-	TODO: check
+	NOT-FOR-US: TCMAN GIM
 CVE-2025-41014 (User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This ...)
-	TODO: check
+	NOT-FOR-US: TCMAN GIM
 CVE-2025-41013 (SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This ...)
-	TODO: check
+	NOT-FOR-US: TCMAN GIM
 CVE-2025-41012 (Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. T ...)
-	TODO: check
+	NOT-FOR-US: TCMAN GIM
 CVE-2025-40700 (Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vu ...)
-	TODO: check
+	NOT-FOR-US: IDI Eikon's Governalia
 CVE-2025-34352 (JumpCloud Remote Assist for Windows versions prior to 0.317.0 include  ...)
-	TODO: check
+	NOT-FOR-US: JumpCloud Remote Assist for Windows
 CVE-2025-13879 (Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vul ...)
-	TODO: check
+	NOT-FOR-US: SOLIDserver IPAM
 CVE-2025-13877 (A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. T ...)
-	TODO: check
+	NOT-FOR-US: nocobase
 CVE-2025-13876 (A security vulnerability has been detected in Rareprob HD Video Player ...)
-	TODO: check
+	NOT-FOR-US: Rareprob HD Video Player All Formats App
 CVE-2025-13875 (A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. T ...)
-	TODO: check
+	NOT-FOR-US: Yohann0617 oci-helper
 CVE-2025-13873 (Stored Cross-Site Scripting (XSS) in the survey-import feature of Obje ...)
-	TODO: check
+	NOT-FOR-US: ObjectPlanet Opinio
 CVE-2025-13872 (Blind Server-Side Request Forgery (SSRF) in the survey-import feature  ...)
-	TODO: check
+	NOT-FOR-US: ObjectPlanet Opinio
 CVE-2025-13871 (Cross-Site Request Forgery (CSRF) in the resource-management feature o ...)
-	TODO: check
+	NOT-FOR-US: ObjectPlanet Opinio
 CVE-2025-13870 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to vali ...)
 	TODO: check
 CVE-2025-13828 (SummaryA non privileged user can install and remove arbitrary packages ...)
@@ -241,7 +241,7 @@ CVE-2025-13372 (An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15,
 CVE-2025-66448 (vLLM is an inference and serving engine for large language models (LLM ...)
 	- vllm <itp> (bug #1095237)
 CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current HTTP req ...)
-	TODO: check
+	NOT-FOR-US: fastify-reply-from Fastify plugin
 CVE-2025-66412 (Angular is a development platform for building mobile and desktop web  ...)
 	TODO: check
 CVE-2025-66410 (Gin-vue-admin is a backstage management system based on vue and gin. I ...)
@@ -295,9 +295,9 @@ CVE-2025-66295 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when
 CVE-2025-66294 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Si ...)
 	NOT-FOR-US: Grav CMS
 CVE-2025-66206 (Frappe is a full-stack web application framework. Prior to 15.86.0 and ...)
-	TODO: check
+	NOT-FOR-US: Frappe Framework
 CVE-2025-66205 (Frappe is a full-stack web application framework. Prior to 15.86.0 and ...)
-	TODO: check
+	NOT-FOR-US: Frappe Framework
 CVE-2025-65840 (PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSR ...)
 	NOT-FOR-US: PublicCMS
 CVE-2025-65622 (Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" fi ...)
@@ -333,7 +333,7 @@ CVE-2025-58476 (Out-of-bounds read vulnerability in bootloader prior to SMR Dec-
 CVE-2025-58475 (Improper input validation in libsec-ril.so prior to SMR Dec-2025 Relea ...)
 	NOT-FOR-US: Samsung Mobile
 CVE-2025-58044 (JumpServer is an open source bastion host and an operation and mainten ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2025-55749 (XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.1 ...)
 	NOT-FOR-US: XWiki
 CVE-2025-55129 (HackerOne community member Kassem S.(kassem_s94) has reported that use ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2a2230fa318afde0d489633aa94f060bc93590

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2a2230fa318afde0d489633aa94f060bc93590
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/a8a3fad6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list