[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 3 21:08:19 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
851eb257 by Salvatore Bonaccorso at 2025-12-03T22:07:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,21 +18,21 @@ CVE-2025-66222 (DeepChat is a smart assistant uses artificial intelligence. In 0
 CVE-2025-66220 (Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.3 ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2025-66208 (Collabora Online - Built-in CODE Server (richdocumentscode) provides a ...)
-	TODO: check
+	NOT-FOR-US: Collabora Online - Built-in CODE Server
 CVE-2025-66032 (Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors  ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2025-65843 (Aquarius Desktop 3.0.069 for macOS contains an insecure file handling  ...)
-	TODO: check
+	NOT-FOR-US: Aquarius Desktop
 CVE-2025-65842 (The Aquarius HelperTool (1.0.003) privileged XPC service on macOS cont ...)
-	TODO: check
+	NOT-FOR-US: Aquarius HelperTool
 CVE-2025-65841 (Aquarius Desktop 3.0.069 for macOS stores user authentication credenti ...)
-	TODO: check
+	NOT-FOR-US: Aquarius Desktop
 CVE-2025-65345 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Direct ...)
 	TODO: check
 CVE-2025-65320 (Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Abacre Restaurant Point of Sale (POS)
 CVE-2025-65267 (In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2025-65097 (RomM (ROM Manager) allows users to scan, enrich, browse and play their ...)
 	TODO: check
 CVE-2025-65096 (RomM (ROM Manager) allows users to scan, enrich, browse and play their ...)
@@ -44,35 +44,35 @@ CVE-2025-64763 (Envoy is a high-performance edge/middle/service proxy. In 1.33.1
 CVE-2025-64527 (Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.3 ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2025-64443 (MCP Gateway allows easy and secure running and deployment of MCP serve ...)
-	TODO: check
+	NOT-FOR-US: MCP Gateway
 CVE-2025-63402 (An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 all ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-63401 (Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62686 (A local privilege escalation vulnerability exists in the Plugin Allian ...)
 	TODO: check
 CVE-2025-57202 (A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi en ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-57201 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-57200 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-57199 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-57198 (AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was di ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-55182 (A pre-authentication remote code execution vulnerability exists in Rea ...)
 	TODO: check
 CVE-2025-55076 (A local privilege escalation vulnerability exists in the InstallationH ...)
 	TODO: check
 CVE-2025-54326 (An issue was discovered in Camera in Samsung Mobile Processor Exynos 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54065 (GZDoom is a feature centric port for all Doom engine games. GZDoom is  ...)
 	TODO: check
 CVE-2025-53965 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-53841 (Akamai Guardicore Platform Agent before 52.1.1 allows an unprivileged  ...)
-	TODO: check
+	NOT-FOR-US: Akamai Guardicore Platform Agent
 CVE-2025-50361 (Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL  ...)
 	TODO: check
 CVE-2025-50360 (A heap buffer overflow in compiler.c and compiler.h in Pepper language ...)
@@ -110,7 +110,7 @@ CVE-2025-20381 (In Splunk MCP Server app versions below 0.2.4, a user with acces
 CVE-2025-13992 (Side-channel information leakage in Navigation and Loading in Google C ...)
 	TODO: check
 CVE-2025-13949 (A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impac ...)
-	TODO: check
+	NOT-FOR-US: ProudMuBai GoFilm
 CVE-2025-13948 (A vulnerability was determined in opsre go-ldap-admin up to 20251011.  ...)
 	TODO: check
 CVE-2025-13947 (A flaw was found in WebKitGTK. This vulnerability allows remote, user- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/851eb2570a498d39afd7f37ae743190e71068862

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/851eb2570a498d39afd7f37ae743190e71068862
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/b16039ae/attachment.htm>

More information about the debian-security-tracker-commits mailing list