[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 4 20:44:53 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1a75b1a by Salvatore Bonaccorso at 2025-12-04T21:44:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,35 +6,35 @@ CVE-2025-66516 (Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-mod
 	- tika <unfixed>
 	NOTE: https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
 CVE-2025-66373 (Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunke ...)
-	TODO: check
+	NOT-FOR-US: Akamai
 CVE-2025-65958 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: open-webui
 CVE-2025-65945 (auth0/node-jws is a JSON Web Signature implementation for Node.js. In  ...)
-	TODO: check
+	NOT-FOR-US: auth0 node-jws
 CVE-2025-65883 (A vulnerability has been identified in Genexis Platinum P4410 router ( ...)
-	TODO: check
+	NOT-FOR-US: Genexis router
 CVE-2025-65806 (The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handl ...)
-	TODO: check
+	NOT-FOR-US: E-POINT CMS
 CVE-2025-65637 (A denial-of-service vulnerability exists in github.com/sirupsen/logrus ...)
 	TODO: check
 CVE-2025-65516 (A stored cross-site scripting (XSS) vulnerability was discovered in Se ...)
 	TODO: check
 CVE-2025-65346 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Direct ...)
-	TODO: check
+	NOT-FOR-US: alexusmai laravel-file-manager
 CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API  ...)
-	TODO: check
+	NOT-FOR-US: open-webui
 CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
 	TODO: check
 CVE-2025-63364 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway F ...)
-	TODO: check
+	NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware
 CVE-2025-63363 (A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI E ...)
-	TODO: check
+	NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware
 CVE-2025-63362 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway F ...)
-	TODO: check
+	NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware
 CVE-2025-63361 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway F ...)
-	TODO: check
+	NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware
 CVE-2025-61148 (An Insecure Direct Object Reference (IDOR) vulnerability in the Eduplu ...)
-	TODO: check
+	NOT-FOR-US: EduplusCampus
 CVE-2025-59788 (Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewe ...)
 	TODO: check
 CVE-2025-57213 (Incorrect access control in the component orderService.queryObject of  ...)
@@ -44,7 +44,7 @@ CVE-2025-57212 (Incorrect access control in the component ApiOrderService.java o
 CVE-2025-57210 (Incorrect access control in the component ApiPayController.java of pla ...)
 	TODO: check
 CVE-2025-56427 (Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remo ...)
-	TODO: check
+	NOT-FOR-US: ComposioHQ
 CVE-2025-54307 (An issue was discovered in the Thermo Fisher Torrent Suite Django appl ...)
 	TODO: check
 CVE-2025-54306 (An issue was discovered in the Thermo Fisher Torrent Suite Django appl ...)
@@ -78,33 +78,33 @@ CVE-2025-29844 (A vulnerability in FileStation file cgi allows remote authentica
 CVE-2025-29843 (A vulnerability in FileStation thumb cgi allows remote authenticated u ...)
 	NOT-FOR-US: Synology
 CVE-2025-29269 (ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command inje ...)
-	TODO: check
+	NOT-FOR-US: ALLNET ALL-RUT22GW
 CVE-2025-29268 (ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credential ...)
-	TODO: check
+	NOT-FOR-US: ALLNET ALL-RUT22GW
 CVE-2025-14024
 	REJECTED
 CVE-2025-14016 (A security vulnerability has been detected in macrozheng mall-swarm up ...)
-	TODO: check
+	NOT-FOR-US: macrozheng mall-swarm
 CVE-2025-14015 (A weakness has been identified in H3C Magic B0 up to 100R002. This imp ...)
-	TODO: check
+	NOT-FOR-US: H3C Magic B0
 CVE-2025-14013 (A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted e ...)
-	TODO: check
+	NOT-FOR-US: JIZHICMS
 CVE-2025-14012 (A vulnerability was determined in JIZHICMS up to 2.5.5. The affected e ...)
-	TODO: check
+	NOT-FOR-US: JIZHICMS
 CVE-2025-14011 (A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the fun ...)
-	TODO: check
+	NOT-FOR-US: JIZHICMS
 CVE-2025-14010 (A flaw was found in ansible-collection-community-general. This vulnera ...)
 	TODO: check
 CVE-2025-14008 (A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: XunRuiCMS
 CVE-2025-14007 (A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This aff ...)
-	TODO: check
+	NOT-FOR-US: XunRuiCMS
 CVE-2025-14006 (A security vulnerability has been detected in dayrui XunRuiCMS up to 4 ...)
-	TODO: check
+	NOT-FOR-US: XunRuiCMS
 CVE-2025-14005 (A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affect ...)
-	TODO: check
+	NOT-FOR-US: XunRuiCMS
 CVE-2025-14004 (A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. A ...)
-	TODO: check
+	NOT-FOR-US: XunRuiCMS
 CVE-2025-13488 (Due to a regression introduced in version 3.83.0, a security header is ...)
 	NOT-FOR-US: Sonatype
 CVE-2025-12097 (There is a relative path traversal vulnerability in the NI System Web  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1a75b1a8747e6dba152079b44faa5d6ccbd8f00

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1a75b1a8747e6dba152079b44faa5d6ccbd8f00
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251204/b393d8e0/attachment.htm>

More information about the debian-security-tracker-commits mailing list