[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9282c947 by Salvatore Bonaccorso at 2025-12-05T09:17:57+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
 CVE-2025-6946 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WatchGuard
 CVE-2025-66576 (Remote Keyboard Desktop 1.0.1 enables remote attackers to execute syst ...)
-	TODO: check
+	NOT-FOR-US: Remote Keyboard Desktop
 CVE-2025-66575 (VeeVPN 1.6.1 contains an unquoted service path vulnerability in the Ve ...)
-	TODO: check
+	NOT-FOR-US: VeeVPN
 CVE-2025-66574 (TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site ...)
-	TODO: check
+	NOT-FOR-US: TranzAxis
 CVE-2025-66573 (Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API en ...)
-	TODO: check
+	NOT-FOR-US: Solstice Pod API
 CVE-2025-66572 (Loaded Commerce 6.6 contains a client-side template injection vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Loaded Commerce
 CVE-2025-66571 (UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection ...)
-	TODO: check
+	NOT-FOR-US: UNA CMS
 CVE-2025-66564 (Sigstore Timestamp Authority is a service for issuing RFC 3161 timesta ...)
 	TODO: check
 CVE-2025-66563 (Monkeytype is a minimalistic and customizable typing test. In 25.49.0  ...)
-	TODO: check
+	NOT-FOR-US: Monkeytype
 CVE-2025-66561 (SysReptor is a fully customizable pentest reporting platform. Prior to ...)
-	TODO: check
+	NOT-FOR-US: SysReptor
 CVE-2025-66559 (Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup  ...)
-	TODO: check
+	NOT-FOR-US: Taiko Alethia
 CVE-2025-66555 (AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: AirKeyboard iOS App
 CVE-2025-66544
 	REJECTED
 CVE-2025-66543
@@ -41,21 +41,21 @@ CVE-2025-66537
 CVE-2025-66536
 	REJECTED
 CVE-2025-66509 (LaraDashboard is an all-In-one solution to start a Laravel Application ...)
-	TODO: check
+	NOT-FOR-US: LaraDashboard
 CVE-2025-66506 (Fulcio is a free-to-use certificate authority for issuing code signing ...)
 	TODO: check
 CVE-2025-66479 (Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforci ...)
-	TODO: check
+	NOT-FOR-US: Anthropic Sandbox Runtime
 CVE-2025-66238 (DCIM dcTrack allows an attacker to misuse certain remote access featur ...)
 	TODO: check
 CVE-2025-66237 (DCIM dcTrack platforms utilize default and hard-coded credentials for  ...)
 	TODO: check
 CVE-2025-65959 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: open-webui
 CVE-2025-65900 (Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Kalmia CMS
 CVE-2025-65899 (Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Kalmia CMS
 CVE-2025-63896 (An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch C ...)
 	TODO: check
 CVE-2025-62223 (User interface (ui) misrepresentation of critical information in Micro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9282c947cc05877f985f89eeb1ae462dd6ce1f75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9282c947cc05877f985f89eeb1ae462dd6ce1f75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251205/cd18819d/attachment.htm>