[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon Dec 8 20:28:23 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
384cb6d2 by Salvatore Bonaccorso at 2025-12-08T21:28:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-66461 (FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers ...)
-	TODO: check
+	NOT-FOR-US: FULLBACK Manager Pro
 CVE-2025-66334 (Denial of service (DoS) vulnerability in the office service. Impact: S ...)
 	NOT-FOR-US: Huawei
 CVE-2025-66333 (Denial of service (DoS) vulnerability in the office service. Impact: S ...)
@@ -27,23 +27,23 @@ CVE-2025-66323 (Vulnerability of improper criterion security check in the card m
 CVE-2025-66322 (Multi-thread race condition vulnerability in the camera framework modu ...)
 	NOT-FOR-US: Huawei
 CVE-2025-65849 (A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version ...)
-	TODO: check
+	NOT-FOR-US: Altcha
 CVE-2025-65804 (Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via th ...)
 	NOT-FOR-US: Tenda
 CVE-2025-65799 (A lack of file name validation or verification in the Attachment servi ...)
-	TODO: check
+	NOT-FOR-US: usememos memos
 CVE-2025-65798 (Incorrect access control in usememos memos v0.25.2 allows attackers wi ...)
-	TODO: check
+	NOT-FOR-US: usememos memos
 CVE-2025-65797 (Incorrect access control in the Identity Provider service of usememos  ...)
-	TODO: check
+	NOT-FOR-US: usememos memos
 CVE-2025-65796 (Incorrect access control in usememos memos v0.25.2 allows attackers wi ...)
-	TODO: check
+	NOT-FOR-US: usememos memos
 CVE-2025-65795 (Incorrect access control in the /api/v1/user endpoint of usememos memo ...)
-	TODO: check
+	NOT-FOR-US: usememos memos
 CVE-2025-65548 (NUT-14 allows cashu tokens to be created with a preimage hash. However ...)
 	TODO: check
 CVE-2025-65363 (Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1. ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2025-65271 (Client-side template injection (CSTI) in Azuriom CMS admin dashboard a ...)
 	TODO: check
 CVE-2025-65231 (Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Script ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384cb6d26f9bae34555561a6317939e6532cc5f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384cb6d26f9bae34555561a6317939e6532cc5f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251208/d5546b23/attachment.htm>
