[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Dec 9 20:09:37 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59f27a68 by Salvatore Bonaccorso at 2025-12-09T21:09:02+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,7 +60,7 @@ CVE-2025-14321
 CVE-2025-67504 (WBCE CMS is a content management system. Versions 1.6.4 and below use  ...)
 	NOT-FOR-US: WBCE CMS
 CVE-2025-67487 (Static Web Server (SWS) is a production-ready web server suitable for  ...)
-	TODO: check
+	NOT-FOR-US: Static Web Server (SWS)
 CVE-2025-66649
 	REJECTED
 CVE-2025-66631 (CSLA .NET is a framework designed for the development of reusable, obj ...)
@@ -76,7 +76,7 @@ CVE-2025-66568 (The ruby-saml library implements the client side of an SAML auth
 CVE-2025-66567 (The ruby-saml library is for implementing the client side of a SAML au ...)
 	TODO: check
 CVE-2025-66565 (Fiber Utils is a collection of common functions created for Fiber. In  ...)
-	TODO: check
+	NOT-FOR-US: Fiber Utils (gofiber)
 CVE-2025-66508 (1Panel is an open-source, web-based control panel for Linux server man ...)
 	NOT-FOR-US: 1Panel
 CVE-2025-66507 (1Panel is an open-source, web-based control panel for Linux server man ...)
@@ -92,17 +92,17 @@ CVE-2025-66470 (NiceGUI is a Python-based UI framework. Versions 3.3.1 and below
 CVE-2025-66469 (NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are v ...)
 	NOT-FOR-US: NiceGUI
 CVE-2025-66204 (WBCE CMS is a content management system. Version 1.6.4 contains a brut ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2025-66202 (Astro is a web framework. Versions 5.15.7 and below have a double URL  ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2025-65964 (n8n is an open source workflow automation platform. Versions 0.123.1 t ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2025-65962 (Tuleap is a free and open source suite for management of software deve ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-65229 (A stored cross-site scripting (XSS) vulnerability exists in the web in ...)
-	TODO: check
+	NOT-FOR-US: Lyrion Music Server
 CVE-2025-65228 (A stored cross-site scripting vulnerability exists in the web manageme ...)
-	TODO: check
+	NOT-FOR-US: R.V.R. Elettronica TLK302T telemetry controller
 CVE-2025-64760 (Tuleap is a free and open source suite for management of software deve ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-64650 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could d ...)
@@ -148,11 +148,11 @@ CVE-2025-36015 (IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 1
 CVE-2025-33111 (IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0  ...)
 	NOT-FOR-US: IBM
 CVE-2025-14311 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: JMRI
 CVE-2025-14310 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
-	TODO: check
+	NOT-FOR-US: rethinkdb
 CVE-2025-14309 (NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue ...)
-	TODO: check
+	NOT-FOR-US: ravynos
 CVE-2025-14308 (An integer overflow vulnerability exists in the write method of the Bu ...)
 	TODO: check
 CVE-2025-14307 (An insecure temporary file creation vulnerability exists in the AutoEx ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59f27a68f905ba7382b03897f92965c7acf8a3cd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59f27a68f905ba7382b03897f92965c7acf8a3cd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/dc630a7a/attachment.htm>
