[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 15 21:25:38 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c4df1f6 by Salvatore Bonaccorso at 2025-12-15T22:25:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,51 +7,51 @@ CVE-2025-66844 (In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector m
 CVE-2025-66843 (grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) v ...)
 	NOT-FOR-US: Grav CMS
 CVE-2025-66440 (An issue was discovered in Frappe ERPNext through 15.89.0. Function ge ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-66439 (An issue was discovered in Frappe ERPNext through 15.89.0. Function ge ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-66438 (A Server-Side Template Injection (SSTI) vulnerability exists in the Fr ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-66437 (An SSTI (Server-Side Template Injection) vulnerability exists in the g ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-66436 (An SSTI (Server-Side Template Injection) vulnerability exists in the g ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-66435 (An SSTI (Server-Side Template Injection) vulnerability exists in the g ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-66434 (An SSTI (Server-Side Template Injection) vulnerability exists in the g ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERPNext
 CVE-2025-65835 (The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-Phone ...)
-	TODO: check
+	NOT-FOR-US: Cordova plugin cordova-plugin-x-socialsharing
 CVE-2025-65782 (An issue was discovered in Wekan The Open Source kanban board system u ...)
-	TODO: check
+	NOT-FOR-US: Wekan
 CVE-2025-65781 (An issue was discovered in Wekan The Open Source kanban board system u ...)
-	TODO: check
+	NOT-FOR-US: Wekan
 CVE-2025-65780 (An issue was discovered in Wekan The Open Source kanban board system u ...)
-	TODO: check
+	NOT-FOR-US: Wekan
 CVE-2025-65779 (An issue was discovered in Wekan The Open Source kanban board system u ...)
-	TODO: check
+	NOT-FOR-US: Wekan
 CVE-2025-65778 (An issue was discovered in Wekan The Open Source kanban board system u ...)
-	TODO: check
+	NOT-FOR-US: Wekan
 CVE-2025-65742 (An unauthenticated Broken Function Level Authorization (BFLA) vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Newgen OmniDocs
 CVE-2025-65431 (An issue was discovered in allauth-django before 65.13.0. Both Okta an ...)
 	TODO: check
 CVE-2025-65430 (An issue was discovered in allauth-django before 65.13.0. IdP: marking ...)
 	TODO: check
 CVE-2025-65213 (MooreThreads torch_musa through all versions contains an unsafe deseri ...)
-	TODO: check
+	NOT-FOR-US: MooreThreads torch_musa
 CVE-2025-65176 (An issue was discovered in Dynatrace OneAgent before 1.325.47. When at ...)
-	TODO: check
+	NOT-FOR-US: Dynatrace OneAgent
 CVE-2025-60786 (A Zip Slip vulnerability in the import a Project component of iceScrum ...)
-	TODO: check
+	NOT-FOR-US: iceScrum
 CVE-2025-55901 (TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injec ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-55893 (TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Inject ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-55703 (An error-based SQL injection vulnerability exists in the Sunbird Power ...)
-	TODO: check
+	NOT-FOR-US: Sunbird Power IQ
 CVE-2025-51962 (A HTML Injection vulnerability in the comment section of the project p ...)
-	TODO: check
+	NOT-FOR-US: MicroStudio
 CVE-2025-37732 (Improper neutralization of input during web page generation ('Cross-si ...)
 	TODO: check
 CVE-2025-37731 (Improper Authentication in Elasticsearch PKI realm can lead to user im ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c4df1f640a8b6d44390fbc562a017b8f3d6d08d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c4df1f640a8b6d44390fbc562a017b8f3d6d08d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251215/c6e3a4b4/attachment.htm>

More information about the debian-security-tracker-commits mailing list