[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 17 07:27:06 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04245bc0 by Salvatore Bonaccorso at 2025-12-17T08:26:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -652,7 +652,7 @@ CVE-2025-68156 (Expr is an expression language and expression evaluation for Go.
 CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC) support for V ...)
 	NOT-FOR-US: React Server Components (RSC) support plugin for Vite
 CVE-2025-68154 (systeminformation is a System and OS information library for node.js.  ...)
-	TODO: check
+	NOT-FOR-US: systeminformation Node.js module
 CVE-2025-68150 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2025-68146 (filelock is a platform-independent file lock for Python. In versions p ...)
@@ -901,11 +901,11 @@ CVE-2025-64012 (InvoicePlane commit debb446c is vulnerable to Incorrect Access C
 CVE-2025-63414 (A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06 ...)
 	NOT-FOR-US: Allsky WebUI
 CVE-2025-62864 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices b ...)
-	TODO: check
+	NOT-FOR-US: AmpereOne
 CVE-2025-62863 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices b ...)
-	TODO: check
+	NOT-FOR-US: AmpereOne
 CVE-2025-62862 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices b ...)
-	TODO: check
+	NOT-FOR-US: AmpereOne
 CVE-2025-62849 (An SQL injection vulnerability has been reported to affect several QNA ...)
 	NOT-FOR-US: QNAP
 CVE-2025-62848 (A NULL pointer dereference vulnerability has been reported to affect s ...)
@@ -919,11 +919,11 @@ CVE-2025-62329 (HCL DevOps Deploy / HCL Launch is susceptible to a race conditio
 CVE-2025-61976 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper che ...)
 	NOT-FOR-US: CHOCO TEI WATCHER mini (IB-MCT001)
 CVE-2025-59947 (NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2025-59935 (GLPI is a free asset and IT management software package. Starting in v ...)
 	TODO: check
 CVE-2025-59479 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper res ...)
-	TODO: check
+	NOT-FOR-US: CHOCO TEI WATCHER mini (IB-MCT001)
 CVE-2025-59385 (An authentication bypass by spoofing vulnerability has been reported t ...)
 	NOT-FOR-US: QNAP
 CVE-2025-59009 (Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify  ...)
@@ -943,11 +943,11 @@ CVE-2025-54005 (Missing Authorization vulnerability in sonalsinha21 SKT Page Bui
 CVE-2025-54004 (Missing Authorization vulnerability in WC Lovers WCFM \u2013 Frontend  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52196 (Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x ...)
-	TODO: check
+	NOT-FOR-US: Ctera Portal
 CVE-2025-50401 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffe ...)
-	TODO: check
+	NOT-FOR-US: Mercury D196G
 CVE-2025-50398 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffe ...)
-	TODO: check
+	NOT-FOR-US: Mercury D196G
 CVE-2025-49300 (Insertion of Sensitive Information Into Sent Data vulnerability in shi ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46296 (An authorization bypass vulnerability in FileMaker Server Admin Consol ...)
@@ -1054,7 +1054,7 @@ CVE-2025-33210 (NVIDIA Isaac Lab contains a deserialization vulnerability.  A su
 CVE-2025-29231 (A stored cross-site scripting (XSS) vulnerability in the page_save com ...)
 	NOT-FOR-US: Linksys
 CVE-2025-14780 (A vulnerability was detected in Xiongwei Smart Catering Cloud Platform ...)
-	TODO: check
+	NOT-FOR-US: Xiongwei Smart Catering Cloud Platform
 CVE-2025-14777 (A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerab ...)
 	TODO: check
 CVE-2025-14758 (Incorrect configuration of replication security in the MariaDB compone ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04245bc0bf99dc7720f50f78754d2ec55495727a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04245bc0bf99dc7720f50f78754d2ec55495727a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/01716972/attachment.htm>

More information about the debian-security-tracker-commits mailing list