[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Dec 19 20:33:56 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
475d9a02 by Salvatore Bonaccorso at 2025-12-19T21:33:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2025-68478 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2025-68477 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2025-68457 (Orejime is a consent manager that focuses on accessibility. On HTML el ...)
-	TODO: check
+	NOT-FOR-US: Orejime
 CVE-2025-68430 (CVAT is an open source interactive video and image annotation tool for ...)
-	TODO: check
+	NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2025-67442 (EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/exp ...)
-	TODO: check
+	NOT-FOR-US: EVE-NG
 CVE-2025-67048
 	REJECTED
 CVE-2025-67047
@@ -21,25 +21,25 @@ CVE-2025-67044
 CVE-2025-67043
 	REJECTED
 CVE-2025-66911 (Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access  ...)
-	TODO: check
+	NOT-FOR-US: Turms IM Server
 CVE-2025-66910 (Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext passwor ...)
-	TODO: check
+	NOT-FOR-US: Turms Server
 CVE-2025-66909 (Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image ...)
-	TODO: check
+	NOT-FOR-US: Turms AI-Serving module
 CVE-2025-66908 (Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an impro ...)
-	TODO: check
+	NOT-FOR-US: Turms AI-Serving module
 CVE-2025-66906 (Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thr ...)
-	TODO: check
+	NOT-FOR-US: Turms Admin API
 CVE-2025-66905 (The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to cano ...)
-	TODO: check
+	NOT-FOR-US: Takes
 CVE-2025-66580 (Dive is an open-source MCP Host Desktop Application that enables integ ...)
-	TODO: check
+	NOT-FOR-US: Dive
 CVE-2025-66524 (Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-65035 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventor ...)
-	TODO: check
+	NOT-FOR-US: GLPI plugin (databaseinventory)
 CVE-2025-63665 (An issue in GT Edge AI Platform Versions before v2.0.10-dev allows att ...)
-	TODO: check
+	NOT-FOR-US: GT Edge AI Platform
 CVE-2025-58053 (Galette is a membership management web application for non profit orga ...)
 	TODO: check
 CVE-2025-58052 (Galette is a membership management web application for non profit orga ...)
@@ -49,7 +49,7 @@ CVE-2025-53922 (Galette is a membership management web application for non profi
 CVE-2025-50681 (igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a ...)
 	TODO: check
 CVE-2025-34433 (AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2025-1928 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
 	TODO: check
 CVE-2025-1927 (Cross-Site Request Forgery (CSRF) vulnerability in Restajet Informatio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475d9a025aed1b64312d6ca681475b9e99f4e74b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475d9a025aed1b64312d6ca681475b9e99f4e74b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251219/b7fa47d8/attachment.htm>
