[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 23 08:44:40 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df72373a by Salvatore Bonaccorso at 2025-12-23T09:44:18+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-68651
CVE-2025-68650
REJECTED
CVE-2025-68614 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2025-68480 (Marshmallow is a lightweight library for converting complex objects to ...)
- python-marshmallow <unfixed>
NOTE: https://github.com/marshmallow-code/marshmallow/security/advisories/GHSA-428g-f7cq-pgp5
@@ -22,23 +22,23 @@ CVE-2025-68480 (Marshmallow is a lightweight library for converting complex obje
NOTE: https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41 (3.26.2)
NOTE: https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af (3.26.2)
CVE-2025-68476 (KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior t ...)
- TODO: check
+ NOT-FOR-US: KEDA
CVE-2025-68475 (Fedify is a TypeScript library for building federated server apps powe ...)
- TODO: check
+ NOT-FOR-US: Fedify
CVE-2025-67743 (Local Deep Research is an AI-powered research assistant for deep, iter ...)
- TODO: check
+ NOT-FOR-US: Local Deep Research
CVE-2025-67436 (Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows ...)
- pluxml <removed>
CVE-2025-66736 (youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The imp ...)
- TODO: check
+ NOT-FOR-US: youlai-boot
CVE-2025-66735 (youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The get ...)
- TODO: check
+ NOT-FOR-US: youlai-boot
CVE-2025-65857 (An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00 ...)
- TODO: check
+ NOT-FOR-US: Xiongmai
CVE-2025-65856 (Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Fi ...)
- TODO: check
+ NOT-FOR-US: Xiongmai
CVE-2025-65817 (LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability ...)
- TODO: check
+ NOT-FOR-US: LSC Smart Connect Indoor IP Camera
CVE-2025-34458 (wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to ...)
TODO: check
CVE-2025-34457 (wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to ...)
@@ -46,67 +46,67 @@ CVE-2025-34457 (wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, pr
CVE-2025-15034 (A security flaw has been discovered in itsourcecode Student Management ...)
NOT-FOR-US: itsourcecode System
CVE-2024-27708 (Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes M ...)
- TODO: check
+ NOT-FOR-US: MyNET
CVE-2023-53981 (PhotoShow 3.0 contains a remote code execution vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: PhotoShow
CVE-2023-53980 (ProjectSend r1605 contains a remote code execution vulnerability that ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2023-53979 (MyBB 1.8.32 contains a chained vulnerability that allows authenticated ...)
NOT-FOR-US: MyBB
CVE-2023-53978 (myBB Forums 1.8.26 contains a stored cross-site scripting vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2023-53977 (myBB Forums 1.8.26 contains a stored cross-site scripting vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2023-53976 (myBB Forums 1.8.26 contains a stored cross-site scripting vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2023-53975 (Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Atom CMS
CVE-2023-53974 (D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulner ...)
NOT-FOR-US: D-Link
CVE-2023-53973 (Zillya Total Security 3.0.2367.0 contains a privilege escalation vulne ...)
- TODO: check
+ NOT-FOR-US: Zillya Total Security
CVE-2023-53972 (WebTareas 2.4 contains a SQL injection vulnerability in the webTareasS ...)
- TODO: check
+ NOT-FOR-US: WebTareas
CVE-2023-53971 (WebTareas 2.4 contains a file upload vulnerability that allows authent ...)
- TODO: check
+ NOT-FOR-US: WebTareas
CVE-2023-53970 (Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB 600/C Firmware
CVE-2023-53969 (Screen SFT DAB 600/C firmware 1.9.3 contains a session management vuln ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB 600/C firmware
CVE-2023-53968 (Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vuln ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB 600/C Firmware
CVE-2023-53967 (Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB 600/C firmware
CVE-2023-53966 (SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnera ...)
- TODO: check
+ NOT-FOR-US: SOUND4 LinkAndShare Transmitter
CVE-2023-53965 (SOUND4 Server Service 4.1.102 contains an unquoted service path vulner ...)
- TODO: check
+ NOT-FOR-US: SOUND4 Server Service
CVE-2023-53964 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnera ...)
- TODO: check
+ NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2023-53963 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS comm ...)
- TODO: check
+ NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2023-53962 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directo ...)
- TODO: check
+ NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2023-53961 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forge ...)
- TODO: check
+ NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2023-53960 (SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2023-53955 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object ...)
- TODO: check
+ NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2022-50690 (Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation ...)
- TODO: check
+ NOT-FOR-US: Wondershare MirrorGo
CVE-2022-50689 (Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cobian Reflector
CVE-2022-50688 (Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vul ...)
- TODO: check
+ NOT-FOR-US: Cobian Backup Gravity
CVE-2022-50687 (Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulne ...)
- TODO: check
+ NOT-FOR-US: Cobian Backup 11 Gravity
CVE-2021-47715 (Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Hasura
CVE-2021-47714 (Hasura GraphQL 1.3.3 contains a local file read vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: Hasura
CVE-2021-47713 (Hasura GraphQL 1.3.3 contains a denial of service vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Hasura
CVE-2025-68615 (net-snmp is a SNMP application library, tools and daemon. Prior to ver ...)
- net-snmp <unfixed> (bug #1123861)
NOTE: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df72373aa91f8fdfec424622f381f19c013775bd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df72373aa91f8fdfec424622f381f19c013775bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251223/ea3cca3f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list