[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Dec 26 20:19:31 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
421b6e46 by Salvatore Bonaccorso at 2025-12-26T21:19:03+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2025-67349 (A cross-site scripting (XSS) vulnerability was identified in FluentCMS ...)
-	TODO: check
+	NOT-FOR-US: FluentCMS
 CVE-2025-67015 (Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advance ...)
-	TODO: check
+	NOT-FOR-US: Comtech EF Data
 CVE-2025-67014 (Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fi ...)
-	TODO: check
+	NOT-FOR-US: DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System
 CVE-2025-67013 (The web management interface in ETL Systems Ltd DEXTRA Series ' Digita ...)
-	TODO: check
+	NOT-FOR-US: ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System
 CVE-2025-66947 (SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /s ...)
-	TODO: check
+	NOT-FOR-US: krishanmuraiji SMS
 CVE-2025-66738 (An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal pr ...)
-	TODO: check
+	NOT-FOR-US: Yealink
 CVE-2025-66737 (Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: Yealink
 CVE-2025-65885 (An issue was discovered in the Delight Custom Firmware (CFW) for Nokia ...)
-	TODO: check
+	NOT-FOR-US: Delight Custom Firmware (CFW) for Nokia devices
 CVE-2025-64645 (IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate t ...)
 	NOT-FOR-US: IBM
 CVE-2025-57403 (Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS qu ...)
-	TODO: check
+	NOT-FOR-US: Cola Dnslog
 CVE-2025-36230 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injec ...)
 	NOT-FOR-US: IBM
 CVE-2025-36229 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated u ...)
@@ -27,7 +27,7 @@ CVE-2025-36228 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsisten
 CVE-2025-36192 (IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45 ...)
 	NOT-FOR-US: IBM
 CVE-2025-25341 (A vulnerability exists in the libxmljs 1.0.11 when parsing a specially ...)
-	TODO: check
+	NOT-FOR-US: Node libxmljs
 CVE-2025-1721 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtai ...)
 	NOT-FOR-US: IBM
 CVE-2025-14687 (IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authent ...)
@@ -39,11 +39,11 @@ CVE-2025-13158 (Prototype pollution vulnerability in apidoc-core versions 0.2.0
 CVE-2025-12771 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer  ...)
 	NOT-FOR-US: IBM
 CVE-2024-44065 (Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at th ...)
-	TODO: check
+	NOT-FOR-US: Cloudlog
 CVE-2024-42718 (A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attac ...)
-	TODO: check
+	NOT-FOR-US: Croogo CMS
 CVE-2024-29720 (An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a  ...)
-	TODO: check
+	NOT-FOR-US: Terra Informatica Software, Inc Sciter
 CVE-2025-8075 (Cybersecurity Nozomi Networks Labs, a specialized security company foc ...)
 	NOT-FOR-US: Hanwha Vision Co., Ltd. QNV-C8012
 CVE-2025-68946 (In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/421b6e460116964ed3fa88980875f23e058ea1fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/421b6e460116964ed3fa88980875f23e058ea1fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251226/6fca2bce/attachment.htm>
