[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a8e82cf by Salvatore Bonaccorso at 2025-11-11T10:12:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,11 +53,11 @@ CVE-2025-63678 (An authenticated arbitrary file upload vulnerability in the /upl
 CVE-2025-63617 (ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserializat ...)
 	NOT-FOR-US: ktg-mes
 CVE-2025-63397 (Improper input validation in OneFlow v0.9.0 allows attackers to cause  ...)
-	TODO: check
+	NOT-FOR-US: OneFlow
 CVE-2025-63384 (A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before i ...)
-	TODO: check
+	NOT-FOR-US: RISC-V Rocket-Chip
 CVE-2025-63296 (KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 c ...)
-	TODO: check
+	NOT-FOR-US: KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware
 CVE-2025-62780 (changedetection.io is a free open source web page change detection too ...)
 	TODO: check
 CVE-2025-5718 (The ACAP Application framework could allow privilege escalation throug ...)
@@ -69,13 +69,13 @@ CVE-2025-5452 (A malicious ACAP application can gain access to admin-level servi
 CVE-2025-4645 (An ACAP configuration file lacked sufficient input validation, which c ...)
 	NOT-FOR-US: Axis Communication
 CVE-2025-49145 (Combodo iTop is a web based IT service management tool. In versions pr ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2025-48878 (Combodo iTop is a web based IT service management tool. In versions on ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2025-48065 (Combodo iTop is a web based IT service management tool. Versions prior ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2025-48055 (Combodo iTop is a web based IT service management tool. In versions pr ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2025-42940 (SAP CommonCryptoLib does not perform necessary boundary checks during  ...)
 	NOT-FOR-US: SAP
 CVE-2025-42924 (SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated a ...)
@@ -245,9 +245,9 @@ CVE-2025-11129 (The Include Fussball.de Widgets plugin for WordPress is vulnerab
 CVE-2025-10714 (AXIS Optimizer was vulnerable to an unquoted search path vulnerability ...)
 	NOT-FOR-US: Axis Communication
 CVE-2021-4462 (Employee Records System version 1.0 contains an unrestricted file uplo ...)
-	TODO: check
+	NOT-FOR-US: Employee Records System
 CVE-2018-25124 (PacsOne Server version 6.6.2 (prior versions are likely affected) cont ...)
-	TODO: check
+	NOT-FOR-US: PacsOne Server
 CVE-2025-8768
 	REJECTED
 CVE-2025-64690 (In JetBrains YouTrack before 2025.3.104432 insecure Junie configuratio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a8e82cf58c2446362338f860c56c0482b74e641

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a8e82cf58c2446362338f860c56c0482b74e641
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251111/364f5610/attachment-0001.htm>