[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3899b052 by Moritz Muehlenhoff at 2025-11-13T11:56:47+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -227,7 +227,7 @@ CVE-2025-63353 (A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the
 CVE-2025-63289 (Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in  ...)
 	NOT-FOR-US: Sogexia Android App Compile Affected SDK
 CVE-2025-62876 (A Execution with Unnecessary Privileges vulnerability in lightdm-kde-g ...)
-	TODO: check
+	NOT-FOR-US: lightdm-kde-greeter
 CVE-2025-61667 (The Datadog Agent collects events and metrics from hosts and sends the ...)
 	NOT-FOR-US: Datadog Agent
 CVE-2025-61623 (Reflected cross-site scripting vulnerability in Apache OFBiz.  This is ...)
@@ -267,7 +267,7 @@ CVE-2025-57812 (CUPS is a standards-based, open-source printing system, and `lib
 	NOTE: Fixed by: https://github.com/OpenPrinting/cups-filters/commit/7bd588a1fc5c99ac0b1951beb1b54b438137a7b5
 	NOTE: Fixed by: https://github.com/OpenPrinting/cups-filters/commit/5e5f1c5d46a043c57cbbe6e043aa95896d9c40fa
 CVE-2025-57310 (A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Fa ...)
-	TODO: check
+	NOT-FOR-US: Simple-Faucet-Script
 CVE-2025-56385 (A SQL injection vulnerability exists in the login functionality of Wel ...)
 	NOT-FOR-US: WellSky Harmony
 CVE-2025-52331 (Cross-site scripting (XSS) vulnerability in the generate report functi ...)
@@ -285,7 +285,7 @@ CVE-2025-20379 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.
 CVE-2025-20378 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and S ...)
 	NOT-FOR-US: Cisco
 CVE-2025-13058 (A security flaw has been discovered in soerennb eXtplorer up to 2.1.15 ...)
-	TODO: check
+	- extplorer <removed>
 CVE-2025-13057 (A vulnerability was identified in Campcodes School Fees Payment Manage ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-12998 (Improper Authentication vulnerability in TYPO3 Extension "Modules" cod ...)
@@ -1260,7 +1260,7 @@ CVE-2025-63384 (A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and be
 CVE-2025-63296 (KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 c ...)
 	NOT-FOR-US: KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware
 CVE-2025-62780 (changedetection.io is a free open source web page change detection too ...)
-	TODO: check
+	NOT-FOR-US: changedetection.io
 CVE-2025-5718 (The ACAP Application framework could allow privilege escalation throug ...)
 	NOT-FOR-US: Axis Communication
 CVE-2025-5454 (An ACAP configuration file lacked sufficient input validation, which c ...)
@@ -1546,7 +1546,7 @@ CVE-2025-12405 (An improper privilege management vulnerability was found in Look
 CVE-2025-12397 (A SQL injection vulnerability was found in Looker Studio.  A Looker St ...)
 	NOT-FOR-US: Looker Studio
 CVE-2025-12155 (A Command Injection vulnerability, resulting from improper file path s ...)
-	TODO: check
+	NOT-FOR-US: Looker
 CVE-2025-64170 [GHSA-c978-wq47-pvvw]
 	{DSA-6052-1}
 	- rust-sudo-rs 0.2.10-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3899b052a4985539f0ab87818211467d24b132ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3899b052a4985539f0ab87818211467d24b132ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251113/80b3a9c4/attachment.htm>