[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon Nov 17 21:06:36 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6cf9e07 by Salvatore Bonaccorso at 2025-11-17T22:06:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
 CVE-2025-65083 (GoSign Desktop through 2.4.1 disables TLS certificate validation when  ...)
-	TODO: check
+	NOT-FOR-US: GoSign Desktop
 CVE-2025-64758 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...)
-	TODO: check
+	NOT-FOR-US: DependencyTrack/frontend
 CVE-2025-64756 (Glob matches files using patterns the shell uses. From versions 10.3.7 ...)
 	TODO: check
 CVE-2025-64342 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
-	TODO: check
+	NOT-FOR-US: ESF-IDF
 CVE-2025-64046 (OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) i ...)
-	TODO: check
+	NOT-FOR-US: OpenRapid RapidCMS
 CVE-2025-63918 (PDFPatcher executable does not validate user-supplied file paths, allo ...)
-	TODO: check
+	NOT-FOR-US: PDFPatcher
 CVE-2025-63917 (PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functional ...)
-	TODO: check
+	NOT-FOR-US: PDFPatcher
 CVE-2025-63916 (MyScreenTools v2.2.1.0 contains a critical OS command injection vulner ...)
-	TODO: check
+	NOT-FOR-US: MyScreenTools
 CVE-2025-63748 (QaTraq 6.9.2 allows authenticated users to upload arbitrary files via  ...)
-	TODO: check
+	NOT-FOR-US: QaTraq
 CVE-2025-63747 (QaTraq 6.9.2 ships with administrative account credentials which are e ...)
-	TODO: check
+	NOT-FOR-US: QaTraq
 CVE-2025-63708 (Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI F ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-63292 (Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7. ...)
-	TODO: check
+	NOT-FOR-US: Freebox
 CVE-2025-62519 (phpMyFAQ is an open source FAQ web application. Prior to version 4.0.1 ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2025-58410 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2025-58407 (Kernel or driver software installed on a Guest VM may post improper co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6cf9e07ee60dc2b663b7993f527fc2395d97a70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6cf9e07ee60dc2b663b7993f527fc2395d97a70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251117/7a6bfcc9/attachment-0001.htm>
