[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 19 08:28:47 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce07f531 by Salvatore Bonaccorso at 2025-11-19T09:28:23+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,38 +19,38 @@ CVE-2025-65934
 CVE-2025-65933
 	REJECTED
 CVE-2025-65093 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2025-65015 (joserfc is a Python library that provides an implementation of several ...)
 	- joserfc <unfixed>
 	NOTE: https://github.com/authlib/joserfc/security/advisories/GHSA-frfh-8v73-gjg4
 	NOTE: Fixed by: https://github.com/authlib/joserfc/commit/63932f169d924caffafa761af2122b82059017f7 (1.4.2)
 	NOTE: Fixed by: https://github.com/authlib/joserfc/commit/673c8743fd0605b0e1de6452be6cba75f44e466b (1.3.5)
 CVE-2025-65014 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2025-65013 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2025-65012 (Kirby is an open-source content management system. From versions 5.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2025-64515 (Open Forms allows users create and publish smart forms. Prior to versi ...)
-	TODO: check
+	NOT-FOR-US: Open Forms
 CVE-2025-64325 (Emby Server is a personal media server. Prior to version 4.8.1.0 and p ...)
-	TODO: check
+	NOT-FOR-US: Emby Server
 CVE-2025-64324 (KubeVirt is a virtual machine management add-on for Kubernetes. The `h ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2025-63229 (The Mozart FM Transmitter web management interface on version WEBMOZZI ...)
-	TODO: check
+	NOT-FOR-US: Mozart FM Transmitter
 CVE-2025-63217 (The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Itel DAB MUX
 CVE-2025-63216 (The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentic ...)
-	TODO: check
+	NOT-FOR-US: Itel DAB Gateway
 CVE-2025-63215 (The Sound4 IMPACT web-based management interface is vulnerable to Remo ...)
-	TODO: check
+	NOT-FOR-US: Sound4 IMPACT
 CVE-2025-62406 (Piwigo is a full featured open source photo gallery application for th ...)
 	TODO: check
 CVE-2025-54990 (XWiki AdminTools integrates administrative tools for managing a runnin ...)
 	NOT-FOR-US: XWiki
 CVE-2025-13225 (Tanium addressed an arbitrary file deletion vulnerability in TanOS.)
-	TODO: check
+	NOT-FOR-US: TanOS
 CVE-2025-13206 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13145 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...)
@@ -66,7 +66,7 @@ CVE-2025-13035 (The Code Snippets plugin for WordPress is vulnerable to PHP Code
 CVE-2025-12878 (The FunnelKit \u2013 Funnel Builder for WooCommerce Checkout plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12852 (DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX Al ...)
-	TODO: check
+	NOT-FOR-US: NEC Corporation RakurakuMusen Start EX
 CVE-2025-12842 (The Booking Plugin for WordPress Appointments \u2013 Time Slot plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12822 (The WP Login and Register using JWT plugin for WordPress is vulnerable ...)
@@ -102,9 +102,9 @@ CVE-2025-12119 (A mongoc_bulk_operation_t may read invalid memory if large optio
 CVE-2025-12057 (The WavePlayer WordPress plugin before 3.8.0 does not have authorizati ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12056 (Out-of-bounds Read in Shelly Pro 3EM(before v1.4.4) allows Overread Bu ...)
-	TODO: check
+	NOT-FOR-US: Shelly Pro 3EM
 CVE-2025-11243 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Shelly Pro 4PM
 CVE-2025-12106 [IPv6 address parsing: fix buffer overread on invalid input]
 	- openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
 	NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-12106



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce07f531b7288e369d9d5bd7cfab223e7621f8e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce07f531b7288e369d9d5bd7cfab223e7621f8e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251119/86427a3f/attachment.htm>

More information about the debian-security-tracker-commits mailing list