[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1dad0d38 by Salvatore Bonaccorso at 2025-11-25T21:29:37+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,35 +7,35 @@ CVE-2025-66016 (CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-rou
 CVE-2025-65965 (Grype is a vulnerability scanner for container images and filesystems. ...)
 	- grype <itp> (bug #1061720)
 CVE-2025-65961 (Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, be ...)
-	TODO: check
+	NOT-FOR-US: Contao CMS
 CVE-2025-65960 (Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, be ...)
-	TODO: check
+	NOT-FOR-US: Contao CMS
 CVE-2025-65647 (Insecure Direct Object Reference (IDOR) in the Track order function in ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-65085 (A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum ...)
-	TODO: check
+	NOT-FOR-US: Ashlar-Vellum
 CVE-2025-65084 (An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobal ...)
-	TODO: check
+	NOT-FOR-US: Ashlar-Vellum
 CVE-2025-64067 (Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving obj ...)
-	TODO: check
+	NOT-FOR-US: Primakon Pi Portal
 CVE-2025-64066 (Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers  ...)
-	TODO: check
+	NOT-FOR-US: Primakon Pi Portal
 CVE-2025-64065 (The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fail ...)
-	TODO: check
+	NOT-FOR-US: Primakon Pi Portal
 CVE-2025-64064 (Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequatel ...)
-	TODO: check
+	NOT-FOR-US: Primakon Pi Portal
 CVE-2025-64063 (Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient aut ...)
-	TODO: check
+	NOT-FOR-US: Primakon Pi Portal
 CVE-2025-64062 (The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used  ...)
-	TODO: check
+	NOT-FOR-US: Primakon Pi Portal
 CVE-2025-64061 (Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unau ...)
-	TODO: check
+	NOT-FOR-US: Primakon Pi Portal
 CVE-2025-64050 (A Remote Code Execution (RCE) vulnerability in the template management ...)
-	TODO: check
+	NOT-FOR-US: REDAXO CMS
 CVE-2025-64049 (A stored cross-site scripting (XSS) vulnerability in the module manage ...)
-	TODO: check
+	NOT-FOR-US: REDAXO CMS
 CVE-2025-63729 (An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.0 ...)
-	TODO: check
+	NOT-FOR-US: Syrotech
 CVE-2025-61168 (An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows at ...)
 	TODO: check
 CVE-2025-61167 (SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dad0d38152d5ce62af7b239e2ef8f0d54616a66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dad0d38152d5ce62af7b239e2ef8f0d54616a66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251125/acd13758/attachment.htm>