[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 25 20:43:34 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54fb55f3 by Salvatore Bonaccorso at 2025-11-25T21:37:52+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-9624 (A vulnerability in OpenSearch allows attackers to cause Denial of Serv ...)
 	- opensearch <unfixed>
 CVE-2025-66017 (CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round sig ...)
-	TODO: check
+	NOT-FOR-US: LFDT-Lockness CGGMP21/CGGMP24
 CVE-2025-66016 (CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round sig ...)
-	TODO: check
+	NOT-FOR-US: LFDT-Lockness CGGMP21/CGGMP24
 CVE-2025-65965 (Grype is a vulnerability scanner for container images and filesystems. ...)
 	- grype <itp> (bug #1061720)
 CVE-2025-65961 (Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, be ...)
@@ -37,19 +37,19 @@ CVE-2025-64049 (A stored cross-site scripting (XSS) vulnerability in the module
 CVE-2025-63729 (An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.0 ...)
 	NOT-FOR-US: Syrotech
 CVE-2025-61168 (An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows at ...)
-	TODO: check
+	NOT-FOR-US: SIGB PMB
 CVE-2025-61167 (SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: SIGB PMB
 CVE-2025-60739 (Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Serve ...)
-	TODO: check
+	NOT-FOR-US: Ilevia EVE X1 Server
 CVE-2025-51742 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/get ...)
-	TODO: check
+	NOT-FOR-US: jishenghua JSH_ERP
 CVE-2025-40890 (A Stored Cross-Site Scripting vulnerability was discovered in the Dash ...)
 	TODO: check
 CVE-2025-36134 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 thro ...)
 	NOT-FOR-US: IBM
 CVE-2025-34350 (UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: UnForm Server
 CVE-2025-33205 (NVIDIA NeMo framework contains a vulnerability in a predefined variabl ...)
 	NOT-FOR-US: NVIDIA
 CVE-2025-33204 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
@@ -57,37 +57,37 @@ CVE-2025-33204 (NVIDIA NeMo Framework for all platforms contains a vulnerability
 CVE-2025-33203 (NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the c ...)
 	TODO: check
 CVE-2025-33200 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33199 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33198 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33197 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33196 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33195 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33194 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33193 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33192 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33191 (NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, whe ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33190 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33189 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33188 (NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources w ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33187 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an atta ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-13502 (A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allow ...)
 	TODO: check
 CVE-2025-13483 (SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs.  ...)
-	TODO: check
+	NOT-FOR-US: SiRcom SMART Alert (SiSA)
 CVE-2025-13467 (A flaw was found in the Keycloak LDAP User Federation provider. This v ...)
 	TODO: check
 CVE-2025-12816 (An interpretation-conflict (CWE-436) vulnerability in node-forge versi ...)
@@ -139,7 +139,7 @@ CVE-2025-62691 (Security Point (Windows) of MaLion and MaLionCloud contains a st
 CVE-2025-62497 (Cross-site request forgery vulnerability exists in SNC-CX600W versions ...)
 	NOT-FOR-US: SNC-CX600W
 CVE-2025-62155 (New API is a large language mode (LLM) gateway and artificial intellig ...)
-	TODO: check
+	NOT-FOR-US: QuantumNous/new-api
 CVE-2025-59485 (Incorrect default permissions issue exists in Security Point (Windows) ...)
 	NOT-FOR-US: MaLion
 CVE-2025-59373 (A local privilege escalation vulnerability exists in    the restore me ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fb55f33f0d734e292fa5b20c7ecc8c97ce770d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54fb55f33f0d734e292fa5b20c7ecc8c97ce770d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251125/95247640/attachment.htm>

More information about the debian-security-tracker-commits mailing list