[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 26 09:30:39 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2897faec by Salvatore Bonaccorso at 2025-11-26T10:30:03+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,41 +77,41 @@ CVE-2025-65957 (Core Bot Is an Open Source discord bot made for maple hospital s
 CVE-2025-65956 (Formwork is a flat file-based Content Management System (CMS). Prior t ...)
 	NOT-FOR-US: Formwork CMS
 CVE-2025-65953 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2025-65952 (Console is a network used to control Gorilla Tag mods' users and other ...)
-	TODO: check
+	NOT-FOR-US: Console (administrator library for Gorilla Tag mods)
 CVE-2025-65942 (VictoriaMetrics is a scalable solution for monitoring and managing tim ...)
-	TODO: check
+	NOT-FOR-US: VictoriaMetrics
 CVE-2025-64983 (Smart Video Doorbell firmware versions prior to 2.01.078 contain an ac ...)
-	TODO: check
+	NOT-FOR-US: Smart Video Doorbell firmware
 CVE-2025-64713 (WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssemb ...)
-	TODO: check
+	NOT-FOR-US: WebAssembly Micro Runtime (WAMR)
 CVE-2025-64704 (WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssemb ...)
-	TODO: check
+	NOT-FOR-US: WebAssembly Micro Runtime (WAMR)
 CVE-2025-64657 (Stack-based buffer overflow in Azure Application Gateway allows an una ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-64656 (Out-of-bounds read in Application Gateway allows an unauthorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-63735 (A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleash ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-62703 (Fugue is a unified interface for distributed computing that lets users ...)
-	TODO: check
+	NOT-FOR-US: Fugue
 CVE-2025-58360 (GeoServer is an open source server that allows users to share and edit ...)
-	TODO: check
+	NOT-FOR-US: GeoServer
 CVE-2025-55174 (In KDE Skanpage before 25.08.0, an attempt at file overwrite can resul ...)
 	- skanpage <unfixed>
 	NOTE: https://kde.org/info/security/advisory-20250811-1.txt
 	NOTE: https://commits.kde.org/skanpage/19308900da27b46739f2360426b91479e7179a2f (v25.07.90)
 CVE-2025-51746 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber ...)
-	TODO: check
+	NOT-FOR-US: jishenghua JSH_ERP
 CVE-2025-51745 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan  ...)
-	TODO: check
+	NOT-FOR-US: jishenghua JSH_ERP
 CVE-2025-51744 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser ...)
-	TODO: check
+	NOT-FOR-US: jishenghua JSH_ERP
 CVE-2025-51743 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCate ...)
-	TODO: check
+	NOT-FOR-US: jishenghua JSH_ERP
 CVE-2025-51741 (An issue was discovered in Veal98 Echo Open-Source Community System 2. ...)
-	TODO: check
+	NOT-FOR-US: Veal98 Echo Open-Source Community System
 CVE-2025-21621 (GeoServer is an open source server that allows users to share and edit ...)
 	TODO: check
 CVE-2025-13735 (Out-of-bounds Read vulnerability in ASR1903\u3001ASR3901 in ASR Lapwin ...)
@@ -171,7 +171,7 @@ CVE-2025-60739 (Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1
 CVE-2025-51742 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/get ...)
 	NOT-FOR-US: jishenghua JSH_ERP
 CVE-2025-40890 (A Stored Cross-Site Scripting vulnerability was discovered in the Dash ...)
-	TODO: check
+	NOT-FOR-US: Nozomi Networks
 CVE-2025-36134 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 thro ...)
 	NOT-FOR-US: IBM
 CVE-2025-34350 (UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary  ...)
@@ -245,7 +245,7 @@ CVE-2025-66179
 CVE-2025-65951 (Inside Track / Entropy Derby is a research-grade horse-racing betting  ...)
 	NOT-FOR-US: Entropy Derby
 CVE-2025-65944 (Sentry-Javascript is an official Sentry SDKs for JavaScript. From vers ...)
-	TODO: check
+	NOT-FOR-US: Sentry-Javascript
 CVE-2025-64761 (OpenBao is an open source identity-based secrets management system. Pr ...)
 	- openbao <itp> (bug #1069794)
 CVE-2025-64730 (Cross-site scripting vulnerability exists in SNC-CX600W all versions.  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2897faec5fd1af723346a6c9dfc84401d3c63b8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2897faec5fd1af723346a6c9dfc84401d3c63b8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251126/e3c820ed/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list