[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 26 21:34:47 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c75b8d3 by Salvatore Bonaccorso at 2025-11-26T22:34:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2025-65669 (An issue was discovered in classroomio 0.1.13. Student accounts
 CVE-2025-65278 (An issue was discovered in file users.json in GroceryMart commit 21934 ...)
 	NOT-FOR-US: GroceryMart
 CVE-2025-65276 (An unauthenticated administrative access vulnerability exists in the o ...)
-	TODO: check
+	NOT-FOR-US: HashTech
 CVE-2025-65239 (Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCod ...)
 	NOT-FOR-US: OpenCode Systems USSD Gateway OC
 CVE-2025-65238 (Incorrect access control in the getSubUsersByProvider function of Open ...)
@@ -51,25 +51,25 @@ CVE-2025-63938 (Tinyproxy through 1.11.2 contains an integer overflow vulnerabil
 CVE-2025-62728 (SQL injection vulnerability in Hive Metastore Server (HMS) when proces ...)
 	TODO: check
 CVE-2025-62354 (Improper neutralization of special elements used in an OS command ('co ...)
-	TODO: check
+	NOT-FOR-US: Cursor
 CVE-2025-59390 (Apache Druid\u2019s Kerberos authenticator uses a weak fallback secret ...)
 	TODO: check
 CVE-2025-56396 (An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain esca ...)
-	TODO: check
+	NOT-FOR-US: Ruoyi
 CVE-2025-55471 (Incorrect access control in the getUserFormData function of youlai-boo ...)
-	TODO: check
+	NOT-FOR-US: youlai-boot
 CVE-2025-55469 (Incorrect access control in youlai-boot v2.21.1 allows attackers to es ...)
-	TODO: check
+	NOT-FOR-US: youlai-boot
 CVE-2025-50433 (An issue was discovered in imonnit.com (2025-04-24) allowing malicious ...)
-	TODO: check
+	NOT-FOR-US: imonnit.com
 CVE-2025-50402 (FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the  ...)
-	TODO: check
+	NOT-FOR-US: FAST FAC1200R F400_FAC1200R_Q
 CVE-2025-50399 (FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the  ...)
-	TODO: check
+	NOT-FOR-US: FAST FAC1200R F400_FAC1200R_Q
 CVE-2025-46175 (Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a mis ...)
-	TODO: check
+	NOT-FOR-US: Ruoyi
 CVE-2025-46174 (Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missin ...)
-	TODO: check
+	NOT-FOR-US: Ruoyi
 CVE-2025-45311 (Insecure permissions in fail2ban-client v0.11.2 allows attackers with  ...)
 	TODO: check
 CVE-2025-3747
@@ -77,7 +77,7 @@ CVE-2025-3747
 CVE-2025-2486 (The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI S ...)
 	TODO: check
 CVE-2025-26155 (NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client ...)
-	TODO: check
+	NOT-FOR-US: NCP
 CVE-2025-20373 (In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add- ...)
 	NOT-FOR-US: Cisco
 CVE-2025-13674 (BPv7 dissector crash in Wireshark 4.6.0 allows denial of service)
@@ -87,13 +87,13 @@ CVE-2025-13611 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
 CVE-2025-13601 (A heap-based buffer overflow problem was found in glib through an inco ...)
 	TODO: check
 CVE-2025-13084 (The users endpoint in the groov View API returns a list of all users a ...)
-	TODO: check
+	NOT-FOR-US: groov View API
 CVE-2025-12653 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
 	- gitlab <not-affected> (Vulnerable code not present)
 CVE-2025-12571 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
 	- gitlab <unfixed>
 CVE-2025-11461 (Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsa ...)
-	TODO: check
+	NOT-FOR-US: Frappe CRM
 CVE-2021-4472 (The mistral-dashboard plugin for openstack has a local file inclusion  ...)
 	TODO: check
 CVE-2025-9558 (There is a potential OOB Write vulnerability in the gen_prov_start fun ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c75b8d3eed585240d3b17a2d865b238a19f5865

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c75b8d3eed585240d3b17a2d865b238a19f5865
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251126/cc1a8749/attachment.htm>

More information about the debian-security-tracker-commits mailing list