[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd76270d by Salvatore Bonaccorso at 2025-10-07T09:23:32+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66,27 +66,27 @@ CVE-2025-59729 (When parsing the header for a DHAV file, there's an integer unde
 CVE-2025-59728 (When calculating the content path in handling of MPEG-DASH manifests,  ...)
 	TODO: check
 CVE-2025-59452 (The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is ...)
-	TODO: check
+	NOT-FOR-US: YoSmart YoLink API
 CVE-2025-59451 (The YoSmart YoLink application through 2025-10-02 has session tokens w ...)
-	TODO: check
+	NOT-FOR-US: YoSmart YoLink application
 CVE-2025-59450 (The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data ex ...)
-	TODO: check
+	NOT-FOR-US: YoSmart YoLink Smart Hub firmware
 CVE-2025-59449 (The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce suf ...)
-	TODO: check
+	NOT-FOR-US: YoSmart YoLink
 CVE-2025-59448 (Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage ...)
-	TODO: check
+	NOT-FOR-US: YoSmart YoLink
 CVE-2025-59447 (The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interfac ...)
-	TODO: check
+	NOT-FOR-US: YoSmart YoLink
 CVE-2025-59159 (SillyTavern is a locally installed user interface that allows users to ...)
-	TODO: check
+	NOT-FOR-US: SillyTavern
 CVE-2025-59152 (Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
-	TODO: check
+	NOT-FOR-US: Litestar
 CVE-2025-57515 (A SQL injection vulnerability has been identified in Uniclare Student  ...)
-	TODO: check
+	NOT-FOR-US: Uniclare Student Portal
 CVE-2025-57247 (The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8d ...)
-	TODO: check
+	NOT-FOR-US: BATBToken smart contract
 CVE-2025-56382 (A stored Cross-site scripting (XSS) vulnerability exists in the Custom ...)
-	TODO: check
+	NOT-FOR-US: LionCoders SalePro POS
 CVE-2025-52472 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2025-49594 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd76270d9e26ab131d08b9b9d84b73d51e210523

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd76270d9e26ab131d08b9b9d84b73d51e210523
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251007/a542a8ec/attachment.htm>