[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7759c12 by Moritz Mühlenhoff at 2025-10-16T11:12:10+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2025-62585 (Whale browser before 4.33.325.17 allows an attacker to bypass the Cont ...)
-	TODO: check
+	NOT-FOR-US: Whale Browser
 CVE-2025-62584 (Whale browser before 4.33.325.17 allows an attacker to bypass the Same ...)
-	TODO: check
+	NOT-FOR-US: Whale Browser
 CVE-2025-62583 (Whale Browser before 4.33.325.17 allows an attacker to escape the ifra ...)
-	TODO: check
+	NOT-FOR-US: Whale Browser
 CVE-2025-62580 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-62579 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-58778 (Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2025-55091 (In NetX Duo before 6.4.4, the networking support module for Eclipse Fo ...)
 	TODO: check
 CVE-2025-55090 (In NetX Duo before 6.4.4, the networking support module for Eclipse Fo ...)
@@ -27,13 +27,13 @@ CVE-2025-43281 (The issue was addressed with improved authentication. This issue
 CVE-2025-43280 (The issue was resolved by not loading remote images This issue is fixe ...)
 	NOT-FOR-US: Apple
 CVE-2025-41021 (Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consistin ...)
-	TODO: check
+	NOT-FOR-US: Sergestec
 CVE-2025-41020 (Insecure direct object reference (IDOR) vulnerability in Sergestec's E ...)
-	TODO: check
+	NOT-FOR-US: Sergestec
 CVE-2025-41019 (SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows a ...)
-	TODO: check
+	NOT-FOR-US: Sergestec
 CVE-2025-41018 (SQL injection in Sergestec's Exito v8.0. This vulnerability allows an  ...)
-	TODO: check
+	NOT-FOR-US: Sergestec
 CVE-2025-11814 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10850 (The Felan Framework plugin for WordPress is vulnerable to improper aut ...)
@@ -73,7 +73,7 @@ CVE-2025-62381 (sveltekit-superforms makes SvelteKit forms a pleasure to use. sv
 CVE-2025-62380 (mailgen is a Node.js package that generates responsive HTML e-mails fo ...)
 	NOT-FOR-US: Node mailgen
 CVE-2025-62379 (Reflex is a library to build full-stack web apps in pure Python. In ve ...)
-	TODO: check
+	NOT-FOR-US: Reflex (different from src:reflex)
 CVE-2025-62378 (CommandKit is the discord.js meta-framework for building Discord bots. ...)
 	NOT-FOR-US: CommandKit
 CVE-2025-62375 (go-witness and witness are Go modules for generating attestations. In  ...)
@@ -83,7 +83,7 @@ CVE-2025-62375 (go-witness and witness are Go modules for generating attestation
 CVE-2025-62371 (OpenSearch Data Prepper as an open source data collector for observabi ...)
 	NOT-FOR-US: OpenSearch Data Prepper
 CVE-2025-62370 (Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior ...)
-	TODO: check
+	NOT-FOR-US: Alloy
 CVE-2025-61990 (When using a multi-bladed platform with more than one blade, undisclos ...)
 	NOT-FOR-US: F5
 CVE-2025-61974 (When a client SSL profile is configured on a virtual server, undisclos ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7759c121e97d9a1c53ae79f9ad837e2b8a0a424

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7759c121e97d9a1c53ae79f9ad837e2b8a0a424
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/8adff00e/attachment-0001.htm>