[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc5a62f2 by Moritz Mühlenhoff at 2025-10-17T22:44:23+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-8414 (Due to improper input validation, a buffer overflow vulnerability
 CVE-2025-62511 (yt-grabber-tui is a C++ terminal user interface application for downlo ...)
 	TODO: check
 CVE-2025-62505 (LobeChat is an open source chat application platform. The web-crawler  ...)
-	TODO: check
+	NOT-FOR-US: LobeChat
 CVE-2025-62430 (ClipBucket v5 is an open source video sharing platform. ClipBucket v5  ...)
-	TODO: check
+	NOT-FOR-US: ClipBucket
 CVE-2025-62424 (ClipBucket is a web-based video-sharing platform. In ClipBucket versio ...)
-	TODO: check
+	NOT-FOR-US: ClipBucket
 CVE-2025-62422 (DataEase is an open source data visualization and analytics platform.  ...)
 	NOT-FOR-US: DataEase
 CVE-2025-62421 (DataEase is a data visualization and analytics platform. In DataEase v ...)
@@ -17,15 +17,15 @@ CVE-2025-62420 (DataEase is a data visualization and analytics platform. In Data
 CVE-2025-62419 (DataEase is a data visualization and analytics platform. In DataEase v ...)
 	NOT-FOR-US: DataEase
 CVE-2025-62356 (A path traversal vulnerability in all versions of the Qodo Qodo Gen ID ...)
-	TODO: check
+	NOT-FOR-US: Qodo Qodo Gen IDE
 CVE-2025-62353 (A path traversal vulnerability in all versions of the Windsurf IDE ena ...)
-	TODO: check
+	NOT-FOR-US: Windsurf IDE
 CVE-2025-62171 (ImageMagick is an open source software suite for displaying, convertin ...)
 	TODO: check
 CVE-2025-62168 (Squid is a caching proxy for the Web. In Squid versions prior to 7.2,  ...)
 	TODO: check
 CVE-2025-60514 (Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/commo ...)
-	TODO: check
+	NOT-FOR-US: Tillywork
 CVE-2025-60361 (radare2 v5.9.8 and before contains a memory leak in the function bochs ...)
 	TODO: check
 CVE-2025-60360 (radare2 v5.9.8 and before contains a memory leak in the function r2r_s ...)
@@ -33,17 +33,17 @@ CVE-2025-60360 (radare2 v5.9.8 and before contains a memory leak in the function
 CVE-2025-60359 (radare2 v5.9.8 and before contains a memory leak in the function r_bin ...)
 	TODO: check
 CVE-2025-60279 (A server-side request forgery (SSRF) vulnerability in Illia Cloud illi ...)
-	TODO: check
+	NOT-FOR-US: Illia
 CVE-2025-59043 (OpenBao is an open source identity-based secrets management system. In ...)
-	TODO: check
+	- openbao <itp> (bug #1069794)
 CVE-2025-58747 (Dify is an LLM application development platform. In Dify versions thro ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2025-57567 (A remote code execution (RCE) vulnerability exists in the PluXml CMS t ...)
 	TODO: check
 CVE-2025-57164 (Flowise through v3.0.4 is vulnerable to remote code execution via unsa ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-56320 (Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: Enterprise Contract Management Portal
 CVE-2025-56316 (A SQL injection vulnerability in the content_title parameter of the /c ...)
 	TODO: check
 CVE-2025-56221 (A lack of rate limiting in the login mechanism of SigningHub v8.6.8 al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc5a62f2f40989f9eb69331fa846589cc08d05a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc5a62f2f40989f9eb69331fa846589cc08d05a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251017/17ce4f70/attachment.htm>