[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 20 21:26:31 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
657ebec1 by Salvatore Bonaccorso at 2025-10-20T22:25:54+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-9574 (Missing Authentication for Critical Function vulnerability in ABB ALS- ...)
 	NOT-FOR-US: ABB group
 CVE-2025-8884 (Authorization Bypass Through User-Controlled Key vulnerability in VHS  ...)
-	TODO: check
+	NOT-FOR-US: VHS Electronic Software Ltd. Co. ACE Center
 CVE-2025-8349 (Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. Thi ...)
-	TODO: check
+	NOT-FOR-US: Tawk Live Chat
 CVE-2025-8053 (Insufficient Granularity of Access Control vulnerability in opentext F ...)
 	NOT-FOR-US: OpenText
 CVE-2025-8052 (SQL Injection vulnerability in opentext Flipper allows SQL Injection.  ...)
@@ -15,7 +15,7 @@ CVE-2025-8049 (Insufficient Granularity of Access Control vulnerability in opent
 CVE-2025-8048 (External Control of File Name or Path vulnerability in opentext Flippe ...)
 	NOT-FOR-US: OpenText
 CVE-2025-6515 (The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the s ...)
-	TODO: check
+	NOT-FOR-US: oatpp-mcp
 CVE-2025-62700 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-62698 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -25,29 +25,29 @@ CVE-2025-62697 (Improper Neutralization of Special Elements in Output Used by a
 CVE-2025-62693 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-62528 (Taguette is an open source qualitative research tool. An issue has bee ...)
-	TODO: check
+	NOT-FOR-US: Taguette
 CVE-2025-62527 (Taguette is an open source qualitative research tool. An issue has bee ...)
-	TODO: check
+	NOT-FOR-US: Taguette
 CVE-2025-62522 (Vite is a frontend tooling framework for JavaScript. In versions from  ...)
 	TODO: check
 CVE-2025-62510 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
-	TODO: check
+	NOT-FOR-US: FileRise
 CVE-2025-62509 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
-	TODO: check
+	NOT-FOR-US: FileRise
 CVE-2025-62429 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
-	TODO: check
+	NOT-FOR-US: ClipBucket
 CVE-2025-61488 (An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 ...)
-	TODO: check
+	NOT-FOR-US: Senayan Library Management System (SLiMS) 9 Bulian
 CVE-2025-61456 (A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-c ...)
-	TODO: check
+	NOT-FOR-US: Bhabishya-123 E-commerce
 CVE-2025-61455 (SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, sp ...)
-	TODO: check
+	NOT-FOR-US: Bhabishya-123 E-commerce
 CVE-2025-61454 (A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-c ...)
-	TODO: check
+	NOT-FOR-US: Bhabishya-123 E-commerce
 CVE-2025-61417 (Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, ...)
-	TODO: check
+	NOT-FOR-US: TastyIgniter
 CVE-2025-60856 (Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access t ...)
-	TODO: check
+	NOT-FOR-US: Reolink Video Doorbell WiFi
 CVE-2025-5517 (Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40 ...)
 	NOT-FOR-US: ABB group
 CVE-2025-57837 (Tileservice module is affected by information leak vulnerability, succ ...)
@@ -55,33 +55,33 @@ CVE-2025-57837 (Tileservice module is affected by information leak vulnerability
 CVE-2025-57738 (Apache Syncope offers the ability to extend / customize the base behav ...)
 	TODO: check
 CVE-2025-56224 (A lack of rate limiting in the One-Time Password (OTP) verification en ...)
-	TODO: check
+	NOT-FOR-US: SigningHub
 CVE-2025-56223 (A lack of rate limiting in the component /Home/UploadStreamDocument of ...)
-	TODO: check
+	NOT-FOR-US: SigningHub
 CVE-2025-56219 (Incorrect access control in SigningHub v8.6.8 allows attackers to arbi ...)
-	TODO: check
+	NOT-FOR-US: SigningHub
 CVE-2025-55086 (In NetXDuo version before 6.4.4, a networking support module for Eclip ...)
 	NOT-FOR-US: Eclipse
 CVE-2025-54957 (An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the  ...)
-	TODO: check
+	NOT-FOR-US: Dolby UDC
 CVE-2025-48025 (In Samsung Mobile Processor and Wearable Processor Exynos 980, 1280, 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-47902 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2025-47901 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2025-47900 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2025-41390 (An arbitrary code execution vulnerability exists in the git functional ...)
-	TODO: check
+	NOT-FOR-US: Truffle Security Co. TruffleHog
 CVE-2025-41028 (A SQL Injection vulnerability has been found in Epsilon RH by Grupo Ca ...)
-	TODO: check
+	NOT-FOR-US: Epsilon RH by Grupo Castilla
 CVE-2025-3465 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: ABB group
 CVE-2025-26782 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-26781 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-11979 (An authorized user may crash the MongoDB server by causing buffer over ...)
 	TODO: check
 CVE-2025-11680 (Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allo ...)
@@ -93,9 +93,9 @@ CVE-2025-11678 (Stack-based Buffer Overflowin lws_adns_parse_label in warmcat li
 CVE-2025-11677 (Use After Free in WebSocket server implementation in lws_handshake_ser ...)
 	TODO: check
 CVE-2025-10678 (NetBird VPN when installed using vendor's provided script failed to re ...)
-	TODO: check
+	NOT-FOR-US: NetBird VPN
 CVE-2024-55568 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-40017 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.16.11-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/657ebec1a424ed10cc96da3fd82e2e77b6fa9018

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/657ebec1a424ed10cc96da3fd82e2e77b6fa9018
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251020/2feddb4e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list