[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 23 22:01:37 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0792977b by Salvatore Bonaccorso at 2025-10-23T23:01:17+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,13 +59,13 @@ CVE-2025-62706 (Authlib is a Python library which builds OAuth and OpenID Connec
 CVE-2025-62705 (OpenBao is an open source identity-based secrets management system. Pr ...)
 	- openbao <itp> (bug #1069794)
 CVE-2025-62617 (Admidio is an open-source user management solution. Prior to version 4 ...)
-	TODO: check
+	NOT-FOR-US: Admidio
 CVE-2025-62614 (BookLore is a self-hosted web app for organizing and managing personal ...)
-	TODO: check
+	NOT-FOR-US: BookLore
 CVE-2025-62613 (VDO.Ninja is a tool that brings remote video feeds into OBS or other s ...)
-	TODO: check
+	NOT-FOR-US: VDO.Ninja
 CVE-2025-62612 (FastGPT is an AI Agent building platform. Prior to version 4.11.1, in  ...)
-	TODO: check
+	NOT-FOR-US: FastGPT
 CVE-2025-62517 (Rollbar.js offers error tracking and logging from Javascript to Rollba ...)
 	TODO: check
 CVE-2025-62499 (Movable Type contains a stored cross-site scripting vulnerability in E ...)
@@ -93,53 +93,53 @@ CVE-2025-62256 (Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.
 CVE-2025-62255 (Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Ba ...)
 	NOT-FOR-US: Liferay
 CVE-2025-62236 (The Frontier Airlines website has a publicly available endpoint that v ...)
-	TODO: check
+	NOT-FOR-US: Frontier Airlines website
 CVE-2025-62169 (OctoPrint-SpoolManager is a plugin for managing spools and all their u ...)
-	TODO: check
+	NOT-FOR-US: OctoPrint-SpoolManager
 CVE-2025-61865 (NarSuS App registers a Windows service with an unquoted file path. A u ...)
-	TODO: check
+	NOT-FOR-US: NarSuS App
 CVE-2025-61464 (gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order S ...)
-	TODO: check
+	NOT-FOR-US: Gnuboard
 CVE-2025-61413 (A stored cross-site scripting (XSS) vulnerability in the /manager/page ...)
-	TODO: check
+	NOT-FOR-US: Piranha CMS
 CVE-2025-61136 (A Host Header Injection vulnerability in the password reset component  ...)
-	TODO: check
+	NOT-FOR-US: axewater sharewarez
 CVE-2025-61132 (A Host Header Injection vulnerability in the password reset component  ...)
-	TODO: check
+	NOT-FOR-US: levlaz braindump
 CVE-2025-60859 (Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows aut ...)
-	TODO: check
+	NOT-FOR-US: Gnuboard
 CVE-2025-60852 (A CSV Injection vulnerability existed in Instant Developer Foundation  ...)
-	TODO: check
+	NOT-FOR-US: Instant Developer Foundation
 CVE-2025-60837 (A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 al ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2025-59048 (OpenBao's AWS Plugin generates AWS access credentials based on IAM pol ...)
-	TODO: check
+	NOT-FOR-US: OpenBao AWS Plugin
 CVE-2025-58428 (The TLS4B ATG system's SOAP-based interface is vulnerable due to its a ...)
-	TODO: check
+	NOT-FOR-US: TLS4B ATG system interface
 CVE-2025-57240 (Cross site scripting (XSS) vulnerability in 17gz International Student ...)
-	TODO: check
+	NOT-FOR-US: 17gz International Student service system
 CVE-2025-56009 (Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4 ...)
-	TODO: check
+	NOT-FOR-US: KeeneticOS
 CVE-2025-56008 (Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at " ...)
-	TODO: check
+	NOT-FOR-US: KeeneticOS
 CVE-2025-56007 (CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows ...)
-	TODO: check
+	NOT-FOR-US: KeeneticOS
 CVE-2025-55067 (The TLS4B ATG system is vulnerable to improper handling of Unix time v ...)
-	TODO: check
+	NOT-FOR-US: TLS4B ATG system
 CVE-2025-54966 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoint ...)
-	TODO: check
+	NOT-FOR-US: BAE SOCET GXP
 CVE-2025-54964 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker w ...)
-	TODO: check
+	NOT-FOR-US: BAE SOCET GXP
 CVE-2025-54856 (Movable Type contains a stored cross-site scripting vulnerability in E ...)
 	TODO: check
 CVE-2025-54808 (Oxford Nanopore Technologies' MinKNOW software at or prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Oxford Nanopore Technologies MinKNOW software
 CVE-2025-54806 (GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2025-53702 (Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service)  ...)
-	TODO: check
+	NOT-FOR-US: Vilar VS-IPC1002 IP cameras
 CVE-2025-53701 (Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-sit ...)
-	TODO: check
+	NOT-FOR-US: Vilar VS-IPC1002 IP cameras
 CVE-2025-50951 (FontForge v20230101 was discovered to contain a memory leak via the ut ...)
 	TODO: check
 CVE-2025-50950 (Audiofile v0.3.7 was discovered to contain a NULL pointer dereference  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0792977bd262e219afc31169e6971bc04db8557a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0792977bd262e219afc31169e6971bc04db8557a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251023/d409e62c/attachment.htm>

More information about the debian-security-tracker-commits mailing list