[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 28 20:24:59 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f629765 by Salvatore Bonaccorso at 2025-10-28T21:24:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-9313 (An unauthenticated user can connect to a publicly accessible database  ...)
-	TODO: check
+	NOT-FOR-US: Asseco mMedica
 CVE-2025-62367 (Taiga is an open source project management platform. In versions 6.8.3 ...)
-	TODO: check
+	NOT-FOR-US: Taiga
 CVE-2025-61235 (An issue was discovered in Dataphone A920 v2025.07.161103. A custom pa ...)
-	TODO: check
+	NOT-FOR-US: Dataphone A920
 CVE-2025-61155 (Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-che ...)
-	TODO: check
+	NOT-FOR-US: Hotta Studio
 CVE-2025-61128 (Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN ...)
 	NOT-FOR-US: Wavlink
 CVE-2025-61107 (FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NU ...)
@@ -25,25 +25,25 @@ CVE-2025-61103 (FRRouting/frr from v4.0 through v10.4.1 was discovered to contai
 	NOTE: https://github.com/FRRouting/frr/issues/19471
 	NOTE: https://github.com/FRRouting/frr/pull/19480
 CVE-2025-61080 (A reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
-	TODO: check
+	NOT-FOR-US: Clear2Pay Bank Visibility Application Payment Execution
 CVE-2025-61043 (An out-of-bounds read vulnerability has been discovered in Monkey's Au ...)
-	TODO: check
+	NOT-FOR-US: Monkey's Audio
 CVE-2025-60858 (Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-60805 (An issue was discovered in BESSystem BES Application Server thru 9.5.x ...)
-	TODO: check
+	NOT-FOR-US: BESSystem BES Application Server
 CVE-2025-60800 (Incorrect access control in the /jshERP-boot/user/info interface of js ...)
-	TODO: check
+	NOT-FOR-US: jshERP
 CVE-2025-60355 (zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Tem ...)
-	TODO: check
+	NOT-FOR-US: zhangyd-c OneBlog
 CVE-2025-60354 (Unauthorized modification of arbitrary articles vulnerability exists i ...)
-	TODO: check
+	NOT-FOR-US: blog-vue-springboot
 CVE-2025-60349 (An issue was discovered in Prevx v3.0.5.220 allowing attackers to caus ...)
-	TODO: check
+	NOT-FOR-US: Prevx
 CVE-2025-59837 (Astro is a web framework that includes an image proxy. In versions 5.1 ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2025-56399 (alexusmai laravel-file-manager 3.3.1 and before allows an authenticate ...)
-	TODO: check
+	NOT-FOR-US: alexusmai laravel-file-manager
 CVE-2025-55758 (Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for  ...)
 	NOT-FOR-US: Joomla
 CVE-2025-54605 (Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (is ...)
@@ -55,7 +55,7 @@ CVE-2025-53855 (An out-of-bounds write vulnerability exists in the XML parser fu
 CVE-2025-53814 (A use-after-free vulnerability exists in the XML parser functionality  ...)
 	TODO: check
 CVE-2025-41090 (microCLAUDIA in v3.2.0 and prior has an improper access control vulner ...)
-	TODO: check
+	NOT-FOR-US: microCLAUDIA
 CVE-2025-40843 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
 	NOT-FOR-US: Ericsson
 CVE-2025-36386 (IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9. ...)
@@ -67,45 +67,45 @@ CVE-2025-36083 (IBM Concert Software   1.0.0 through 2.0.0could allow a local us
 CVE-2025-36081 (IBM ConcertSoftware  1.0.0 through 2.0.0 could allow a user to modify  ...)
 	NOT-FOR-US: IBM
 CVE-2025-34318 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34317 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34316 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34315 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34314 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34313 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34312 (IPFire versions prior to 2.29 (Core Update 198) containa command injec ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34311 (IPFire versions prior to 2.29 (Core Update 198) containa command injec ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34310 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34309 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34308 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34307 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34306 (IPFire versions prior to 2.29 (Core Update 198) contain a stored cross ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34305 (IPFire versions prior to 2.29 (Core Update 198) contain multiple store ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34304 (IPFire versions prior to 2.29 (Core Update 198) contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34303 (IPFire versions prior to 2.29 (Core Update 198) contain a stored cross ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34302 (IPFire versions prior to 2.29 (Core Update 198) contain a stored cross ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34301 (IPFire versions prior to 2.29 (Core Update 198) contain a stored cross ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2025-34294 (Wazuh's File Integrity Monitoring (FIM), when configured with automati ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-27093 (Sliver is a command and control framework that uses a custom Wireguard ...)
-	TODO: check
+	NOT-FOR-US: Sliver
 CVE-2025-1038 (The \u201cDiagnostics Tools\u201d page of the web-based configuration  ...)
 	NOT-FOR-US: Hitachi Energy
 CVE-2025-1037 (By making minor configuration changes to the TropOS 4th Gen device, an ...)
@@ -125,7 +125,7 @@ CVE-2025-12390 (A flaw was found in Keycloak. In Keycloak where a user can accid
 CVE-2025-12380 (Starting with Firefox 142, it was possible for a compromised child pro ...)
 	TODO: check
 CVE-2025-12103 (A flaw was found in Red Hat Openshift AI Service. The TrustyAI compone ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Openshift AI Service
 CVE-2025-40082 (In the Linux kernel, the following vulnerability has been resolved:  h ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/bea3e1d4467bcf292c8e54f080353d556d355e26 (6.18-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f62976594058a18152a46cf103265d5beec7029

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f62976594058a18152a46cf103265d5beec7029
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251028/72a3f82e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list