[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 29 21:22:27 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3af0a8ec by Salvatore Bonaccorso at 2025-10-29T22:20:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-9871 (Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalati ...)
-	TODO: check
+	NOT-FOR-US: Razer Synapse 3
 CVE-2025-9870 (Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privileg ...)
-	TODO: check
+	NOT-FOR-US: Razer Synapse 3
 CVE-2025-9869 (Razer Synapse 3 Macro Module Link Following Local Privilege Escalation ...)
-	TODO: check
+	NOT-FOR-US: Razer Synapse 3
 CVE-2025-64291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64290 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...)
@@ -99,53 +99,53 @@ CVE-2025-64132 (Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does n
 CVE-2025-64131 (Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implemen ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-64104 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
-	TODO: check
+	NOT-FOR-US: langchain-ai/langgraph
 CVE-2025-64103 (Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi  ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2025-64102 (Zitadel is open-source identity infrastructure software. Prior to 4.6. ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2025-64101 (Zitadel is open-source identity infrastructure software. Prior to 4.6. ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2025-64100 (CKAN is an open-source DMS (data management system) for powering data  ...)
-	TODO: check
+	NOT-FOR-US: CKAN
 CVE-2025-63622 (A vulnerability was found in code-projects Online Complaint Site 1.0.  ...)
 	NOT-FOR-US: code-projects
 CVE-2025-62797 (FluxCP is a web-based Control Panel for rAthena servers written in PHP ...)
-	TODO: check
+	NOT-FOR-US: rAthena FluxCP
 CVE-2025-62792 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-62791 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-62790 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-62789 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-62788 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-62787 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-62786 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-62785 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2025-61876 (Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint  ...)
-	TODO: check
+	NOT-FOR-US: Inforcer Platform
 CVE-2025-61429 (An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows atta ...)
-	TODO: check
+	NOT-FOR-US: NCR Atleos Terminal Manager (ConfigApp)
 CVE-2025-61234 (Incorrect access control on Dataphone A920 v2025.07.161103 exposes a s ...)
-	TODO: check
+	NOT-FOR-US: Dataphone A920
 CVE-2025-61161 (DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related c ...)
-	TODO: check
+	NOT-FOR-US: Evope Collector
 CVE-2025-61156 (Incorrect access control in the kernel driver of ThreatFire System Mon ...)
-	TODO: check
+	NOT-FOR-US: ThreatFire System Monitor
 CVE-2025-60898 (An unauthenticated server-side request forgery (SSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Halo CMS
 CVE-2025-60595 (SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution.)
-	TODO: check
+	NOT-FOR-US: SPH Engineering UgCS
 CVE-2025-60542 (SQL Injection vulnerability in TypeORM before 0.3.26 via crafted reque ...)
-	TODO: check
+	NOT-FOR-US: TypeORM
 CVE-2025-60320 (memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service pat ...)
-	TODO: check
+	NOT-FOR-US: memoQ
 CVE-2025-60075 (Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing h ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58939 (Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super St ...)
@@ -153,11 +153,11 @@ CVE-2025-58939 (Cross-Site Request Forgery (CSRF) vulnerability in highwarden Su
 CVE-2025-58711 (Missing Authorization vulnerability in solwin Blog Designer PRO blog-d ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-57227 (An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8 ...)
-	TODO: check
+	NOT-FOR-US: Kingosoft Technology Ltd Kingo ROOT
 CVE-2025-56558 (An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: Dyson App
 CVE-2025-54384 (CKAN is an open-source DMS (data management system) for powering data  ...)
-	TODO: check
+	NOT-FOR-US: CKAN
 CVE-2025-35980
 	REJECTED
 CVE-2025-1549 (A local privilege escalation vulnerability in the WatchGuard Mobile VP ...)
@@ -175,9 +175,9 @@ CVE-2025-12461 (This vulnerability allows an attacker to access parts of the app
 CVE-2025-12450 (The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12148 (In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules a ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2025-12147 (In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security ( ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2025-12142 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
 	NOT-FOR-US: ABB group
 CVE-2025-12058 (The Keras.Model.load_model method, including when executed with the in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3af0a8ec1b423caa629e7a6b098f9b98eb2df935

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3af0a8ec1b423caa629e7a6b098f9b98eb2df935
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251029/91aebd5c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list