[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Oct 30 20:25:04 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11e9cb50 by Salvatore Bonaccorso at 2025-10-30T21:24:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-8850 (In danny-avila/librechat version 0.7.9, there is an insecure API desig ...)
-	TODO: check
+	NOT-FOR-US: danny-avila/librechat
 CVE-2025-64118 (node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { s ...)
 	- node-tar <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph
@@ -7,25 +7,25 @@ CVE-2025-64118 (node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) wi
 	NOTE: Introduced with: https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d (v7.5.1)
 	NOTE: Fixed by: https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9 (v7.5.2)
 CVE-2025-64116 (Movary is a web application to track, rate and explore your movie watc ...)
-	TODO: check
+	NOT-FOR-US: Movary
 CVE-2025-64115 (Movary is a web application to track, rate and explore your movie watc ...)
-	TODO: check
+	NOT-FOR-US: Movary
 CVE-2025-64112 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic CMS
 CVE-2025-64096 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2025-63885 (A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 0 ...)
-	TODO: check
+	NOT-FOR-US: AIxBlock
 CVE-2025-63608 (A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Bu ...)
-	TODO: check
+	NOT-FOR-US: CSZ-CMS
 CVE-2025-63423 (Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.201902 ...)
-	TODO: check
+	NOT-FOR-US: Each Italy Wireless Mini Router WIRELESS-N 300M
 CVE-2025-63422 (Incorrect access control in the Web management interface in Each Italy ...)
-	TODO: check
+	NOT-FOR-US: Each Italy Wireless Mini Router WIRELESS-N 300M
 CVE-2025-63298 (A path traversal vulnerability was identified in SourceCodester Pet Gr ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-62795 (JumpServer is an open source bastion host and an operation and mainten ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2025-62726 (n8n is an open source workflow automation platform. Prior to 1.113.0,  ...)
 	TODO: check
 CVE-2025-62712 (JumpServer is an open source bastion host and an operation and mainten ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11e9cb50b248b64955871b84c4bb3da1293774eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11e9cb50b248b64955871b84c4bb3da1293774eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251030/6fbbd018/attachment.htm>
