[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 12 16:41:35 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37e7473b by Moritz Muehlenhoff at 2025-09-12T17:41:14+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28,7 +28,7 @@ CVE-2025-58754 (Axios is a promise based HTTP client for the browser and Node.js
 	NOTE: https://github.com/axios/axios/pull/7011
 	NOTE: https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593 (v1.12.0)
 CVE-2025-55319 (Ai command injection in Agentic AI and Visual Studio Code allows an un ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-4974
 	REJECTED
 CVE-2025-43789 (JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Lifer ...)
@@ -169,7 +169,7 @@ CVE-2025-10251 (A vulnerability was detected in FoxCMS up to 1.24. Affected by t
 CVE-2025-10250 (A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic ...)
 	NOT-FOR-US: Mavic
 CVE-2025-10193 (DNS rebinding vulnerability in Neo4j Cypher MCP server allows maliciou ...)
-	TODO: check
+	NOT-FOR-US: Neo4j Cypher MCP server
 CVE-2025-10127 (Daikin Security Gateway is vulnerable to an authorization bypass throu ...)
 	NOT-FOR-US: Daikin Security Gateway
 CVE-2025-39791 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
@@ -566,7 +566,7 @@ CVE-2025-6189 (The Duplicate Page and Post plugin for WordPress is vulnerable to
 CVE-2025-59049 (Mockoon provides way to design and run mock APIs. Prior to version 9.2 ...)
 	NOT-FOR-US: Mockoon
 CVE-2025-59046 (The npm package `interactive-git-checkout` is an interactive command-l ...)
-	TODO: check
+	NOT-FOR-US: Node interactive-git-checkout
 CVE-2025-59045 (Stalwart is a mail and collaboration server. Starting in version 0.12. ...)
 	- stalwart <itp> (bug #1109537)
 CVE-2025-59044 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
@@ -590,7 +590,7 @@ CVE-2025-59034 (Indico is an event management system that uses Flask-Multipass,
 CVE-2025-58768 (DeepChat is a smart assistant uses artificial intelligence. Prior to v ...)
 	NOT-FOR-US: DeepChat
 CVE-2025-58765 (wabac.js provides a full web archive replay system, or 'wayback machin ...)
-	TODO: check
+	NOT-FOR-US: wabac.js
 CVE-2025-58764 (Claude Code is an agentic coding tool. Due to an error in command pars ...)
 	NOT-FOR-US: Claude Code
 CVE-2025-58763 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e7473be6e85ed4364526866f22daa7d562fbe9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e7473be6e85ed4364526866f22daa7d562fbe9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250912/b1f23a9d/attachment.htm>

More information about the debian-security-tracker-commits mailing list