[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 12 21:33:08 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0bc43721 by Salvatore Bonaccorso at 2025-09-12T22:32:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
 CVE-2025-9556 (Langchaingo supports the use of jinja2 syntax when parsing prompts, wh ...)
-	TODO: check
+	NOT-FOR-US: Langchaingo
 CVE-2025-8699 (Some "Stored Value" Unattended Payment Solutions of KioSoft use vulner ...)
-	TODO: check
+	NOT-FOR-US: KioSoft
 CVE-2025-7448 (Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predi ...)
 	NOT-FOR-US: Silicon Labs
 CVE-2025-6638 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
-	TODO: check
+	NOT-FOR-US: huggingface/transformers
 CVE-2025-59139 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2025-59058 (httpsig-rs is a Rust implementation of IETF RFC 9421 http message sign ...)
-	TODO: check
+	NOT-FOR-US: httpsig-rs Rust crate
 CVE-2025-59054 (dstack is a software development kit (SDK) to simplify the deployment  ...)
-	TODO: check
+	NOT-FOR-US: dstack
 CVE-2025-58434 (Flowise is a drag & drop user interface to build a customized large la ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-57579 (An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 all ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-57578 (An issue in H3C Magic M Device M2V100R006 allows a remote attacker to  ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-57577 (An issue in H3C Device R365V300R004 allows a remote attacker to execut ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-56467 (An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 allow ...)
-	TODO: check
+	NOT-FOR-US: AXIS BANK LIMITED Axis Mobile App
 CVE-2025-55996 (Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text para ...)
-	TODO: check
+	NOT-FOR-US: Viber Desktop
 CVE-2025-55835 (File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: SueamCMS
 CVE-2025-52074 (PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scri ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-4235 (An information exposure vulnerability in the Palo Alto Networks User-I ...)
@@ -47,9 +47,9 @@ CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.
 CVE-2025-27233 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.g ...)
 	TODO: check
 CVE-2025-10365 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fab ...)
-	TODO: check
+	NOT-FOR-US: Evertz SDVN 3080ipx-10G
 CVE-2025-10364 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fab ...)
-	TODO: check
+	NOT-FOR-US: Evertz SDVN 3080ipx-10G
 CVE-2025-10325 (A vulnerability was identified in Wavlink WL-WN578W2 221110. This impa ...)
 	NOT-FOR-US: Wavlink
 CVE-2025-10324 (A vulnerability was determined in Wavlink WL-WN578W2 221110. This affe ...)
@@ -61,27 +61,27 @@ CVE-2025-10322 (A vulnerability has been found in Wavlink WL-WN578W2 221110. The
 CVE-2025-10321 (A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unk ...)
 	NOT-FOR-US: Wavlink
 CVE-2025-10320 (A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. T ...)
-	TODO: check
+	NOT-FOR-US: iteachyou Dreamer CMS
 CVE-2025-10319 (A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2025-10318 (A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by t ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2025-10267 (NUP Portal developed by NewType Infortech has a Missing Authentication ...)
-	TODO: check
+	NOT-FOR-US: NUP Portal
 CVE-2025-10266 (NUP Pro developed by NewType Infortech has a SQL Injection vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: NUP Pro
 CVE-2025-10265 (Certain models of NVR developed by Digiever has an OS Command Injectio ...)
-	TODO: check
+	NOT-FOR-US: Digiever
 CVE-2025-10264 (Certain models of NVR developed by Digiever has an Exposure of Sensiti ...)
-	TODO: check
+	NOT-FOR-US: Digiever
 CVE-2024-45434 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. T ...)
-	TODO: check
+	NOT-FOR-US: OpenSynergy BlueSDK (aka Blue SDK)
 CVE-2024-45433 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control F ...)
-	TODO: check
+	NOT-FOR-US: OpenSynergy BlueSDK (aka Blue SDK)
 CVE-2024-45432 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function c ...)
-	TODO: check
+	NOT-FOR-US: OpenSynergy BlueSDK (aka Blue SDK)
 CVE-2024-45431 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Vali ...)
-	TODO: check
+	NOT-FOR-US: OpenSynergy BlueSDK (aka Blue SDK)
 CVE-2025-39799 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d405ec23df13e6df599f5bd965a55d13420366b8 (6.17-rc2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc437214550fc8f5d8c1a0294ee97cb1de9733b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc437214550fc8f5d8c1a0294ee97cb1de9733b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250912/405cff61/attachment.htm>

More information about the debian-security-tracker-commits mailing list