[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 19 14:07:37 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4fae9f2e by Moritz Muehlenhoff at 2025-09-19T15:06:45+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42,7 +42,7 @@ CVE-2025-36143 (IBM Lakehouse (watsonx.data 2.2) could allow an authenticated pr
 CVE-2025-36139 (IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site sc ...)
 	NOT-FOR-US: IBM
 CVE-2025-26503 (A crafted system call argument can cause memory corruption.)
-	TODO: check
+	NOT-FOR-US: WindRiver
 CVE-2025-10688 (A vulnerability was determined in SourceCodester Pet Grooming Manageme ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-10687 (A vulnerability was found in SourceCodester Responsive E-Learning Syst ...)
@@ -803,7 +803,7 @@ CVE-2025-58431 (ZimaOS is a fork of CasaOS, an operating system for Zima devices
 CVE-2025-57055 (WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in ...)
 	NOT-FOR-US: WonderCMS
 CVE-2025-56648 (npm parcel 2.0.0-alpha and before has an Origin Validation Error vulne ...)
-	TODO: check
+	NOT-FOR-US: Node parcel
 CVE-2025-55904 (Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b646 ...)
 	- open5gs <itp> (bug #1094791)
 CVE-2025-54467 (When a Java command with password parameters is executed and terminate ...)
@@ -1143,7 +1143,7 @@ CVE-2025-9851 (The Appointmind plugin for WordPress is vulnerable to Stored Cros
 CVE-2025-9818 (A vulnerability (CWE-428) has been identified in the Uninterruptible P ...)
 	NOT-FOR-US: OMRON
 CVE-2025-9708 (A vulnerability exists in the Kubernetes C# client where the certifica ...)
-	TODO: check
+	NOT-FOR-US: Kubernetes C# client
 CVE-2025-9629 (The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9565 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...)
@@ -1515,7 +1515,7 @@ CVE-2025-10492 (A Java deserialisation vulnerability has been discovered in Jasp
 CVE-2025-10316 (The extension "Form to Database" is susceptible to Cross-Site Scriptin ...)
 	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2025-10290 (Opening links via the contextual menu in Focus iOS for certain URL sch ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Focus
 CVE-2025-10016 (The Sparkle framework includes a helper tool Autoupdate. Due to lack o ...)
 	NOT-FOR-US: Sparkle framework
 CVE-2025-10015 (The Sparkle frameworkincludes an XPC service Downloader.xpc, by defaul ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fae9f2e65c24988c61594165d6e5c64722638ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fae9f2e65c24988c61594165d6e5c64722638ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250919/040e8557/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list