[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 12 21:31:26 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c24ef821 by Salvatore Bonaccorso at 2026-02-12T22:31:04+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65,25 +65,25 @@ CVE-2025-69752 (An issue in the "My Details" user profile functionality of Ideag
 CVE-2025-69634 (Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0. ...)
 	- dolibarr <removed>
 CVE-2025-67433 (A heap buffer overflow in the processRequest function of Open TFTP Ser ...)
-	TODO: check
+	NOT-FOR-US: Open TFTP Server MultiThreaded
 CVE-2025-67432 (A stack overflow in the ZBarcode_Encode function of Monkeybread Softwa ...)
-	TODO: check
+	NOT-FOR-US: Monkeybread Software MBS DynaPDF Plugin
 CVE-2025-63421 (An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows  ...)
-	TODO: check
+	NOT-FOR-US: filosoft Comerc.32 Commercial Invoicing
 CVE-2025-61880 (In Infoblox NIOS through 9.0.7, insecure deserialization can result in ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NIOS
 CVE-2025-61879 (In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an  ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NIOS
 CVE-2025-56647 (npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocke ...)
-	TODO: check
+	NOT-FOR-US: Farm
 CVE-2025-55210 (FreePBX is an open-source web-based graphical user interface (GUI) tha ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2025-54756 (BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 o ...)
-	TODO: check
+	NOT-FOR-US: BrightSign
 CVE-2025-54519 (A DLL hijacking vulnerability in Doc Nav could allow a local attacker  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-52533 (Improper Access Control in an on-chip debug interface could allow a pr ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-41117 (Stack traces in Grafana's Explore Traces view can be rendered as raw H ...)
 	TODO: check
 CVE-2025-15575 (The firmware update functionality does not verify the authenticity of  ...)
@@ -686,13 +686,13 @@ CVE-2025-66277 (A link following vulnerability has been reported to affect sever
 CVE-2025-66274 (A NULL pointer dereference vulnerability has been reported to affect s ...)
 	NOT-FOR-US: QNAP
 CVE-2025-65480 (An issue was discovered in Pacom Unison Client 5.13.1. Authenticated u ...)
-	TODO: check
+	NOT-FOR-US: Pacom Unison Client
 CVE-2025-65128 (A missing authentication mechanism in the web management API component ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Zhibotong Electronics ZBT WE2001
 CVE-2025-65127 (A lack of session validation in the web API component of Shenzhen Zhib ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Zhibotong Electronics ZBT WE2001
 CVE-2025-64075 (A path traversal vulnerability in the check_token function of Shenzhen ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Zhibotong Electronics ZBT WE2001
 CVE-2025-62856 (A path traversal vulnerability has been reported to affect File Statio ...)
 	NOT-FOR-US: QNAP
 CVE-2025-62855 (A path traversal vulnerability has been reported to affect File Statio ...)
@@ -702,7 +702,7 @@ CVE-2025-62854 (An uncontrolled resource consumption vulnerability has been repo
 CVE-2025-62853 (A path traversal vulnerability has been reported to affect File Statio ...)
 	NOT-FOR-US: QNAP
 CVE-2025-61969 (Incorrect permission assignment in AMD \xb5Prof may allow a local user ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-59386 (A NULL pointer dereference vulnerability has been reported to affect s ...)
 	NOT-FOR-US: QNAP
 CVE-2025-58472 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
@@ -762,7 +762,7 @@ CVE-2025-52869 (A buffer overflow vulnerability has been reported to affect Qsyn
 CVE-2025-52868 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
 	NOT-FOR-US: QNAP
 CVE-2025-52541 (A DLL hijacking vulnerability in Vivado could allow a local attacker t ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-48725 (A buffer overflow vulnerability has been reported to affect several QN ...)
 	NOT-FOR-US: QNAP
 CVE-2025-48724 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
@@ -772,11 +772,11 @@ CVE-2025-48723 (A buffer overflow vulnerability has been reported to affect Qsyn
 CVE-2025-48722 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
 	NOT-FOR-US: QNAP
 CVE-2025-48518 (Improper input validation in AMD Graphics Driver could allow a local a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-48508 (Improper Hardware reset flow logic in the GPU GFX Hardware IP block co ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-48503 (A DLL hijacking vulnerability in the AMD Software Installer could allo ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-47209 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
 	NOT-FOR-US: QNAP
 CVE-2025-47205 (A NULL pointer dereference vulnerability has been reported to affect s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c24ef82122fdeb4a72a4d3c2d7533b99c3ba91fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c24ef82122fdeb4a72a4d3c2d7533b99c3ba91fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260212/5f977d7f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list