[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 29 Oct 2025 14:22:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3af0a8ec by Salvatore Bonaccorso at 2025-10-29T22:20:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-9871 (Razer Synapse 3 Chroma Connect Link Following Local Privilege 
Escalati ...)
-       TODO: check
+       NOT-FOR-US: Razer Synapse 3
 CVE-2025-9870 (Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local 
Privileg ...)
-       TODO: check
+       NOT-FOR-US: Razer Synapse 3
 CVE-2025-9869 (Razer Synapse 3 Macro Module Link Following Local Privilege 
Escalation ...)
-       TODO: check
+       NOT-FOR-US: Razer Synapse 3
 CVE-2025-64291 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64290 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce 
Premmerce ...)
@@ -99,53 +99,53 @@ CVE-2025-64132 (Jenkins MCP Server Plugin 
0.84.v50ca_24ef83f2 and earlier does n
 CVE-2025-64131 (Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not 
implemen ...)
        NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-64104 (LangGraph SQLite Checkpoint is an implementation of LangGraph 
Checkpoi ...)
-       TODO: check
+       NOT-FOR-US: langchain-ai/langgraph
 CVE-2025-64103 (Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only 
required multi  ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2025-64102 (Zitadel is open-source identity infrastructure software. Prior 
to 4.6. ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2025-64101 (Zitadel is open-source identity infrastructure software. Prior 
to 4.6. ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2025-64100 (CKAN is an open-source DMS (data management system) for 
powering data  ...)
-       TODO: check
+       NOT-FOR-US: CKAN
 CVE-2025-63622 (A vulnerability was found in code-projects Online Complaint 
Site 1.0.  ...)
        NOT-FOR-US: code-projects
 CVE-2025-62797 (FluxCP is a web-based Control Panel for rAthena servers 
written in PHP ...)
-       TODO: check
+       NOT-FOR-US: rAthena FluxCP
 CVE-2025-62792 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2025-62791 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2025-62790 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2025-62789 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2025-62788 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2025-62787 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2025-62786 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2025-62785 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2025-61876 (Insecure Direct Object Reference (IDOR) in /tenants/{id} API 
endpoint  ...)
-       TODO: check
+       NOT-FOR-US: Inforcer Platform
 CVE-2025-61429 (An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 
allows atta ...)
-       TODO: check
+       NOT-FOR-US: NCR Atleos Terminal Manager (ConfigApp)
 CVE-2025-61234 (Incorrect access control on Dataphone A920 v2025.07.161103 
exposes a s ...)
-       TODO: check
+       NOT-FOR-US: Dataphone A920
 CVE-2025-61161 (DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and 
related c ...)
-       TODO: check
+       NOT-FOR-US: Evope Collector
 CVE-2025-61156 (Incorrect access control in the kernel driver of ThreatFire 
System Mon ...)
-       TODO: check
+       NOT-FOR-US: ThreatFire System Monitor
 CVE-2025-60898 (An unauthenticated server-side request forgery (SSRF) 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Halo CMS
 CVE-2025-60595 (SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code 
execution.)
-       TODO: check
+       NOT-FOR-US: SPH Engineering UgCS
 CVE-2025-60542 (SQL Injection vulnerability in TypeORM before 0.3.26 via 
crafted reque ...)
-       TODO: check
+       NOT-FOR-US: TypeORM
 CVE-2025-60320 (memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted 
service pat ...)
-       TODO: check
+       NOT-FOR-US: memoQ
 CVE-2025-60075 (Cross-Site Request Forgery (CSRF) vulnerability in Allegro 
Marketing h ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58939 (Cross-Site Request Forgery (CSRF) vulnerability in highwarden 
Super St ...)
@@ -153,11 +153,11 @@ CVE-2025-58939 (Cross-Site Request Forgery (CSRF) 
vulnerability in highwarden Su
 CVE-2025-58711 (Missing Authorization vulnerability in solwin Blog Designer 
PRO blog-d ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-57227 (An unquoted service path in Kingosoft Technology Ltd Kingo 
ROOT v1.5.8 ...)
-       TODO: check
+       NOT-FOR-US: Kingosoft Technology Ltd Kingo ROOT
 CVE-2025-56558 (An issue discovered in Dyson App v6.1.23041-23595 allows 
unauthenticat ...)
-       TODO: check
+       NOT-FOR-US: Dyson App
 CVE-2025-54384 (CKAN is an open-source DMS (data management system) for 
powering data  ...)
-       TODO: check
+       NOT-FOR-US: CKAN
 CVE-2025-35980
        REJECTED
 CVE-2025-1549 (A local privilege escalation vulnerability in the WatchGuard 
Mobile VP ...)
@@ -175,9 +175,9 @@ CVE-2025-12461 (This vulnerability allows an attacker to 
access parts of the app
 CVE-2025-12450 (The LiteSpeed Cache plugin for WordPress is vulnerable to 
Reflected Cr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12148 (In Search Guard versions 3.1.1 and earlier, Field Masking (FM) 
rules a ...)
-       TODO: check
+       NOT-FOR-US: Search Guard
 CVE-2025-12147 (In Search Guard FLX versions 3.1.1 and earlier, Field-Level 
Security ( ...)
-       TODO: check
+       NOT-FOR-US: Search Guard
 CVE-2025-12142 (Buffer Copy without Checking Size of Input ('Classic Buffer 
Overflow') ...)
        NOT-FOR-US: ABB group
 CVE-2025-12058 (The Keras.Model.load_model method, including when executed 
with the in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3af0a8ec1b423caa629e7a6b098f9b98eb2df935

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3af0a8ec1b423caa629e7a6b098f9b98eb2df935
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to