[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 07 Nov 2025 00:34:10 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7b081a52 by Moritz Muehlenhoff at 2025-11-07T09:33:38+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,84 +1,84 @@
 CVE-2025-64346 (archives is a Go library for extracting archives (tar, zip, 
etc.). Ver ...)
-       TODO: check
+       NOT-FOR-US: jaredallard/archives Go library
 CVE-2025-64343 ((conda) Constructor is a tool that enables users to create 
installers  ...)
-       TODO: check
+       NOT-FOR-US: conda
 CVE-2025-64339 (ClipBucket v5 is an open source video sharing platform. In 
versions 5. ...)
-       TODO: check
+       NOT-FOR-US: ClipBucket
 CVE-2025-64338
        REJECTED
 CVE-2025-64336 (ClipBucket v5 is an open source video sharing platform. In 
versions 5. ...)
-       TODO: check
+       NOT-FOR-US: ClipBucket
 CVE-2025-64329 (containerd is an open-source container runtime. Versions 
1.7.28 and be ...)
        - containerd <unfixed>
        NOTE: 
https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2
        NOTE: 
https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df
 (v2.2.0)
        NOTE: 
https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7
 (v1.7.29)
 CVE-2025-64328 (FreePBX Endpoint Manager is a module for managing telephony 
endpoints  ...)
-       TODO: check
+       NOT-FOR-US: FreePBX Endpoint Manager
 CVE-2025-64327 (ThinkDashboard is a self-hosted bookmark dashboard built with 
Go and v ...)
-       TODO: check
+       NOT-FOR-US: ThinkDashboard
 CVE-2025-64326 (Weblate is a web based localization tool. In versions 5.14 and 
below,  ...)
-       TODO: check
+       - weblate <itp> (bug #745661)
 CVE-2025-64323 (kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 
and belo ...)
-       TODO: check
+       NOT-FOR-US: kgateway
 CVE-2025-64302 (Insufficient input sanitization in the dashboard label or path 
can all ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2025-64187 (OctoPrint provides a web interface for controlling consumer 3D 
printer ...)
-       TODO: check
+       - octoprint <itp> (bug #718591)
 CVE-2025-64184 (Dosage is a comic strip downloader and archiver. When 
downloading comi ...)
-       TODO: check
+       NOT-FOR-US: Dosage
 CVE-2025-64180 (Manager-io/Manager is accounting software. In Manager Desktop 
and Serv ...)
-       TODO: check
+       NOT-FOR-US: DosageManager-io/Manager
 CVE-2025-64179 (lakeFS is an open-source tool that transforms object storage 
into a Gi ...)
-       TODO: check
+       NOT-FOR-US: lakeFS
 CVE-2025-64178 (Jellysweep is a cleanup tool for the Jellyfin media server. In 
version ...)
-       TODO: check
+       NOT-FOR-US: Jellysweep
 CVE-2025-64177 (ThinkDashboard is a self-hosted bookmark dashboard built with 
Go and v ...)
-       TODO: check
+       NOT-FOR-US: ThinkDashboard
 CVE-2025-64176 (ThinkDashboard is a self-hosted bookmark dashboard built with 
Go and v ...)
-       TODO: check
+       NOT-FOR-US: ThinkDashboard
 CVE-2025-64174 (Magento-lts is a long-term support alternative to Magento 
Community Ed ...)
-       TODO: check
+       NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2025-64173 (Apollo Router Core is a configurable graph router written in 
Rust to r ...)
-       TODO: check
+       NOT-FOR-US: Apollo Router Core
 CVE-2025-62630 (Due to insufficient sanitization, an attacker can upload a 
specially   ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2025-5483 (The LC Wizard plugin for WordPress is vulnerable to Privilege 
Escalati ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-59171 (Due to insufficient sanitization, an attacker can upload a 
specially   ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2025-58423 (Due to insufficient sanitization, an attacker can upload a 
specially   ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2025-52662 (A vulnerability in Nuxt DevTools has been fixed in version 
**2.6.4***. ...)
-       TODO: check
+       NOT-FOR-US: Nuxt DevTools
 CVE-2025-4522 (The IDonate \u2013 Blood Donation, Request And Donor Management 
System ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4519 (The IDonate \u2013 Blood Donation, Request And Donor Management 
System ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-48985 (A vulnerability in Vercel\u2019s AI SDK has been fixed in 
versions 5.0 ...)
-       TODO: check
+       NOT-FOR-US: Vercel AI SDK
 CVE-2025-33110 (IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML 
injection ...)
        NOT-FOR-US: IBM
 CVE-2025-12636 (The Ubia camera ecosystem fails to adequately secure API 
credentials,  ...)
-       TODO: check
+       NOT-FOR-US: Ubia
 CVE-2025-12527 (The Page & Post Notes plugin for WordPress is vulnerable to 
unauthoriz ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12520 (The WP Airbnb Review Slider plugin for WordPress is vulnerable 
to Stor ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12490 (Netgate pfSense CE Suricata Path Traversal Remote Code 
Execution Vulne ...)
-       TODO: check
+       NOT-FOR-US: Netgate pfSene
 CVE-2025-12489 (evernote-mcp-server openBrowser Command Injection Privilege 
Escalation ...)
-       TODO: check
+       NOT-FOR-US: evernote-mcp-server
 CVE-2025-12488 (oobabooga text-generation-webui trust_remote_code Reliance on 
Untruste ...)
-       TODO: check
+       NOT-FOR-US: oobabooga text-generation-webui
 CVE-2025-12487 (oobabooga text-generation-webui trust_remote_code Reliance on 
Untruste ...)
-       TODO: check
+       NOT-FOR-US: oobabooga text-generation-webui
 CVE-2025-12486 (Heimdall Data Database Proxy Cross-Site Scripting Remote Code 
Executio ...)
-       TODO: check
+       NOT-FOR-US: Heimdall
 CVE-2025-12352 (The Gravity Forms plugin for WordPress is vulnerable to 
arbitrary file ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-11546 (CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and 
EXPRESSCLUS ...)
-       TODO: check
+       NOT-FOR-US: CLUSTERPRO X
 CVE-2025-12790 (A flaw was found in Rubygem MQTT. By default, the package used 
to not  ...)
        NOT-FOR-US: Rubygem MQTT
 CVE-2025-12789 (A flaw was found in Red Hat Single Sign-On. This issue is an 
Open Redi ...)
@@ -576,7 +576,7 @@ CVE-2025-60753 (An issue was discovered in libarchive 
bsdtar before version 3.8.
 CVE-2025-5770 (A reflected cross-site scripting (XSS) vulnerability exists in 
the aut ...)
        NOT-FOR-US: WSO2
 CVE-2025-59716 (ownCloud Guests before 0.12.5 allows unauthenticated user 
enumeration  ...)
-       TODO: check
+       NOT-FOR-US: ownCloud Guests
 CVE-2025-58337 (An attacker with a valid read-only account can bypass Doris 
MCP Server ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-57244 (OpenKM Community Edition 6.3.12 is vulnerable to stored 
cross-site scr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b081a5214a54d4b28f31854545e64be678006b1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b081a5214a54d4b28f31854545e64be678006b1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to