[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 19 Nov 2025 00:28:56 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ce07f531 by Salvatore Bonaccorso at 2025-11-19T09:28:23+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,38 +19,38 @@ CVE-2025-65934
 CVE-2025-65933
        REJECTED
 CVE-2025-65093 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2025-65015 (joserfc is a Python library that provides an implementation of 
several ...)
        - joserfc <unfixed>
        NOTE: 
https://github.com/authlib/joserfc/security/advisories/GHSA-frfh-8v73-gjg4
        NOTE: Fixed by: 
https://github.com/authlib/joserfc/commit/63932f169d924caffafa761af2122b82059017f7
 (1.4.2)
        NOTE: Fixed by: 
https://github.com/authlib/joserfc/commit/673c8743fd0605b0e1de6452be6cba75f44e466b
 (1.3.5)
 CVE-2025-65014 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2025-65013 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2025-65012 (Kirby is an open-source content management system. From 
versions 5.0.0 ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2025-64515 (Open Forms allows users create and publish smart forms. Prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: Open Forms
 CVE-2025-64325 (Emby Server is a personal media server. Prior to version 
4.8.1.0 and p ...)
-       TODO: check
+       NOT-FOR-US: Emby Server
 CVE-2025-64324 (KubeVirt is a virtual machine management add-on for 
Kubernetes. The `h ...)
-       TODO: check
+       NOT-FOR-US: KubeVirt
 CVE-2025-63229 (The Mozart FM Transmitter web management interface on version 
WEBMOZZI ...)
-       TODO: check
+       NOT-FOR-US: Mozart FM Transmitter
 CVE-2025-63217 (The Itel DAB MUX (IDMUX build c041640a) is vulnerable to 
Authenticatio ...)
-       TODO: check
+       NOT-FOR-US: Itel DAB MUX
 CVE-2025-63216 (The Itel DAB Gateway (IDGat build c041640a) is vulnerable to 
Authentic ...)
-       TODO: check
+       NOT-FOR-US: Itel DAB Gateway
 CVE-2025-63215 (The Sound4 IMPACT web-based management interface is vulnerable 
to Remo ...)
-       TODO: check
+       NOT-FOR-US: Sound4 IMPACT
 CVE-2025-62406 (Piwigo is a full featured open source photo gallery 
application for th ...)
        TODO: check
 CVE-2025-54990 (XWiki AdminTools integrates administrative tools for managing 
a runnin ...)
        NOT-FOR-US: XWiki
 CVE-2025-13225 (Tanium addressed an arbitrary file deletion vulnerability in 
TanOS.)
-       TODO: check
+       NOT-FOR-US: TanOS
 CVE-2025-13206 (The GiveWP \u2013 Donation Plugin and Fundraising Platform 
plugin for  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-13145 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress 
plugin fo ...)
@@ -66,7 +66,7 @@ CVE-2025-13035 (The Code Snippets plugin for WordPress is 
vulnerable to PHP Code
 CVE-2025-12878 (The FunnelKit \u2013 Funnel Builder for WooCommerce Checkout 
plugin fo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12852 (DLL Loading vulnerability in NEC Corporation RakurakuMusen 
Start EX Al ...)
-       TODO: check
+       NOT-FOR-US: NEC Corporation RakurakuMusen Start EX
 CVE-2025-12842 (The Booking Plugin for WordPress Appointments \u2013 Time Slot 
plugin  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12822 (The WP Login and Register using JWT plugin for WordPress is 
vulnerable ...)
@@ -102,9 +102,9 @@ CVE-2025-12119 (A mongoc_bulk_operation_t may read invalid 
memory if large optio
 CVE-2025-12057 (The WavePlayer WordPress plugin before 3.8.0 does not have 
authorizati ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12056 (Out-of-bounds Read in Shelly Pro 3EM(before v1.4.4) allows 
Overread Bu ...)
-       TODO: check
+       NOT-FOR-US: Shelly Pro 3EM
 CVE-2025-11243 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Shelly Pro 4PM
 CVE-2025-12106 [IPv6 address parsing: fix buffer overread on invalid input]
        - openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
        NOTE: 
https://community.openvpn.net/Security%20Announcements/CVE-2025-12106



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce07f531b7288e369d9d5bd7cfab223e7621f8e1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce07f531b7288e369d9d5bd7cfab223e7621f8e1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to