[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 16 Dec 2025 23:27:18 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
04245bc0 by Salvatore Bonaccorso at 2025-12-17T08:26:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -652,7 +652,7 @@ CVE-2025-68156 (Expr is an expression language and 
expression evaluation for Go.
 CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC) 
support for V ...)
        NOT-FOR-US: React Server Components (RSC) support plugin for Vite
 CVE-2025-68154 (systeminformation is a System and OS information library for 
node.js.  ...)
-       TODO: check
+       NOT-FOR-US: systeminformation Node.js module
 CVE-2025-68150 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2025-68146 (filelock is a platform-independent file lock for Python. In 
versions p ...)
@@ -901,11 +901,11 @@ CVE-2025-64012 (InvoicePlane commit debb446c is 
vulnerable to Incorrect Access C
 CVE-2025-63414 (A Path Traversal vulnerability in the Allsky WebUI version 
v2024.12.06 ...)
        NOT-FOR-US: Allsky WebUI
 CVE-2025-62864 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 
devices b ...)
-       TODO: check
+       NOT-FOR-US: AmpereOne
 CVE-2025-62863 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 
devices b ...)
-       TODO: check
+       NOT-FOR-US: AmpereOne
 CVE-2025-62862 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 
devices b ...)
-       TODO: check
+       NOT-FOR-US: AmpereOne
 CVE-2025-62849 (An SQL injection vulnerability has been reported to affect 
several QNA ...)
        NOT-FOR-US: QNAP
 CVE-2025-62848 (A NULL pointer dereference vulnerability has been reported to 
affect s ...)
@@ -919,11 +919,11 @@ CVE-2025-62329 (HCL DevOps Deploy / HCL Launch is 
susceptible to a race conditio
 CVE-2025-61976 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with 
improper che ...)
        NOT-FOR-US: CHOCO TEI WATCHER mini (IB-MCT001)
 CVE-2025-59947 (NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions 
prior to ...)
-       TODO: check
+       NOT-FOR-US: NanoMQ
 CVE-2025-59935 (GLPI is a free asset and IT management software package. 
Starting in v ...)
        TODO: check
 CVE-2025-59479 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with 
improper res ...)
-       TODO: check
+       NOT-FOR-US: CHOCO TEI WATCHER mini (IB-MCT001)
 CVE-2025-59385 (An authentication bypass by spoofing vulnerability has been 
reported t ...)
        NOT-FOR-US: QNAP
 CVE-2025-59009 (Cross-Site Request Forgery (CSRF) vulnerability in Astoundify 
Listify  ...)
@@ -943,11 +943,11 @@ CVE-2025-54005 (Missing Authorization vulnerability in 
sonalsinha21 SKT Page Bui
 CVE-2025-54004 (Missing Authorization vulnerability in WC Lovers WCFM \u2013 
Frontend  ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52196 (Server-Side Request Forgery (SSRF) vulnerability in Ctera 
Portal 8.1.x ...)
-       TODO: check
+       NOT-FOR-US: Ctera Portal
 CVE-2025-50401 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable 
to Buffe ...)
-       TODO: check
+       NOT-FOR-US: Mercury D196G
 CVE-2025-50398 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable 
to Buffe ...)
-       TODO: check
+       NOT-FOR-US: Mercury D196G
 CVE-2025-49300 (Insertion of Sensitive Information Into Sent Data 
vulnerability in shi ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46296 (An authorization bypass vulnerability in FileMaker Server 
Admin Consol ...)
@@ -1054,7 +1054,7 @@ CVE-2025-33210 (NVIDIA Isaac Lab contains a 
deserialization vulnerability.  A su
 CVE-2025-29231 (A stored cross-site scripting (XSS) vulnerability in the 
page_save com ...)
        NOT-FOR-US: Linksys
 CVE-2025-14780 (A vulnerability was detected in Xiongwei Smart Catering Cloud 
Platform ...)
-       TODO: check
+       NOT-FOR-US: Xiongwei Smart Catering Cloud Platform
 CVE-2025-14777 (A flaw was found in Keycloak. An IDOR (Broken Access Control) 
vulnerab ...)
        TODO: check
 CVE-2025-14758 (Incorrect configuration of replication security in the MariaDB 
compone ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04245bc0bf99dc7720f50f78754d2ec55495727a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04245bc0bf99dc7720f50f78754d2ec55495727a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to