Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
475d9a02 by Salvatore Bonaccorso at 2025-12-19T21:33:24+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2025-68478 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2025-68477 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2025-68457 (Orejime is a consent manager that focuses on accessibility. On
HTML el ...)
- TODO: check
+ NOT-FOR-US: Orejime
CVE-2025-68430 (CVAT is an open source interactive video and image annotation
tool for ...)
- TODO: check
+ NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
CVE-2025-67442 (EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The
/api/exp ...)
- TODO: check
+ NOT-FOR-US: EVE-NG
CVE-2025-67048
REJECTED
CVE-2025-67047
@@ -21,25 +21,25 @@ CVE-2025-67044
CVE-2025-67043
REJECTED
CVE-2025-66911 (Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken
access ...)
- TODO: check
+ NOT-FOR-US: Turms IM Server
CVE-2025-66910 (Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext
passwor ...)
- TODO: check
+ NOT-FOR-US: Turms Server
CVE-2025-66909 (Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains
an image ...)
- TODO: check
+ NOT-FOR-US: Turms AI-Serving module
CVE-2025-66908 (Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains
an impro ...)
- TODO: check
+ NOT-FOR-US: Turms AI-Serving module
CVE-2025-66906 (Cross Site Request Forgery (CSRF) vulnerability in Turms Admin
API thr ...)
- TODO: check
+ NOT-FOR-US: Turms Admin API
CVE-2025-66905 (The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails
to cano ...)
- TODO: check
+ NOT-FOR-US: Takes
CVE-2025-66580 (Dive is an open-source MCP Host Desktop Application that
enables integ ...)
- TODO: check
+ NOT-FOR-US: Dive
CVE-2025-66524 (Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject
Processor, ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-65035 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib'
inventor ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin (databaseinventory)
CVE-2025-63665 (An issue in GT Edge AI Platform Versions before v2.0.10-dev
allows att ...)
- TODO: check
+ NOT-FOR-US: GT Edge AI Platform
CVE-2025-58053 (Galette is a membership management web application for non
profit orga ...)
TODO: check
CVE-2025-58052 (Galette is a membership management web application for non
profit orga ...)
@@ -49,7 +49,7 @@ CVE-2025-53922 (Galette is a membership management web
application for non profi
CVE-2025-50681 (igmpproxy 0.4 before commit 2b30c36 allows remote attackers to
cause a ...)
TODO: check
CVE-2025-34433 (AVideo versions 14.3.1 prior to 20.1 contain an
unauthenticated remote ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-1928 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
TODO: check
CVE-2025-1927 (Cross-Site Request Forgery (CSRF) vulnerability in Restajet
Informatio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475d9a025aed1b64312d6ca681475b9e99f4e74b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475d9a025aed1b64312d6ca681475b9e99f4e74b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
