[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 23 Dec 2025 00:44:49 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
df72373a by Salvatore Bonaccorso at 2025-12-23T09:44:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-68651
 CVE-2025-68650
        REJECTED
 CVE-2025-68614 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2025-68480 (Marshmallow is a lightweight library for converting complex 
objects to ...)
        - python-marshmallow <unfixed>
        NOTE: 
https://github.com/marshmallow-code/marshmallow/security/advisories/GHSA-428g-f7cq-pgp5
@@ -22,23 +22,23 @@ CVE-2025-68480 (Marshmallow is a lightweight library for 
converting complex obje
        NOTE: 
https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41
 (3.26.2)
        NOTE: 
https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af
 (3.26.2)
 CVE-2025-68476 (KEDA is a Kubernetes-based Event Driven Autoscaling component. 
Prior t ...)
-       TODO: check
+       NOT-FOR-US: KEDA
 CVE-2025-68475 (Fedify is a TypeScript library for building federated server 
apps powe ...)
-       TODO: check
+       NOT-FOR-US: Fedify
 CVE-2025-67743 (Local Deep Research is an AI-powered research assistant for 
deep, iter ...)
-       TODO: check
+       NOT-FOR-US: Local Deep Research
 CVE-2025-67436 (Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 
allows  ...)
        - pluxml <removed>
 CVE-2025-66736 (youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. 
The imp ...)
-       TODO: check
+       NOT-FOR-US: youlai-boot
 CVE-2025-66735 (youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. 
The get ...)
-       TODO: check
+       NOT-FOR-US: youlai-boot
 CVE-2025-65857 (An issue was discovered in Xiongmai XM530 IP cameras on 
firmware V5.00 ...)
-       TODO: check
+       NOT-FOR-US: Xiongmai
 CVE-2025-65856 (Authentication bypass vulnerability in Xiongmai XM530 IP 
cameras on Fi ...)
-       TODO: check
+       NOT-FOR-US: Xiongmai
 CVE-2025-65817 (LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: LSC Smart Connect Indoor IP Camera
 CVE-2025-34458 (wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, 
prior to ...)
        TODO: check
 CVE-2025-34457 (wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, 
prior to ...)
@@ -46,67 +46,67 @@ CVE-2025-34457 (wb2osz/direwolf (Dire Wolf) versions up to 
and including 1.8, pr
 CVE-2025-15034 (A security flaw has been discovered in itsourcecode Student 
Management ...)
        NOT-FOR-US: itsourcecode System
 CVE-2024-27708 (Iframe injection vulnerability in 
airc.pt/solucoes-servicos.solucoes M ...)
-       TODO: check
+       NOT-FOR-US: MyNET
 CVE-2023-53981 (PhotoShow 3.0 contains a remote code execution vulnerability 
that allo ...)
-       TODO: check
+       NOT-FOR-US: PhotoShow
 CVE-2023-53980 (ProjectSend r1605 contains a remote code execution 
vulnerability that  ...)
-       TODO: check
+       NOT-FOR-US: ProjectSend
 CVE-2023-53979 (MyBB 1.8.32 contains a chained vulnerability that allows 
authenticated ...)
        NOT-FOR-US: MyBB
 CVE-2023-53978 (myBB Forums 1.8.26 contains a stored cross-site scripting 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: MyBB
 CVE-2023-53977 (myBB Forums 1.8.26 contains a stored cross-site scripting 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: MyBB
 CVE-2023-53976 (myBB Forums 1.8.26 contains a stored cross-site scripting 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: MyBB
 CVE-2023-53975 (Atom CMS 2.0 contains an unauthenticated SQL injection 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Atom CMS
 CVE-2023-53974 (D-Link DSL-124 ME_1.00 contains a configuration file 
disclosure vulner ...)
        NOT-FOR-US: D-Link
 CVE-2023-53973 (Zillya Total Security 3.0.2367.0 contains a privilege 
escalation vulne ...)
-       TODO: check
+       NOT-FOR-US: Zillya Total Security
 CVE-2023-53972 (WebTareas 2.4 contains a SQL injection vulnerability in the 
webTareasS ...)
-       TODO: check
+       NOT-FOR-US: WebTareas
 CVE-2023-53971 (WebTareas 2.4 contains a file upload vulnerability that allows 
authent ...)
-       TODO: check
+       NOT-FOR-US: WebTareas
 CVE-2023-53970 (Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session 
management ...)
-       TODO: check
+       NOT-FOR-US: Screen SFT DAB 600/C Firmware
 CVE-2023-53969 (Screen SFT DAB 600/C firmware 1.9.3 contains a session 
management vuln ...)
-       TODO: check
+       NOT-FOR-US: Screen SFT DAB 600/C firmware
 CVE-2023-53968 (Screen SFT DAB 600/C Firmware 1.9.3 contains a session 
management vuln ...)
-       TODO: check
+       NOT-FOR-US: Screen SFT DAB 600/C Firmware
 CVE-2023-53967 (Screen SFT DAB 600/C firmware 1.9.3 contains an authentication 
bypass  ...)
-       TODO: check
+       NOT-FOR-US: Screen SFT DAB 600/C firmware
 CVE-2023-53966 (SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 LinkAndShare Transmitter
 CVE-2023-53965 (SOUND4 Server Service 4.1.102 contains an unquoted service 
path vulner ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 Server Service
 CVE-2023-53964 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2023-53963 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated 
OS comm ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2023-53962 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated 
directo ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2023-53961 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site 
request forge ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2023-53960 (SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL 
injection vu ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2023-53955 (SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct 
object  ...)
-       TODO: check
+       NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
 CVE-2022-50690 (Wondershare MirrorGo 2.0.11.346 contains a local privilege 
escalation  ...)
-       TODO: check
+       NOT-FOR-US: Wondershare MirrorGo
 CVE-2022-50689 (Cobian Reflector 0.9.93 RC1 contains a denial of service 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cobian Reflector
 CVE-2022-50688 (Cobian Backup Gravity 11.2.0.582 contains an unquoted service 
path vul ...)
-       TODO: check
+       NOT-FOR-US: Cobian Backup Gravity
 CVE-2022-50687 (Cobian Backup 11 Gravity 11.2.0.582 contains a denial of 
service vulne ...)
-       TODO: check
+       NOT-FOR-US: Cobian Backup 11 Gravity
 CVE-2021-47715 (Hasura GraphQL 1.3.3 contains a server-side request forgery 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Hasura
 CVE-2021-47714 (Hasura GraphQL 1.3.3 contains a local file read vulnerability 
that all ...)
-       TODO: check
+       NOT-FOR-US: Hasura
 CVE-2021-47713 (Hasura GraphQL 1.3.3 contains a denial of service 
vulnerability that a ...)
-       TODO: check
+       NOT-FOR-US: Hasura
 CVE-2025-68615 (net-snmp is a SNMP application library, tools and daemon. 
Prior to ver ...)
        - net-snmp <unfixed> (bug #1123861)
        NOTE: 
https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df72373aa91f8fdfec424622f381f19c013775bd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df72373aa91f8fdfec424622f381f19c013775bd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to