[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Aug 29 09:34:40 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3edffe04 by Moritz Muehlenhoff at 2025-08-29T10:34:23+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-9639 (The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulne ...)
-	TODO: check
+	NOT-FOR-US: Ai3 QbiCRMGateway
 CVE-2025-9619 (A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.0 ...)
-	TODO: check
+	NOT-FOR-US: E4 Sistemas Mercatus ERP
 CVE-2025-9610 (A vulnerability was determined in code-projects Online Event Judging S ...)
 	NOT-FOR-US: code-projects
 CVE-2025-9609 (A vulnerability was found in Portabilis i-Educar up to 2.10. This vuln ...)
@@ -15,11 +15,11 @@ CVE-2025-9606 (A vulnerability was detected in Portabilis i-Educar up to 2.10. A
 CVE-2025-9605 (A security vulnerability has been detected in Tenda AC21 and AC23 16.0 ...)
 	NOT-FOR-US: Tenda
 CVE-2025-9604 (A vulnerability was identified in coze-studio up to 0.2.4. The impacte ...)
-	TODO: check
+	NOT-FOR-US: coze-studio
 CVE-2025-9603 (A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The af ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-9602 (A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the ...)
-	TODO: check
+	NOT-FOR-US: E4 Sistemas Mercatus ERPRockOA
 CVE-2025-9601 (A vulnerability was detected in itsourcecode Apartment Management Syst ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-9600 (A security vulnerability has been detected in itsourcecode Apartment M ...)
@@ -41,25 +41,25 @@ CVE-2025-9593 (A flaw has been found in itsourcecode Apartment Management System
 CVE-2025-9592 (A vulnerability was detected in itsourcecode Apartment Management Syst ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-9591 (A security vulnerability has been detected in ZrLog up to 3.1.5. This  ...)
-	TODO: check
+	NOT-FOR-US: ZrLog
 CVE-2025-9590 (A vulnerability was identified in Weaver E-Mobile Mobile Management Pl ...)
-	TODO: check
+	NOT-FOR-US: Weaver E-Mobile Mobile Management
 CVE-2025-9589 (A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. ...)
-	TODO: check
+	NOT-FOR-US: Cudy WR1200EA
 CVE-2025-9586 (A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Comfast CF-N1
 CVE-2025-9585 (A vulnerability was determined in Comfast CF-N1 2.6.0. This affects th ...)
-	TODO: check
+	NOT-FOR-US: Comfast CF-N1
 CVE-2025-9441 (The iATS Online Forms plugin for WordPress is vulnerable to time-based ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9374 (The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8861 (TSA developed by Changing has a Missing Authentication vulnerability,  ...)
-	TODO: check
+	NOT-FOR-US: Changing TSA
 CVE-2025-8858 (Clinic Image System developed by Changing has a SQL Injection vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Changing Clinic Image System
 CVE-2025-8857 (Clinic Image System developed by Changing contains hard-coded Credenti ...)
-	TODO: check
+	NOT-FOR-US: Changing Clinic Image System
 CVE-2025-8619 (The OSM Map Widget for Elementor plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8290 (The List Subpages plugin for WordPress is vulnerable to Stored Cross-S ...)
@@ -83,23 +83,23 @@ CVE-2025-58327
 CVE-2025-58326
 	REJECTED
 CVE-2025-58323 (NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attac ...)
-	TODO: check
+	NOT-FOR-US: NAVER MYBOX Explorer
 CVE-2025-58062 (LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. P ...)
-	TODO: check
+	NOT-FOR-US: vscode plugin
 CVE-2025-58061 (OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persist ...)
-	TODO: check
+	NOT-FOR-US: OpenEBS
 CVE-2025-58058 (xz is a pure golang package for reading and writing xz-compressed file ...)
 	TODO: check
 CVE-2025-54777 (Uncaught exception issue exists in Multiple products in bizhub series. ...)
-	TODO: check
+	NOT-FOR-US: buzhub
 CVE-2025-54142 (Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OP ...)
-	TODO: check
+	NOT-FOR-US: Akamai Ghost
 CVE-2025-53508 (Multiple products provided by iND Co.,Ltd contain an OS command inject ...)
-	TODO: check
+	NOT-FOR-US: iND
 CVE-2025-53507 (Multiple products provided by iND Co.,Ltd contain an insecure storage  ...)
-	TODO: check
+	NOT-FOR-US: iND
 CVE-2025-48979 (An Improper Input Validation in UISP Application could allow a Command ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti
 CVE-2025-43284 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2025-43268 (A permissions issue was addressed with additional restrictions. This i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3edffe044d1096af73b7bc942146df7594cab692

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3edffe044d1096af73b7bc942146df7594cab692
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250829/fe6e31d9/attachment.htm>

More information about the debian-security-tracker-commits mailing list