[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Dec 14 22:23:39 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd988c85 by Moritz Muehlenhoff at 2025-12-14T23:23:09+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-14674 (A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by ...)
-	TODO: check
+	NOT-FOR-US: snail-job
 CVE-2025-14673 (A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affec ...)
-	TODO: check
+	NOT-FOR-US: snap7-rs
 CVE-2025-14672 (A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts t ...)
-	TODO: check
+	NOT-FOR-US: snap7-rs
 CVE-2025-14668 (A vulnerability was detected in campcodes Advanced Online Examination  ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-14667 (A security vulnerability has been detected in itsourcecode COVID Track ...)
@@ -21,7 +21,7 @@ CVE-2025-14662 (A vulnerability was found in code-projects Student File Manageme
 CVE-2025-14661 (A vulnerability has been found in itsourcecode Student Managemen Syste ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-14660 (A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected b ...)
-	TODO: check
+	NOT-FOR-US: DecoCMS
 CVE-2025-14659 (A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b0 ...)
 	NOT-FOR-US: D-Link
 CVE-2025-14656 (A weakness has been identified in Tenda AC20 16.03.08.12. This affects ...)
@@ -35,7 +35,7 @@ CVE-2025-14653 (A vulnerability was determined in itsourcecode Student Managemen
 CVE-2025-14652 (A vulnerability was found in itsourcecode Online Cake Ordering System  ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-14651 (A vulnerability has been found in MartialBE one-hub up to 0.14.27. Thi ...)
-	TODO: check
+	NOT-FOR-US: MartialBE one-hub
 CVE-2025-XXXX [Cross-Site-Scripting vulnerability via SVG's animate tag]
 	- roundcube 1.6.12+dfsg-1 (bug #1122899)
 	NOTE: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
@@ -141,7 +141,7 @@ CVE-2025-14588 (A security flaw has been discovered in itsourcecode Student Mana
 CVE-2025-14587 (A vulnerability was identified in itsourcecode Online Pet Shop Managem ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-14542 (The vulnerability arises when a client fetches a tools\u2019 JSON spec ...)
-	TODO: check
+	NOT-FOR-US: python-utcp
 CVE-2025-0969 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Se ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9873 (The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Si ...)
@@ -1257,7 +1257,7 @@ CVE-2025-67686
 CVE-2025-67648 (Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10 ...)
 	NOT-FOR-US: Shopware
 CVE-2025-67646 (TableProgressTracking is a MediaWiki extension to track progress again ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension TableProgressTracking
 CVE-2025-67644 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
 	NOT-FOR-US: LangGraph SQLite Checkpoint
 CVE-2025-67514
@@ -3718,7 +3718,7 @@ CVE-2025-65796 (Incorrect access control in usememos memos v0.25.2 allows attack
 CVE-2025-65795 (Incorrect access control in the /api/v1/user endpoint of usememos memo ...)
 	NOT-FOR-US: usememos memos
 CVE-2025-65548 (NUT-14 allows cashu tokens to be created with a preimage hash. However ...)
-	TODO: check
+	NOT-FOR-US: NUT-14
 CVE-2025-65363 (Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1. ...)
 	NOT-FOR-US: Ruijie
 CVE-2025-65271 (Client-side template injection (CSTI) in Azuriom CMS admin dashboard a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd988c85fab6d89ae017018217ec5b290353afac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd988c85fab6d89ae017018217ec5b290353afac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251214/2331a8b6/attachment.htm>

More information about the debian-security-tracker-commits mailing list