[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 18 08:47:43 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a5505ac by Salvatore Bonaccorso at 2025-12-18T09:47:21+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -543,15 +543,15 @@ CVE-2025-43428 (A configuration issue was addressed with additional restrictions
 CVE-2025-27063 (Memory corruption during video playback when video session open fails  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2025-14856 (A security vulnerability has been detected in y_project RuoYi up to 4. ...)
-	TODO: check
+	NOT-FOR-US: RuoYi
 CVE-2025-14841 (A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element ...)
 	- dcmtk <unfixed>
 	NOTE: https://support.dcmtk.org/redmine/issues/1183
 	NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030 (DCMTK-3.7.0)
 CVE-2025-14837 (A vulnerability has been found in ZZCMS 2025. Affected by this issue i ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2025-14836 (A flaw has been found in ZZCMS 2025. Affected by this vulnerability is ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2025-14834 (A weakness has been identified in code-projects Simple Stock System 1. ...)
 	NOT-FOR-US: code-projects
 CVE-2025-14833 (A security flaw has been discovered in code-projects Online Appointmen ...)
@@ -579,7 +579,7 @@ CVE-2025-14314 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-14268
 	REJECTED
 CVE-2025-14202 (A vulnerability in the file upload at bookmark + asset rendering pipel ...)
-	TODO: check
+	NOT-FOR-US: Linkding
 CVE-2025-13498 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12976 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
@@ -593,61 +593,61 @@ CVE-2023-53933 (Serendipity 2.4.0 contains a remote code execution vulnerability
 CVE-2023-53932 (Serendipity 2.4.0 contains a stored cross-site scripting vulnerability ...)
 	TODO: check
 CVE-2023-53931 (Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2023-53930 (ProjectSend r1605 contains an insecure direct object reference vulnera ...)
-	TODO: check
+	NOT-FOR-US: ProjectSend
 CVE-2023-53929 (phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows aut ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2023-53928 (PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2023-53927 (PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulne ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Simple CMS
 CVE-2023-53926 (PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Simple CMS
 CVE-2023-53925 (UliCMS 2023.1 contains a stored cross-site scripting vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: UliCMS
 CVE-2023-53924 (UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnera ...)
-	TODO: check
+	NOT-FOR-US: UliCMS
 CVE-2023-53923 (UliCMS 2023.1 contains a privilege escalation vulnerability that allow ...)
-	TODO: check
+	NOT-FOR-US: UliCMS
 CVE-2023-53922 (TinyWebGallery v2.5 contains a remote code execution vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: TinyWebGallery
 CVE-2023-53921 (SitemagicCMS 4.4.3 contains a remote code execution vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: SitemagicCMS
 CVE-2023-53920 (PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerab ...)
-	TODO: check
+	NOT-FOR-US: PodcastGenerator
 CVE-2023-53919 (PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerab ...)
-	TODO: check
+	NOT-FOR-US: PodcastGenerator
 CVE-2023-53918 (PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerab ...)
-	TODO: check
+	NOT-FOR-US: PodcastGenerator
 CVE-2023-53917 (Affiliate Me version 5.0.1 contains a SQL injection vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Affiliate Me
 CVE-2023-53916 (Zenphoto 1.6 contains a stored cross-site scripting vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Zenphoto
 CVE-2023-53915 (Zenphoto 1.6 contains a stored cross-site scripting vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: Zenphoto
 CVE-2023-53914 (UliCMS 2023.1 contains an authentication bypass vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: UliCMS
 CVE-2023-53913 (Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows a ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2023-53912 (USB Flash Drives Control 4.1.0.0 contains an unquoted service path vul ...)
-	TODO: check
+	NOT-FOR-US: USB Flash Drives Control
 CVE-2023-53911 (Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerabi ...)
 	TODO: check
 CVE-2023-53910 (WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2023-53909 (WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2023-53908 (HiSecOS 04.0.01 contains a privilege escalation vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: HiSecOS
 CVE-2023-53907 (Bludit versions before 3.13.1 contain an authenticated file download v ...)
-	TODO: check
+	NOT-FOR-US: Bludit CMS
 CVE-2023-53906 (projectSend r1605 contains a stored cross-site scripting vulnerability ...)
-	TODO: check
+	NOT-FOR-US: projectSend
 CVE-2023-53905 (ProjectSend r1605 contains a CSV injection vulnerability that allows a ...)
-	TODO: check
+	NOT-FOR-US: projectSend
 CVE-2023-53904 (Xenforo 2.2.13 contains a stored cross-site scripting vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: Xenforo
 CVE-2025-67895 (Edge3 Worker RPC RCE on Airflow 2.  This issue affects Apache Airflow  ...)
 	NOT-FOR-US: Apache Airflow Providers Edge3
 CVE-2025-67285 (A SQL injection vulnerability was found in the '/cts/admin/?page=zone' ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a5505acd4812c50f39f5b1c2746deaa9e7f5fce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a5505acd4812c50f39f5b1c2746deaa9e7f5fce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/0a1b1ccf/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list