[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 14 07:43:18 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
818b4aae by Moritz Muehlenhoff at 2025-07-14T08:42:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2025-7535 (A vulnerability was found in Campcodes Sales and Inventory System
 CVE-2025-7534 (A vulnerability was found in PHPGurukul Student Result Management Syst ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-7533 (A vulnerability was found in code-projects Job Diary 1.0 and classifie ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7532 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and class ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7531 (A vulnerability, which was classified as critical, was found in Tenda  ...)
@@ -27,15 +27,15 @@ CVE-2025-7528 (A vulnerability classified as critical has been found in Tenda FH
 CVE-2025-7527 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been r ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7525 (A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-7524 (A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-7012 (An issue in Cato Networks' CatoClient for Linux, before version 5.5, a ...)
 	TODO: check
 CVE-2025-53865 (In Roundup before 2.5.0, XSS can occur via interaction between URLs an ...)
-	TODO: check
+	- roundup <removed>
 CVE-2025-7523 (A vulnerability was found in Jinher OA 1.0 and classified as problemat ...)
-	TODO: check
+	NOT-FOR-US: Jinher OA
 CVE-2025-7522 (A vulnerability has been found in PHPGurukul Vehicle Parking Managemen ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-7521 (A vulnerability, which was classified as critical, was found in PHPGur ...)
@@ -49,19 +49,19 @@ CVE-2025-7516 (A vulnerability classified as critical was found in code-projects
 CVE-2025-7515 (A vulnerability classified as critical has been found in code-projects ...)
 	NOT-FOR-US: code-projects
 CVE-2025-7514 (A vulnerability was found in code-projects Modern Bag 1.0. It has been ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7513 (A vulnerability was found in code-projects Modern Bag 1.0. It has been ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7512 (A vulnerability was found in code-projects Modern Bag 1.0. It has been ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7511 (A vulnerability was found in code-projects Chat System 1.0 and classif ...)
 	NOT-FOR-US: code-projects
 CVE-2025-7510 (A vulnerability has been found in code-projects Modern Bag 1.0 and cla ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7509 (A vulnerability, which was classified as critical, was found in code-p ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7508 (A vulnerability, which was classified as critical, has been found in c ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7506 (A vulnerability classified as critical was found in Tenda FH451 1.0.0. ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7505 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
@@ -119,7 +119,7 @@ CVE-2025-7467 (A vulnerability, which was classified as critical, was found in c
 CVE-2025-36104 (IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated use ...)
 	NOT-FOR-US: IBM
 CVE-2024-41169 (The attacker can use the raft server protocol in an unauthenticated wa ...)
-	TODO: check
+	NOT-FOR-US: Apache Zeppelin
 CVE-2021-4458 (The Modern Events Calendar Lite plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2020-36849 (The AIT CSV import/export plugin for WordPress is vulnerable to arbitr ...)
@@ -175,7 +175,7 @@ CVE-2025-53872
 CVE-2025-53871
 	REJECTED
 CVE-2025-53636 (Open OnDemand is an open-source HPC portal. Users can flood logs by in ...)
-	TODO: check
+	NOT-FOR-US: Open OnDemand
 CVE-2025-24294 (The attack vector is a potential Denial of Service (DoS). The vulnerab ...)
 	TODO: check
 CVE-2025-1313 (The Nokri - Job Board WordPress Theme theme for WordPress is vulnerabl ...)
@@ -305,13 +305,13 @@ CVE-2025-30661 (An Incorrect Permission Assignment for Critical Resource vulnera
 CVE-2025-30403 (A heap-buffer-overflow vulnerability is possible in mvfst via a specia ...)
 	TODO: check
 CVE-2025-30402 (A heap-buffer-overflow vulnerability in the loading of ExecuTorch meth ...)
-	TODO: check
+	NOT-FOR-US: ExecuTorch
 CVE-2024-47065 (Meshtastic is an open source mesh networking solution. Prior to 2.5.1, ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic
 CVE-2023-38329 (An issue was discovered in eGroupWare 17.1.20190111. A cross-site scri ...)
-	TODO: check
+	- egroupware <removed>
 CVE-2023-38327 (An issue was discovered in eGroupWare 17.1.20190111. A User Enumeratio ...)
-	TODO: check
+	- egroupware <removed>
 CVE-2025-48924 (Uncontrolled Recursion vulnerability in Apache Commons Lang.  This iss ...)
 	- libcommons-lang3-java <unfixed> (bug #1109125)
 	- libcommons-lang-java <unfixed> (bug #1109126)
@@ -110157,7 +110157,7 @@ CVE-2024-31897 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19
 CVE-2024-6229 (A stored cross-site scripting (XSS) vulnerability exists in the 'Uploa ...)
 	NOT-FOR-US: stangirard/quivr
 CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This le ...)
-	NOT-FOR-US: EGroupware
+	- egroupware <removed>
 CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki through 1 ...)
 	NOT-FOR-US: Foreground skin for MediaWiki
 CVE-2024-40604 (An issue was discovered in the Nimbus skin for MediaWiki through 1.42. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/818b4aae781173ba6d4b00a5705a8e80328998a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/818b4aae781173ba6d4b00a5705a8e80328998a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250714/6e83e87f/attachment.htm>

More information about the debian-security-tracker-commits mailing list