[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Oct 9 09:56:45 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14424389 by Moritz Muehlenhoff at 2025-10-09T10:56:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,13 +17,13 @@ CVE-2025-61788 (Opencast is a free, open-source platform to support the manageme
 CVE-2025-61672 (Synapse is an open source Matrix homeserver implementation. Lack of va ...)
 	TODO: check
 CVE-2025-61524 (An issue in the permission verification module and organization/applic ...)
-	TODO: check
+	NOT-FOR-US: Casdoor
 CVE-2025-61183 (Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to ex ...)
 	NOT-FOR-US: vaahcms
 CVE-2025-60834 (A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows ...)
 	NOT-FOR-US: uzy-ssm-mall
 CVE-2025-60833 (An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay comp ...)
-	TODO: check
+	NOT-FOR-US: uzy-ssm-mall
 CVE-2025-60830 (redragon-erp v1.0 was discovered to contain a Shiro deserialization vu ...)
 	NOT-FOR-US: redragon-erp
 CVE-2025-60828 (WukongCRM-9.0-JAVA was discovered to contain a fastjson deserializatio ...)
@@ -31,7 +31,7 @@ CVE-2025-60828 (WukongCRM-9.0-JAVA was discovered to contain a fastjson deserial
 CVE-2025-60318 (SourceCodester Pet Grooming Management Software 1.0 is vulnerable to C ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-60314 (Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored C ...)
-	TODO: check
+	NOT-FOR-US: Configuroweb Sistema Web de Inventario
 CVE-2025-60313 (Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site S ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-60311 (ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection  ...)
@@ -103,13 +103,13 @@ CVE-2025-27040 (Information disclosure may occur while processing the hypervisor
 CVE-2025-27039 (Memory corruption may occur while processing IOCTL call for DMM/WARPNC ...)
 	NOT-FOR-US: Qualcomm
 CVE-2025-11539 (Grafana Image Renderer is vulnerable to remote code execution due to a ...)
-	TODO: check
+	NOT-FOR-US: grafana-image-renderer
 CVE-2025-11535 (MongoDB Connector for BI installation viaMSIon Windows leaves ACLs uns ...)
-	TODO: check
+	NOT-FOR-US: MongoDB Connector for BI
 CVE-2025-11530 (A weakness has been identified in code-projects Online Complaint Site  ...)
 	NOT-FOR-US: code-projects
 CVE-2025-11529 (A security flaw has been discovered in ChurchCRM up to 5.18.0. This im ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2025-11528 (A vulnerability was identified in Tenda AC7 15.03.06.44. This affects  ...)
 	NOT-FOR-US: Tenda
 CVE-2025-11527 (A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted  ...)
@@ -131,13 +131,13 @@ CVE-2025-11515 (A security flaw has been discovered in code-projects Online Comp
 CVE-2025-11514 (A vulnerability was identified in code-projects Online Complaint Site  ...)
 	NOT-FOR-US: code-projects
 CVE-2025-11513 (A vulnerability was determined in code-projects E-Commerce Website 1.0 ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-11512 (A vulnerability was found in code-projects Voting System 1.0. Affected ...)
 	NOT-FOR-US: code-projects
 CVE-2025-11511 (A flaw has been found in code-projects E-Commerce Website 1.0. Affecte ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-11509 (A vulnerability was detected in code-projects E-Commerce Website 1.0.  ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-11508 (A security vulnerability has been detected in code-projects Voting Sys ...)
 	NOT-FOR-US: code-projects
 CVE-2025-11507 (A weakness has been identified in PHPGurukul Beauty Parlour Management ...)
@@ -153,11 +153,11 @@ CVE-2025-11495 (A vulnerability was determined in GNU Binutils 2.45. The affecte
 CVE-2025-11494 (A vulnerability was found in GNU Binutils 2.45. Impacted is the functi ...)
 	TODO: check
 CVE-2025-11491 (A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0. ...)
-	TODO: check
+	NOT-FOR-US: DesktopCommanderMCP
 CVE-2025-11490 (A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up  ...)
-	TODO: check
+	NOT-FOR-US: DesktopCommanderMCP
 CVE-2025-11489 (A security vulnerability has been detected in wonderwhy-er DesktopComm ...)
-	TODO: check
+	NOT-FOR-US: DesktopCommanderMCP
 CVE-2025-11488 (A weakness has been identified in D-Link DIR-852 up to 20251002. This  ...)
 	NOT-FOR-US: D-Link
 CVE-2025-11487 (A security flaw has been discovered in SourceCodester Farm Management  ...)
@@ -167,7 +167,7 @@ CVE-2025-11486 (A vulnerability was identified in SourceCodester Farm Management
 CVE-2025-11485 (A vulnerability was determined in SourceCodester Student Grades Manage ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-11481 (A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Manag ...)
-	TODO: check
+	NOT-FOR-US: Blood-Bank-And-Donation-Management-System
 CVE-2025-11480 (A vulnerability was detected in SourceCodester Simple E-Commerce Books ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-11479 (A security vulnerability has been detected in SourceCodester Wedding R ...)
@@ -193,7 +193,7 @@ CVE-2025-11470 (A security vulnerability has been detected in SourceCodester Hot
 CVE-2025-11469 (A weakness has been identified in SourceCodester Hotel and Lodge Manag ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-11445 (A vulnerability was detected in Kilo Code up to 4.86.0. Affected is th ...)
-	TODO: check
+	NOT-FOR-US: Kilo Code
 CVE-2025-11444 (A security vulnerability has been detected in TOTOLINK N600R up to 4.3 ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-11166 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
@@ -205,15 +205,15 @@ CVE-2025-10586 (The Community Events plugin for WordPress is vulnerable to SQL I
 CVE-2025-10496 (The Cookie Notice & Consent plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10353 (File upload leading to remote code execution (RCE) in the \u201cmelis- ...)
-	TODO: check
+	NOT-FOR-US: Melis Platform
 CVE-2025-10352 (Vulnerability in the melis-core module of Melis Technology's Melis Pla ...)
-	TODO: check
+	NOT-FOR-US: Melis Platform
 CVE-2025-10351 (SQL injection vulnerability based on the melis-cms module of the Melis ...)
-	TODO: check
+	NOT-FOR-US: Melis Platform
 CVE-2017-20202 (Web Developer for Chrome v0.4.9 contained malicious code that generate ...)
-	TODO: check
+	NOT-FOR-US: Chrome extension
 CVE-2017-20201 (CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) cont ...)
-	TODO: check
+	NOT-FOR-US: CCleaner
 CVE-2025-2934
 	- gitlab <unfixed>
 CVE-2025-9825



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1442438968f2e25d6cf699f96e208be6c9cf5ab5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1442438968f2e25d6cf699f96e208be6c9cf5ab5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251009/9e51d6a3/attachment.htm>

More information about the debian-security-tracker-commits mailing list