[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 21 22:37:42 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5c54987 by Moritz Muehlenhoff at 2025-10-21T23:37:22+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-6239 (Zohocorp ManageEngine Applications Manager versions 176800 and be
 CVE-2025-62763 (Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the c ...)
 	NOT-FOR-US: Zimbra
 CVE-2025-62661 (Incorrect Default Permissions vulnerability in The Wikimedia Foundatio ...)
-	TODO: check
+	NOT-FOR-US: Mediawiki extension GrowthExperiments
 CVE-2025-62641 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox <unfixed>
 CVE-2025-62605 (Mastodon is a free, open-source social network server based on Activit ...)
@@ -106,57 +106,57 @@ CVE-2025-61748 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
 	- openjdk-25 <unfixed>
 	NOTE: https://openjdk.org/groups/vulnerability/advisories/2025-10-21
 CVE-2025-61457 (code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Fo ...)
-	TODO: check
+	NOT-FOR-US: code16 Sharp
 CVE-2025-61255 (Bank Locker Management System by PHPGurukul is affected by a Cross-Sit ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-61220 (The incomplete verification mechanism in the AutoBizLine com.mysecondl ...)
 	TODO: check
 CVE-2025-61194 (daicuocms V1.3.13 contains a SQL injection vulnerability in the file l ...)
-	TODO: check
+	NOT-FOR-US: daicuocms
 CVE-2025-61181 (daicuocms V1.3.13 contains an arbitrary file upload vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: daicuocms
 CVE-2025-60934 (Multiple stored cross-site scripting (XSS) vulnerabilities in the inde ...)
-	TODO: check
+	NOT-FOR-US: HR Performance Solutions Performance Pro
 CVE-2025-60933 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Futu ...)
-	TODO: check
+	NOT-FOR-US: HR Performance Solutions Performance Pro
 CVE-2025-60932 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Curr ...)
-	TODO: check
+	NOT-FOR-US: HR Performance Solutions Performance Pro
 CVE-2025-60790 (ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to ...)
-	TODO: check
+	NOT-FOR-US: ProcessWire CMS
 CVE-2025-60772 (Improper authentication in the web-based management interface of NETLI ...)
-	TODO: check
+	NOT-FOR-US: NETLINK
 CVE-2025-60751 (GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS:: ...)
 	TODO: check
 CVE-2025-60511 (Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Ins ...)
-	TODO: check
+	NOT-FOR-US: Moodle plugin
 CVE-2025-60507 (Cross site scripting vulnerability in Moodle GeniAI plugin (local_geni ...)
-	TODO: check
+	NOT-FOR-US: Moodle plugin
 CVE-2025-60506 (Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site sc ...)
-	TODO: check
+	NOT-FOR-US: Moodle plugin
 CVE-2025-60500 (QDocs Smart School Management System 7.1 allows authenticated users wi ...)
-	TODO: check
+	NOT-FOR-US: QDocs Smart School Management System
 CVE-2025-60427 (LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken  ...)
-	TODO: check
+	NOT-FOR-US: LibreTime
 CVE-2025-60344 (An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link  ...)
 	NOT-FOR-US: D-Link
 CVE-2025-60280 (Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allo ...)
-	TODO: check
+	NOT-FOR-US: Bang Resto
 CVE-2025-5496 (ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508 ...)
 	NOT-FOR-US: Zoho
 CVE-2025-59438 (Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.)
 	TODO: check
 CVE-2025-57521 (Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that  ...)
-	TODO: check
+	NOT-FOR-US: Bambu Studio
 CVE-2025-56802 (The Reolink desktop application uses a hard-coded and predictable AES  ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-56801 (The Reolink Desktop Application 8.18.12 contains hardcoded credentials ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-56800 (Reolink desktop application 8.18.12 contains a vulnerability in its lo ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-56799 (Reolink desktop application 8.18.12 contains a command injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-56450 (Log2Space Subscriber Management Software 1.1 is vulnerable to unauthen ...)
-	TODO: check
+	NOT-FOR-US: Log2Space Subscriber Management Software
 CVE-2025-53072 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
 	NOT-FOR-US: Oracle
 CVE-2025-53071 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5c549876327e03c7636c4e0afbb383436b31093

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5c549876327e03c7636c4e0afbb383436b31093
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/0add4818/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list