[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Jun 12 09:36:21 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce4510bd by Salvatore Bonaccorso at 2025-06-12T10:35:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2025-6009 (A vulnerability was found in kiCode111 like-girl 5.2.0 and classified  ...)
-	TODO: check
+	NOT-FOR-US: kiCode111 like-girl
 CVE-2025-6008 (A vulnerability has been found in kiCode111 like-girl 5.2.0 and classi ...)
-	TODO: check
+	NOT-FOR-US: kiCode111 like-girl
 CVE-2025-6007 (A vulnerability, which was classified as critical, was found in kiCode ...)
-	TODO: check
+	NOT-FOR-US: kiCode111 like-girl
 CVE-2025-6006 (A vulnerability, which was classified as critical, has been found in k ...)
-	TODO: check
+	NOT-FOR-US: kiCode111 like-girl
 CVE-2025-6005 (A vulnerability classified as critical was found in kiCode111 like-gir ...)
-	TODO: check
+	NOT-FOR-US: kiCode111 like-girl
 CVE-2025-5301 (ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE
 CVE-2025-5012 (The Workreap plugin for WordPress, used by the Workreap - Freelance Ma ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4973 (The Workreap plugin for WordPress, used by the Workreap - Freelance Ma ...)
@@ -33,7 +33,7 @@ CVE-2025-49815
 CVE-2025-49814
 	REJECTED
 CVE-2025-35978 (Improper restriction of communication channel to intended endpoints is ...)
-	TODO: check
+	NOT-FOR-US: UpdateNavi
 CVE-2023-36636
 	REJECTED
 CVE-2022-4976 (Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundl ...)
@@ -43,7 +43,7 @@ CVE-2025-6002 (An unrestricted file upload vulnerability exists in the Product I
 CVE-2025-6001 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the produc ...)
 	TODO: check
 CVE-2025-5687 (A vulnerability in Mozilla VPN on macOS allows privilege escalation fr ...)
-	TODO: check
+	NOT-FOR-US: Mozilla VPN on macOS
 CVE-2025-5144 (The The Events Calendar plugin for WordPress is vulnerable to Stored C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4922 (Nomad Community and Nomad Enterprise (\u201cNomad\u201d) prefix-based  ...)
@@ -106,7 +106,7 @@ CVE-2025-3302 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulne
 CVE-2025-35941 (A password is exposed locally.)
 	TODO: check
 CVE-2025-32711 (Ai command injection in M365 Copilot allows an unauthorized attacker t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32466 (A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1 ...)
 	NOT-FOR-US: Joomla
 CVE-2025-32465 (A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce4510bd3ad15048cc32ed12546a9ae759c5770b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce4510bd3ad15048cc32ed12546a9ae759c5770b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/c7c693b0/attachment.htm>
