[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 1 08:35:40 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed176a5c by Salvatore Bonaccorso at 2025-11-01T09:35:02+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14,7 +14,7 @@ CVE-2025-6988 (The kallyas theme for WordPress is vulnerable to Stored Cross-Sit
 CVE-2025-6574 (The Service Finder Bookings plugin for WordPress is vulnerable to priv ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-63563 (Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Summer Pearl Group Vacation Rental Management Platform
 CVE-2025-62276 (The Document Library and the Adaptive Media modules in Liferay Portal  ...)
 	NOT-FOR-US: Liferay
 CVE-2025-62275 (Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported ...)
@@ -275,13 +275,13 @@ CVE-2025-34134 (Nagios XI versions prior to 2024R1.4.2 contain a remote code exe
 CVE-2025-33003 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allo ...)
 	NOT-FOR-US: IBM
 CVE-2025-30191 (Malicious content from E-Mail can be used to perform a redressing atta ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2025-30188 (Malicious or unintentional API requests can be used to add significant ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2025-29270 (Incorrect access control in the realtime.cgi endpoint of Deep Sea Elec ...)
-	TODO: check
+	NOT-FOR-US: Deep Sea Electronics devices DSE855
 CVE-2025-27208 (A reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2025-12554 (Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; B ...)
 	NOT-FOR-US: Azure Access Technology
 CVE-2025-12553 (Email Server Certificate Verification Disabled.This issue affects BLU- ...)
@@ -305,7 +305,7 @@ CVE-2025-12501 (Integer overflow in GameMaker IDE below 2024.14.0 version can le
 CVE-2025-12460 (An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 ...)
 	NOT-FOR-US: Afterlogic Aurora webmail
 CVE-2025-12357 (By manipulating the Signal Level Attenuation Characterization (SLAC)   ...)
-	TODO: check
+	NOT-FOR-US: EV Car Chargers
 CVE-2025-12175 (The The Events Calendar plugin for WordPress is vulnerable to unauthor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12115 (The WPC Name Your Price for WooCommerce plugin for WordPress is vulner ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed176a5cb0d0040860e3100f8b02478c2e423526

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed176a5cb0d0040860e3100f8b02478c2e423526
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251101/6b3386d8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list