[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 30 09:41:47 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1cfc7924 by security tracker role at 2025-10-30T08:13:24+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,53 +1,53 @@
 CVE-2025-9954 (Missing Authorization vulnerability in Drupal Acquia DAM allows Forcef ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-62257 (Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4 ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-61959 (Prior to September 19, 2025, the Hospital Manager Backend Services ret ...)
 	TODO: check
 CVE-2025-54549 (Cryptographic validation of upgrade images could be circumventing by d ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2025-54548 (On affected platforms, restricted users could view sensitive portions  ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2025-54547 (On affected platforms, if SSH session multiplexing was configured on t ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2025-54546 (On affected platforms, restricted users could use SSH port forwarding  ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2025-54545 (On affected platforms, a restricted user could break out of the CLI sa ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2025-54459 (Prior to September 19, 2025, the Hospital Manager Backend Services exp ...)
 	TODO: check
 CVE-2025-12475 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12466 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-12083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-12082 (Incorrect Authorization vulnerability in Drupal CivicTheme Design Syst ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-11906 (A vulnerability exists in Progress Flowmon versions prior 12.5.6 where ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2025-11881 (The AppPresser \u2013 Mobile App Framework plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11627 (The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Eac ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11428
 	REJECTED
 CVE-2025-10931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-10930 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency all ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-10929 (Improper Validation of Consistency within Input vulnerability in Drupa ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-10928 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-10927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-10926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-10636 (The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10008 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-62503
 	- airflow <itp> (bug #819700)
 CVE-2025-62402



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cfc7924005e8a756f6b3916e0bc2c4066963f12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cfc7924005e8a756f6b3916e0bc2c4066963f12
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251030/37476bdb/attachment.htm>

More information about the debian-security-tracker-commits mailing list