[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon Feb 23 20:47:00 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc70e990 by Salvatore Bonaccorso at 2026-02-23T21:46:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2026-27511 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi con
 CVE-2026-26464 (Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.ph ...)
 	NOT-FOR-US: Society Management System Portal
 CVE-2026-26365 (Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles p ...)
-	TODO: check
+	NOT-FOR-US: Akamai
 CVE-2026-25747 (Deserialization of Untrusted Data vulnerability in Apache Camel LevelD ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-23552 (Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache C ...)
@@ -43,19 +43,19 @@ CVE-2026-21420 (Dell Repository Manager (DRM), versions prior to 3.4.8, contains
 CVE-2025-70329 (TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injecti ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-70058 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...)
-	TODO: check
+	NOT-FOR-US: YMFE YApi
 CVE-2025-70045 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...)
-	TODO: check
+	NOT-FOR-US: jxcore jxm
 CVE-2025-70044 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...)
-	TODO: check
+	NOT-FOR-US: uTools-quickcommand
 CVE-2025-70043 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...)
-	TODO: check
+	NOT-FOR-US: Ayms node-To
 CVE-2025-69700 (Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerabi ...)
 	NOT-FOR-US: Tenda
 CVE-2025-63946 (A privilege escalation (PE) vulnerability in the Tencent PC Manager ap ...)
-	TODO: check
+	NOT-FOR-US: Tencent PC Manager app
 CVE-2025-63945 (A privilege escalation (PE) vulnerability in the Tencent iOA app thru  ...)
-	TODO: check
+	NOT-FOR-US: Tencent iOA app
 CVE-2025-61147 (strukturag libde265 commit d9fea9d wa discovered to contain a segmenta ...)
 	TODO: check
 CVE-2025-61146 (saitoha libsixel until v1.8.7 was discovered to contain a memory leak  ...)
@@ -78,7 +78,7 @@ CVE-2025-61143 (libtiff up to v4.7.1 was discovered to contain a NULL pointer de
 CVE-2025-59873 (An information exposure vulnerability exists in  Vulnerability in HCL  ...)
 	NOT-FOR-US: HCL
 CVE-2025-41002 (SQL injection vulnerability in Infoticketing. This vulnerability allow ...)
-	TODO: check
+	NOT-FOR-US: Infoticketing
 CVE-2025-40986 (Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This ...)
 	TODO: check
 CVE-2025-40701 (Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc70e990124a8ce14ce0df7a0474efc2729113c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc70e990124a8ce14ce0df7a0474efc2729113c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260223/b849550f/attachment.htm>
