[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 6 20:35:47 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b86a1581 by Salvatore Bonaccorso at 2026-01-06T21:35:04+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81,19 +81,19 @@ CVE-2025-69084 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-69083 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-65212 (An issue was discovered in NJHYST HY511 POE core before 2.1 and plugin ...)
-	TODO: check
+	NOT-FOR-US: NJHYST HY511 POE core
 CVE-2025-63083 (Lack of output escaping leads to a XSS vector in the pagebreak plugin.)
 	NOT-FOR-US: Joomla
 CVE-2025-63082 (Lack of input filtering leads to an XSS vector in the HTML filter code ...)
 	NOT-FOR-US: Joomla
 CVE-2025-60534 (Blue Access Cobalt v02.000.195 suffers from an authentication bypass v ...)
-	TODO: check
+	NOT-FOR-US: Blue Access Cobalt
 CVE-2025-60262 (An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SW ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-5919 (The Appointment Booking and Scheduling Calendar Plugin \u2013 WP Timet ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-59379 (DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allo ...)
-	TODO: check
+	NOT-FOR-US: DwyerOmega Isensix Advanced Remote Monitoring System (ARMS)
 CVE-2025-47553 (Deserialization of Untrusted Data vulnerability in Digital zoom studio ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46696 (Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, versi ...)
@@ -107,13 +107,13 @@ CVE-2025-32304 (Improper Control of Filename for Include/Require Statement in PH
 CVE-2025-15382 (A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath( ...)
 	TODO: check
 CVE-2025-14979 (AirVPN Eddie on MacOS contains an insecure XPC service that allows loc ...)
-	TODO: check
+	NOT-FOR-US: AirVPN Eddie on MacOS
 CVE-2025-14942 (wolfSSH\u2019s key exchange state machine can be manipulated to leak t ...)
 	TODO: check
 CVE-2025-14552 (The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14026 (Forcepoint One DLP Client, version 23.04.5642 (and possibly newer vers ...)
-	TODO: check
+	NOT-FOR-US: Forcepoint One DLP Client
 CVE-2025-13964 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13766 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...)
@@ -125,43 +125,43 @@ CVE-2024-30547 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2023-5069
 	REJECTED
 CVE-2020-36925 (Arteco Web Client DVR/NVR contains a session hijacking vulnerability w ...)
-	TODO: check
+	NOT-FOR-US: Arteco Web Client DVR/NVR
 CVE-2020-36924 (Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vul ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2020-36923 (Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object r ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2020-36922 (Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure v ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2020-36921 (RED-V Super Digital Signage System 5.1.1 contains an information discl ...)
-	TODO: check
+	NOT-FOR-US: RED-V Super Digital Signage System
 CVE-2020-36920 (iDS6 DSSPro Digital Signage System 6.2 contains an improper access con ...)
-	TODO: check
+	NOT-FOR-US: iDS6 DSSPro Digital Signage System
 CVE-2020-36918 (iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request f ...)
-	TODO: check
+	NOT-FOR-US: iDS6 DSSPro Digital Signage System
 CVE-2020-36917 (iDS6 DSSPro Digital Signage System 6.2 contains a sensitive informatio ...)
-	TODO: check
+	NOT-FOR-US: iDS6 DSSPro Digital Signage System
 CVE-2020-36916 (TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privile ...)
-	TODO: check
+	NOT-FOR-US: TDM Digital Signage PC Player
 CVE-2020-36915 (Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multip ...)
-	TODO: check
+	NOT-FOR-US: Adtec Digital SignEdje Digital Signage Player
 CVE-2020-36914 (QiHang Media Web Digital Signage 3.0.9 contains a sensitive informatio ...)
-	TODO: check
+	NOT-FOR-US: QiHang Media Web Digital Signage
 CVE-2020-36913 (All-Dynamics Software enlogic:show 2.0.2 contains a session fixation v ...)
-	TODO: check
+	NOT-FOR-US: All-Dynamics Software
 CVE-2020-36912 (Plexus anblick Digital Signage Management 3.1.13 contains an open redi ...)
-	TODO: check
+	NOT-FOR-US: Plexus anblick Digital Signage Management
 CVE-2020-36910 (Cayin Signage Media Player 3.0 contains an authenticated remote comman ...)
-	TODO: check
+	NOT-FOR-US: Cayin Signage Media Player
 CVE-2020-36909 (SnapGear Management Console SG560 3.1.5 contains a file manipulation v ...)
-	TODO: check
+	NOT-FOR-US: SnapGear Management Console
 CVE-2020-36908 (SnapGear Management Console SG560 version 3.1.5 contains a cross-site  ...)
-	TODO: check
+	NOT-FOR-US: SnapGear Management Console
 CVE-2020-36907 (Aerohive HiveOS contains a denial of service vulnerability in the NetC ...)
-	TODO: check
+	NOT-FOR-US: Aerohive HiveOS
 CVE-2020-36906 (P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery v ...)
-	TODO: check
+	NOT-FOR-US: P5 FNIP-8x16A FNIP-4xSH
 CVE-2020-36905 (FIBARO System Home Center 5.021 contains a remote file inclusion vulne ...)
-	TODO: check
+	NOT-FOR-US: FIBARO System Home Center
 CVE-2026-21750
 	REJECTED
 CVE-2026-21749
@@ -195,9 +195,9 @@ CVE-2026-21486 (iccDEV provides a set of libraries and tools for working with IC
 CVE-2026-21485 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
 	NOT-FOR-US: iccDEV
 CVE-2026-21439 (badkeys is a tool and library for checking cryptographic public keys f ...)
-	TODO: check
+	NOT-FOR-US: badkeys
 CVE-2026-21411 (Authentication bypass issue exists in OpenBlocks series versions prior ...)
-	TODO: check
+	NOT-FOR-US: OpenBlocks IoT DX1
 CVE-2026-0625 (Multiple D-Link DSL gateway devices contain a command injection vulner ...)
 	NOT-FOR-US: D-Link
 CVE-2026-0621 (Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 con ...)
@@ -235,15 +235,15 @@ CVE-2025-66648 (vega-functions provides function implementations for the Vega ex
 CVE-2025-65110 (Vega is a visualization grammar, a declarative format for creating, sa ...)
 	TODO: check
 CVE-2025-64425 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-64424 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-64423 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-64422 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-61916 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
-	TODO: check
+	NOT-FOR-US: Spinnaker
 CVE-2025-4776 (The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scrip ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-20807 (In dpe, there is a possible out of bounds write due to an integer over ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b86a158167105c7a2ed30d08dc9d4fbdec9ab891

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b86a158167105c7a2ed30d08dc9d4fbdec9ab891
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260106/a4fa5e12/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list