[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 7 21:44:21 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4824ed87 by Salvatore Bonaccorso at 2026-01-07T22:43:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,7 @@ CVE-2026-0668 (Inefficient Regular Expression Complexity vulnerability in Wikime
 CVE-2026-0618 (Cross-site Scripting vulnerability in Devolutions PowerShell Universal ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-6225 (Kieback&Peter Neutrino-GLT product is used for building management. It ...)
-	TODO: check
+	NOT-FOR-US: Kieback & Peter Neutrino-GLT product
 CVE-2025-69344 (Missing Authorization vulnerability in ThemeHunk Oneline Lite allows E ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69333 (Missing Authorization vulnerability in Crocoblock JetEngine allows Exp ...)
@@ -79,35 +79,35 @@ CVE-2025-69081 (Improper Control of Filename for Include/Require Statement in PH
 CVE-2025-69080 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68637 (The Uniffle HTTP client is configured to trust all SSL certificates an ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-67366 (@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file c ...)
-	TODO: check
+	NOT-FOR-US: sylphxltd/filesystem-mcp
 CVE-2025-67364 (fast-filesystem-mcp version 3.4.0 contains a critical path traversal v ...)
-	TODO: check
+	NOT-FOR-US: fast-filesystem-mcp
 CVE-2025-66838 (In Aris v10.0.23.0.3587512 and before, the file upload functionality d ...)
-	TODO: check
+	NOT-FOR-US: Aris
 CVE-2025-66837 (A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: Aris
 CVE-2025-66786 (OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when proces ...)
-	TODO: check
+	NOT-FOR-US: OpenAirInterface CN5G AMF
 CVE-2025-66686 (A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS  ...)
-	TODO: check
+	NOT-FOR-US: Perch CMS
 CVE-2025-66560 (Quarkus is a Cloud Native, (Linux) Container First framework for writi ...)
-	TODO: check
+	NOT-FOR-US: Quarkus
 CVE-2025-65805 (OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: OpenAirInterface CN5G AMF
 CVE-2025-62327 (In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configur ...)
 	NOT-FOR-US: HCL
 CVE-2025-61939 (An unused function in MicroServer can start a reverse SSH connection t ...)
-	TODO: check
+	NOT-FOR-US: Columbia Weather Systems
 CVE-2025-61782 (OpenCTI is an open source platform for managing cyber threat intellige ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2025-61492 (A command injection vulnerability in the execute_command function of t ...)
-	TODO: check
+	NOT-FOR-US: terminal-controller-mcp
 CVE-2025-61489 (A command injection vulnerability in the shell_exec function of soniri ...)
-	TODO: check
+	NOT-FOR-US: sonirico mcp-shell
 CVE-2025-58441 (Knowage is an open source analytics and business intelligence suite. P ...)
-	TODO: check
+	NOT-FOR-US: Knowage
 CVE-2025-4677 (Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card  ...)
 	NOT-FOR-US: ABB group
 CVE-2025-4676 (Incorrect Implementation of Authentication Algorithm vulnerability in  ...)
@@ -131,7 +131,7 @@ CVE-2025-32300 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-31643 (Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-15479 (Stored cross-site scripting (XSS, CWE-79) in the survey content and ad ...)
-	TODO: check
+	NOT-FOR-US: Data Illusion Zumbrunn NGSurvey Enterprise Edition
 CVE-2025-15158 (The WP Enable WebP plugin for WordPress is vulnerable to arbitrary fil ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-15058 (The Responsive Pricing Table plugin for WordPress is vulnerable to Sto ...)
@@ -419,7 +419,7 @@ CVE-2025-11235 (Unverified Password Change vulnerability in Progress MOVEit Tran
 CVE-2025-0980 (Nokia SR Linux is vulnerable to an authentication vulnerability allowi ...)
 	NOT-FOR-US: Nokia
 CVE-2024-14020 (A weakness has been identified in carboneio carbone up to fbcd349077ad ...)
-	TODO: check
+	NOT-FOR-US: carboneio carbone
 CVE-2025-15224 [libssh key passphrase bypass without agent set]
 	- curl <unfixed> (unimportant)
 	NOTE: https://curl.se/docs/CVE-2025-15224.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4824ed87d750fd33713258af64c01c6a7532f814

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4824ed87d750fd33713258af64c01c6a7532f814
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260107/f626127f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list