[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 9 20:32:36 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b59b495 by Salvatore Bonaccorso at 2026-01-09T21:32:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2026-22198 (GestSup versions up to and including 3.2.56 contain a pre-authenticati ...)
-	TODO: check
+	NOT-FOR-US: GestSup
 CVE-2026-22197 (GestSup versions up to and including 3.2.56 contain multiple SQL injec ...)
-	TODO: check
+	NOT-FOR-US: GestSup
 CVE-2026-22196 (GestSup versions up to and including 3.2.56 contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: GestSup
 CVE-2026-22195 (GestSup versions up to and including 3.2.56 contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: GestSup
 CVE-2026-22194 (GestSup versions up to and including 3.2.56 contain a cross-site reque ...)
-	TODO: check
+	NOT-FOR-US: GestSup
 CVE-2026-22082 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless  ...)
 	NOT-FOR-US: Tenda
 CVE-2026-22081 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless  ...)
@@ -23,55 +23,55 @@ CVE-2026-0803 (A vulnerability was found in PHPGurukul Online Course Registratio
 CVE-2026-0627 (The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7072 (The firmware in KAON CG3000TCand CG3000T routers contains hard-coded c ...)
-	TODO: check
+	NOT-FOR-US: KAON CG3000TC and CG3000T routers
 CVE-2025-70161 (EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This aris ...)
-	TODO: check
+	NOT-FOR-US: EDIMAX
 CVE-2025-69542 (A Command Injection Vulnerability has been discovered in the DHCP daem ...)
 	NOT-FOR-US: D-Link
 CVE-2025-69426 (The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-69425 (The Ruckus vRIoT IoT Controllerfirmware versions prior to 3.0.0.0 (GA) ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-67811 (Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints  ...)
-	TODO: check
+	NOT-FOR-US: Area9 Rhapsode
 CVE-2025-67810 (In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the op ...)
-	TODO: check
+	NOT-FOR-US: Area9 Rhapsode
 CVE-2025-67282 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass ...)
-	TODO: check
+	NOT-FOR-US: TIM
 CVE-2025-67281 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulner ...)
-	TODO: check
+	NOT-FOR-US: TIM
 CVE-2025-67280 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Lang ...)
-	TODO: check
+	NOT-FOR-US: TIM
 CVE-2025-67279 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2  ...)
-	TODO: check
+	NOT-FOR-US: TIM
 CVE-2025-67278 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2  ...)
-	TODO: check
+	NOT-FOR-US: TIM
 CVE-2025-67133 (An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to ...)
-	TODO: check
+	NOT-FOR-US: Hero Motocorp Vida V1 Pro
 CVE-2025-67070 (A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB ...)
 	NOT-FOR-US: Intelbras
 CVE-2025-67004 (An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin ...)
-	TODO: check
+	NOT-FOR-US: CouchCMS
 CVE-2025-66744 (In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the serie ...)
-	TODO: check
+	NOT-FOR-US: Yonyou YonBIP
 CVE-2025-66715 (A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows at ...)
-	TODO: check
+	NOT-FOR-US: Axtion ODISSAAS ODIS
 CVE-2025-66052 (Vivotek IP7137 camera with firmware version 0200a is vulnerable to com ...)
-	TODO: check
+	NOT-FOR-US: Vivotek IP7137 camera
 CVE-2025-66051 (Vivotek IP7137 camera with firmware version 0200a is vulnerable to pat ...)
-	TODO: check
+	NOT-FOR-US: Vivotek IP7137 camera
 CVE-2025-66050 (Vivotek IP7137 camera with firmware version 0200a by default dos not r ...)
-	TODO: check
+	NOT-FOR-US: Vivotek IP7137 camera
 CVE-2025-66049 (VivotekIP7137camera with firmware version0200a is vulnerable to an inf ...)
-	TODO: check
+	NOT-FOR-US: Vivotek IP7137 camera
 CVE-2025-64093 (Remote Code Execution vulnerability that allows unauthenticated attack ...)
-	TODO: check
+	NOT-FOR-US: Zenitel
 CVE-2025-64092 (This vulnerability allows unauthenticated attackers to inject an SQL r ...)
-	TODO: check
+	NOT-FOR-US: Zenitel
 CVE-2025-64091 (This vulnerability allows authenticated attackers to execute commands  ...)
-	TODO: check
+	NOT-FOR-US: Zenitel
 CVE-2025-64090 (This vulnerability allows authenticated attackers to execute commands  ...)
-	TODO: check
+	NOT-FOR-US: Zenitel
 CVE-2025-56225 (fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer de ...)
 	TODO: check
 CVE-2025-46676 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
@@ -83,19 +83,19 @@ CVE-2025-46644 (Dell PowerProtect Data Domain with Data Domain Operating System
 CVE-2025-46643 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-15496 (A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1.  ...)
-	TODO: check
+	NOT-FOR-US: guchengwuyue yshopmall
 CVE-2025-15495 (A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impac ...)
-	TODO: check
+	NOT-FOR-US: BiggiDroid Simple PHP CMS
 CVE-2025-15494 (A vulnerability has been found in RainyGao DocSys up to 2.02.37. This  ...)
-	TODO: check
+	NOT-FOR-US: RainyGao DocSys
 CVE-2025-15493 (A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted e ...)
-	TODO: check
+	NOT-FOR-US: RainyGao DocSys
 CVE-2025-15492 (A vulnerability was detected in RainyGao DocSys up to 2.02.36. The aff ...)
-	TODO: check
+	NOT-FOR-US: RainyGao DocSys
 CVE-2025-15035 (Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 ( ...)
 	NOT-FOR-US: TP-Link
 CVE-2025-14598 (BeeS Software Solutions BET Portal contains an SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: BeeS Software Solutions BET Portal
 CVE-2025-14172 (The WP Page Permalink Extension plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13967 (The Woodpecker for WordPress plugin for WordPress is vulnerable to Sto ...)
@@ -133,7 +133,7 @@ CVE-2025-13701 (The Shabat Keeper plugin for WordPress is vulnerable to Reflecte
 CVE-2025-11453 (The Header and Footer Scripts plugin for WordPress is vulnerable to St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2020-36875 (AccessAlly WordPress plugin versions prior to3.3.2 contain an unauthen ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14459
 	NOT-FOR-US: Red Hat virt-cdi-controller
 CVE-2025-51602 [vlc MMS out of bounds read]
@@ -211,7 +211,7 @@ CVE-2025-68716 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH
 CVE-2025-66315 (There is a configuration defect vulnerability in the version server of ...)
 	NOT-FOR-US: ZTE
 CVE-2025-15464 (Exported Activity allows external applications to gain application con ...)
-	TODO: check
+	NOT-FOR-US: yintibao Fun Print Mobile
 CVE-2025-15057 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-15055 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b59b49544d42a8ba5a16770c9e80eea4bde1add

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b59b49544d42a8ba5a16770c9e80eea4bde1add
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260109/7f935f3b/attachment.htm>

More information about the debian-security-tracker-commits mailing list