[Git][security-tracker-team/security-tracker][master] Process some new NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 12 20:50:40 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7879887 by Salvatore Bonaccorso at 2026-01-12T21:50:20+01:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58,55 +58,55 @@ CVE-2025-68276 (Avahi is a system which facilitates service discovery on a local
 	NOTE: https://github.com/avahi/avahi/pull/806
 	NOTE: Fixed by: https://github.com/avahi/avahi/commit/2d48e42d44a183f26a4d12d1f5d41abb9b7c6355
 CVE-2025-67813 (Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions o ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Desktop Authority
 CVE-2025-66939 (Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 ...)
-	TODO: check
+	NOT-FOR-US: 66biolinks by AltumCode
 CVE-2025-66802 (Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RC ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-66689 (A path traversal vulnerability exists in Zen MCP Server before 9.8.2 t ...)
-	TODO: check
+	NOT-FOR-US: Zen MCP Server
 CVE-2025-65553 (D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jam ...)
-	TODO: check
+	NOT-FOR-US: D3D Wi-Fi Home Security System ZX-G12
 CVE-2025-65552 (D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF repla ...)
-	TODO: check
+	NOT-FOR-US: D3D Wi-Fi Home Security System ZX-G12
 CVE-2025-63314 (A static password reset token in the password reset function of DDSN I ...)
-	TODO: check
+	NOT-FOR-US: DDSN Interactive Acora CMS
 CVE-2025-51567 (A SQL Injection was found in the /exam/user/profile.php page of kaship ...)
-	TODO: check
+	NOT-FOR-US: kashipara Online Exam System
 CVE-2025-46070 (An issue in Automai BotManager v.25.2.0 allows a remote attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: Automai BotManager
 CVE-2025-46068 (An issue in Automai Director v.25.2.0 allows a remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: Automai Director
 CVE-2025-46067 (An issue in Automai Director v.25.2.0 allows a remote attacker to esca ...)
-	TODO: check
+	NOT-FOR-US: Automai Director
 CVE-2025-46066 (An issue in Automai Director v.25.2.0 allows a remote attacker to esca ...)
-	TODO: check
+	NOT-FOR-US: Automai Director
 CVE-2025-41078 (Weaknesses in the authorization mechanisms of Viafirma Documents v3.7. ...)
-	TODO: check
+	NOT-FOR-US: Viafirma Documents
 CVE-2025-41077 (IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allow ...)
-	TODO: check
+	NOT-FOR-US: Viafirma Inbox
 CVE-2025-41006 (Imaster's MEMS Events CRM contains an SQL injection vulnerability in \ ...)
-	TODO: check
+	NOT-FOR-US: Imaster MEMS Events CRM
 CVE-2025-41005 (Imaster's MEMS Events CRM contains an SQL injection vulnerability in\u ...)
-	TODO: check
+	NOT-FOR-US: Imaster MEMS Events CRM
 CVE-2025-41004 (Imaster's Patient Records Management System is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Imaster Patient Records Management System
 CVE-2025-41003 (Imaster's Patient Record Management System contains a stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: Imaster Patient Records Management System
 CVE-2025-40978 (Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceG ...)
-	TODO: check
+	NOT-FOR-US: WorkDo eCommerceGo SaaS
 CVE-2025-40977 (Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceG ...)
-	TODO: check
+	NOT-FOR-US: WorkDo eCommerceGo SaaS
 CVE-2025-40976 (Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo,  ...)
-	TODO: check
+	NOT-FOR-US: WorkDo
 CVE-2025-40975 (Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, con ...)
-	TODO: check
+	NOT-FOR-US: WorkDo
 CVE-2025-14470
 	REJECTED
 CVE-2025-14279 (MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebind ...)
-	TODO: check
+	NOT-FOR-US: MLFlow
 CVE-2023-36331 (Incorrect access control in the /member/orderList API of xmall v1.1 al ...)
-	TODO: check
+	NOT-FOR-US: xmall
 CVE-2026-0855 (Certain IP Camera models developed by Merit LILIN has a OS Command Inj ...)
 	NOT-FOR-US: Merit LILIN
 CVE-2026-0854 (Certain DVR/NVR models developed by Merit LILIN has a OS Command Injec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a78798875ff5a13febe137491e7c0b09a76e9cd7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a78798875ff5a13febe137491e7c0b09a76e9cd7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260112/dc1df478/attachment.htm>

More information about the debian-security-tracker-commits mailing list