[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 13 20:54:38 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4de8a68 by Salvatore Bonaccorso at 2026-01-13T21:54:09+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -290,7 +290,7 @@ CVE-2026-0386 (Improper access control in Windows Deployment Services allows an
 CVE-2025-9435 (Zohocorp ManageEngine ADManager Plus versions below7230are vulnerable  ...)
 	NOT-FOR-US: Zoho
 CVE-2025-9427 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8090 (Null pointer dereference in the MsgRegisterEvent() system call could a ...)
 	NOT-FOR-US: Blackberry
 CVE-2025-71027 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow  ...)
@@ -312,37 +312,37 @@ CVE-2025-69991 (phpgurukul News Portal Project V4.1 is vulnerable to SQL Injecti
 CVE-2025-69990 (phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vul ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-68949 (n8n is an open source workflow automation platform. From 1.36.0 to bef ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2025-68931 (Jervis is a library for Job DSL plugin scripts and shared Jenkins pipe ...)
-	TODO: check
+	NOT-FOR-US: Jervis
 CVE-2025-68925 (Jervis is a library for Job DSL plugin scripts and shared Jenkins pipe ...)
-	TODO: check
+	NOT-FOR-US: Jervis
 CVE-2025-68707 (An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Ro ...)
-	TODO: check
+	NOT-FOR-US: Tongyu
 CVE-2025-68704 (Jervis is a library for Job DSL plugin scripts and shared Jenkins pipe ...)
-	TODO: check
+	NOT-FOR-US: Jervis
 CVE-2025-68703 (Jervis is a library for Job DSL plugin scripts and shared Jenkins pipe ...)
-	TODO: check
+	NOT-FOR-US: Jervis
 CVE-2025-68702 (Jervis is a library for Job DSL plugin scripts and shared Jenkins pipe ...)
-	TODO: check
+	NOT-FOR-US: Jervis
 CVE-2025-68701 (Jervis is a library for Job DSL plugin scripts and shared Jenkins pipe ...)
-	TODO: check
+	NOT-FOR-US: Jervis
 CVE-2025-68698 (Jervis is a library for Job DSL plugin scripts and shared Jenkins pipe ...)
-	TODO: check
+	NOT-FOR-US: Jervis
 CVE-2025-68271 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
-	TODO: check
+	NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-67685 (A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerabi ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-66698 (An issue in Semantic machines v5.4.8 allows attackers to bypass authen ...)
-	TODO: check
+	NOT-FOR-US: Semantic
 CVE-2025-65784 (Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1 ...)
-	TODO: check
+	NOT-FOR-US: Hubert Imoveis e Administracao Ltda Hub
 CVE-2025-65783 (An arbitrary file upload vulnerability in the /utils/uploadFile compon ...)
-	TODO: check
+	NOT-FOR-US: Hubert Imoveis e Administracao Ltda Hub
 CVE-2025-64155 (An improper neutralization of special elements used in an os command ( ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-62182 (Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affe ...)
-	TODO: check
+	NOT-FOR-US: Pega
 CVE-2025-59922 (An improper neutralization of special elements used in an SQL command  ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-59022 (Backend users who had access to the recycler module could delete arbit ...)
@@ -358,7 +358,7 @@ CVE-2025-58411 (Software installed and run as a non-privileged user may conduct
 CVE-2025-58409 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2025-55462 (A CORS misconfiguration in Eramba Community and Enterprise Editions v3 ...)
-	TODO: check
+	NOT-FOR-US: Eramba
 CVE-2025-47855 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-46685 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a  ...)
@@ -380,9 +380,9 @@ CVE-2025-37166 (A vulnerability affecting HPE Networking Instant On Access Point
 CVE-2025-37165 (A vulnerability in the router mode configuration of HPE Instant On Acc ...)
 	NOT-FOR-US: HPE
 CVE-2025-36640 (A vulnerability has been identified in the installation/uninstallation ...)
-	TODO: check
+	NOT-FOR-US: Tenable Nessus Agent
 CVE-2025-25652 (In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File"  ...)
-	TODO: check
+	NOT-FOR-US: Eptura Archibus
 CVE-2025-25249 (A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 t ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-25176 (Intermediate register values of secure workloads can be exfiltrated in ...)
@@ -404,7 +404,7 @@ CVE-2025-11250 (Zohocorp ManageEngine ADSelfService Plus versions before 6519 ar
 CVE-2025-10865 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2024-54855 (fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to conta ...)
-	TODO: check
+	NOT-FOR-US: fabricators Ltd Vanilla OS 2 Core image
 CVE-2025-71101 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -910,9 +910,9 @@ CVE-2026-0492 (SAP HANA database is vulnerable to privilege escalation allowing
 CVE-2026-0491 (SAP Landscape Transformation allows an attacker with admin privileges  ...)
 	NOT-FOR-US: SAP
 CVE-2025-67147 (Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Ma ...)
-	TODO: check
+	NOT-FOR-US: amansuryawanshi Gym-Management-System-PHP
 CVE-2025-67146 (Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MAN ...)
-	TODO: check
+	NOT-FOR-US: AbhishekMali21 GYM-MANAGEMENT-SYSTEM
 CVE-2025-66177 (There is a Stack overflow Vulnerability in the device Search and Disco ...)
 	NOT-FOR-US: Hikvision
 CVE-2025-66176 (There is a Stack overflow Vulnerability in the device Search and Disco ...)
@@ -920,7 +920,7 @@ CVE-2025-66176 (There is a Stack overflow Vulnerability in the device Search and
 CVE-2025-41717 (An unauthenticated remote attacker can trick a high privileged user in ...)
 	NOT-FOR-US: Phoenix Contact
 CVE-2025-29329 (Buffer Overflow in the ippprint (Internet Printing Protocol) service i ...)
-	TODO: check
+	NOT-FOR-US: Sagemcom
 CVE-2025-15514 (Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointe ...)
 	- ollama <itp> (bug #1094806)
 CVE-2025-14829 (The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4de8a68eb9d1b97fb929d26a6f89df4dff657b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4de8a68eb9d1b97fb929d26a6f89df4dff657b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260113/dc526cdd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list