[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Wed Jan 14 20:14:26 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8481d8e3 by security tracker role at 2026-01-14T20:14:15+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-23550 (Incorrect Privilege Assignment vulnerability in Modular DS allows Priv ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23498 (Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, ...)
 	TODO: check
 CVE-2026-23497 (Frappe Learning Management System (LMS) is a learning system that help ...)
@@ -67,11 +67,11 @@ CVE-2025-71165 (Typesetter CMS versions up to and including 5.1 contain a reflec
 CVE-2025-71164 (Typesetter CMS versions up to and including 5.1 contain a reflected cr ...)
 	TODO: check
 CVE-2025-71021 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-70968 (FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE( ...)
 	TODO: check
 CVE-2025-70747 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-67835 (Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service ...)
 	TODO: check
 CVE-2025-67834 (Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthe ...)
@@ -91,21 +91,21 @@ CVE-2025-63644 (A stored cross-site scripting (XSS) vulnerability exists in pH7S
 CVE-2025-56226 (Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3 ...)
 	TODO: check
 CVE-2025-37185 (Vulnerabilities in the web-based management interface of EdgeConnect S ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2025-37184 (A vulnerability exists in an Orchestrator service that could allow an  ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2025-37183 (Vulnerabilities in the web-based management interface of EdgeConnect S ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2025-37182 (Vulnerabilities in the web-based management interface of EdgeConnect S ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2025-37181 (Vulnerabilities in the web-based management interface of EdgeConnect S ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2025-33206 (NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an att ...)
 	TODO: check
 CVE-2025-14557 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-14556 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-14317 (In Crazy Bubble Tea mobile application authenticated attacker canobtai ...)
 	TODO: check
 CVE-2025-14242 (A flaw was found in vsftpd. This vulnerability allows a denial of serv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8481d8e339a82e15d1ffe32c6eec6af19c2b5243

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8481d8e339a82e15d1ffe32c6eec6af19c2b5243
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260114/7f16b5bb/attachment.htm>
