[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 20 20:14:00 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc14eb0c by security tracker role at 2026-01-20T20:13:54+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-22844 (A Command Injection vulnerability in Zoom Node Multimedia Routers (MMR ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2026-1245 (A code injection vulnerability in the binary-parser library prior to v ...)
 	TODO: check
 CVE-2026-1183 (HTML injection vulnerability in multiple Botble products such as Trans ...)
@@ -7,35 +7,35 @@ CVE-2026-1183 (HTML injection vulnerability in multiple Botble products such as
 CVE-2026-1180 (A flaw was identified in Keycloak\u2019s OpenID Connect Dynamic Client ...)
 	TODO: check
 CVE-2026-0726 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0690 (The FlatPM \u2013 Ad Manager, AdSense and Custom Code plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0622 (Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever  ...)
 	TODO: check
 CVE-2026-0608 (The Head Meta Data plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0554 (The NotificationX plugin for WordPress is vulnerable to unauthorized m ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0548 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9466 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-9465 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-9464 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-9283 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-9282 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-9281 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-9280 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-9279 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-9278 (A security issue exists within ArmorStart\xae LT that can result in a  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-67824 (The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before ...)
 	TODO: check
 CVE-2025-67263 (Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-s ...)
@@ -127,37 +127,37 @@ CVE-2025-40644 (Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla'
 CVE-2025-36556 (A reflected cross-site scripting (xss) vulnerability exists in the lda ...)
 	TODO: check
 CVE-2025-36419 (IBM ApplinX 11.1 could disclose sensitive information about server arc ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36418 (IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36411 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery which cou ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36410 (IBM ApplinX 11.1 could allow an authenticated user to perform unauthor ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36409 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36408 (IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vu ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36397 (IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML inje ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36396 (IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-sit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36115 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36113 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36066 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36065 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36063 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36059 (IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Inte ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36058 (IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Inte ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-33233 (NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33231 (NVIDIA Nsight Systems for Windows contains a vulnerability in the appl ...)
 	TODO: check
 CVE-2025-33230 (NVIDIA Nsight Systems for Linux contains a vulnerability in the .run i ...)
@@ -167,37 +167,37 @@ CVE-2025-33229 (NVIDIA Nsight Visual Studio for Windows contains a vulnerability
 CVE-2025-33228 (NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot reci ...)
 	TODO: check
 CVE-2025-33015 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-1722 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtai ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-1719 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtai ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-15380 (The NotificationX \u2013 FOMO, Live Sales Notification, WooCommerce Sa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15347 (The Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15043 (The The Events Calendar plugin for WordPress is vulnerable to unauthor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14883
 	REJECTED
 CVE-2025-14533 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14377 (A security issue was discovered within the legacy Ansible playbook com ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-14376 (A security issue was discovered within the legacy ADI server component ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-14369 (dr_flac, an audio decoder within the dr_libs toolset, contains an inte ...)
 	TODO: check
 CVE-2025-14115 (IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-14027 (Multiple denial-of-service vulnerabilities exist in the affected produ ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-13925 (IBM Aspera Console 3.4.7 stores potentially sensitive information in l ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-12985 (IBM Licensing Operator incorrectly assigns privileges to security crit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-11743 (A denial-of-service security issue in the affected product. The securi ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-15281 (Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the ...)
 	- glibc <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2026/01/20/3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc14eb0c4c79f8e670401eeffbc489339d5f64e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc14eb0c4c79f8e670401eeffbc489339d5f64e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260120/6530e9c2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list