[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 21 21:11:56 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81b6efca by Salvatore Bonaccorso at 2026-01-21T22:11:23+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2024-31884
 	NOTE: https://github.com/ceph/ceph/pull/66142
 	NOTE: Fixed by: https://github.com/ceph/ceph/commit/5081933c9a0068fe9deba4fca2d943bda3168518
 CVE-2026-23955 (EVerest is an EV charging software stack. Prior to version 2025.9.0, i ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-23755 (D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled s ...)
 	NOT-FOR-US: D-Link
 CVE-2026-23754 (D-Link D-View 8 versions 2.0.1.107 and below contain an improper acces ...)
@@ -21,7 +21,7 @@ CVE-2026-20055 (Multiple vulnerabilities in the web-based management interface o
 CVE-2026-20045 (A vulnerability in Cisco Unified Communications Manager (Unified CM),  ...)
 	TODO: check
 CVE-2026-1290 (Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf P ...)
-	TODO: check
+	NOT-FOR-US: Jamf
 CVE-2026-0834 (Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (T ...)
 	NOT-FOR-US: TP-Link
 CVE-2026-0663 (Denial-of-service vulnerability in M-Files Server versions before26.1. ...)
@@ -47,29 +47,29 @@ CVE-2025-69762 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in for
 CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration files of th ...)
 	TODO: check
 CVE-2025-68141 (EVerest is an EV charging software stack. Prior to version 2025.10.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-68140 (EVerest is an EV charging software stack. Prior to version 2025.9.0, o ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-68139 (EVerest is an EV charging software stack. In all versions up to and in ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-68138 (EVerest is an EV charging software stack, and EVerest libocpp is a C++ ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-68137 (EVerest is an EV charging software stack. Prior to version 2025.10.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-68136 (EVerest is an EV charging software stack. Prior to version 2025.10.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-68135 (EVerest is an EV charging software stack. Prior to version 2025.10.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-68134 (EVerest is an EV charging software stack. Prior to version 2025.10.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-68132 (EVerest is an EV charging software stack. Prior to version 2025.12.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-66960 (An issue in ollama v.0.12.10 allows a remote attacker to cause a denia ...)
 	TODO: check
 CVE-2025-66959 (An issue in ollama v.0.12.10 allows a remote attacker to cause a denia ...)
 	TODO: check
 CVE-2025-57681 (The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before ...)
-	TODO: check
+	NOT-FOR-US: WorklogPRO Timesheets for Jira plugin
 CVE-2025-13878 (Malformed BRID/HHIT records can cause `named` to terminate unexpectedl ...)
 	- bind9 <unfixed>
 	NOTE: https://kb.isc.org/docs/cve-2025-13878
@@ -204,7 +204,7 @@ CVE-2026-24021
 CVE-2026-24020
 	REJECTED
 CVE-2026-24016 (The installer of ServerView Agents for Windows provided by Fsas Techno ...)
-	TODO: check
+	NOT-FOR-US: Fsas Technologies
 CVE-2026-22976 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/c1d73b1480235731e35c81df70b08f4714a7d095 (6.19-rc5)
@@ -357,15 +357,15 @@ CVE-2026-21923 (Vulnerability in the Oracle Life Sciences Central Designer produ
 CVE-2026-21922 (Vulnerability in the Oracle Planning and Budgeting Cloud Service produ ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21664 (HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has report ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2026-21663 (HackerOne community member Patrick Lang (7yr) has reported a reflected ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2026-21642 (HackerOne community member Patrick Lang (7yr) has reported a reflected ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2026-21641 (HackerOne community member Jad Ghamloush (0xjad) has reported an autho ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2026-21640 (HackerOne community member Faraz Ahmed (PakCyberbot) has reported a fo ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2026-1035 (A flaw was found in the Keycloak server during refresh token processin ...)
 	TODO: check
 CVE-2026-0933 (SummaryA command injection vulnerability (CWE-78) has been found to ex ...)
@@ -375,29 +375,29 @@ CVE-2026-0865 (User-controlled header names and values containing newlines can a
 CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values and para ...)
 	TODO: check
 CVE-2025-68133 (EVerest is an EV charging software stack. In versions 2025.9.0 and bel ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2025-66902 (An input validation issue in in Pithikos websocket-server v.0.6.4 allo ...)
-	TODO: check
+	NOT-FOR-US: Pithikos websocket-server
 CVE-2025-66692 (A buffer over-read in the PublicKey::verify() method of Binance - Trus ...)
 	TODO: check
 CVE-2025-63648 (A NULL pointer dereference in the dacp_reply_playqueueedit_move functi ...)
-	TODO: check
+	NOT-FOR-US: owntone-server
 CVE-2025-63647 (A NULL pointer dereference in the parse_meta function (src/httpd_daap. ...)
-	TODO: check
+	NOT-FOR-US: owntone-server
 CVE-2025-58744 (Use of Default Credentials, Hard-coded Credentials vulnerability inC2S ...)
-	TODO: check
+	NOT-FOR-US: ImageDirector Capture
 CVE-2025-58743 (Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability   ...)
-	TODO: check
+	NOT-FOR-US: ImageDirector Capture
 CVE-2025-58742 (Insufficiently Protected Credentials, Improper Restriction of Communic ...)
-	TODO: check
+	NOT-FOR-US: ImageDirector Capture
 CVE-2025-58741 (Insufficiently Protected Credentials vulnerability in the Credential F ...)
-	TODO: check
+	NOT-FOR-US: ImageDirector Capture
 CVE-2025-58740 (The use of a hard-coded encryption key in calls to the Password functi ...)
-	TODO: check
+	NOT-FOR-US: ImageDirector Capture
 CVE-2025-57156 (NULL pointer dereference in the dacp_reply_playqueueedit_clear functio ...)
-	TODO: check
+	NOT-FOR-US: owntone-server
 CVE-2025-57155 (NULL pointer dereference in the daap_reply_groups function in src/http ...)
-	TODO: check
+	NOT-FOR-US: owntone-server
 CVE-2025-15521 (The Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Sol ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-15367 (The poplib module, when passed a user-controlled command, can have add ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81b6efcaaf3a431bcc3d37d6d3af580a206dcb99

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81b6efcaaf3a431bcc3d37d6d3af580a206dcb99
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260121/100bdd38/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list