[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 23 21:19:48 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd80e742 by Salvatore Bonaccorso at 2026-01-23T22:19:20+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -225,39 +225,39 @@ CVE-2026-0994 (A denial-of-service (DoS) vulnerability exists in google.protobuf
CVE-2026-0914 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-71177 (LavaLite CMS versions up to and including 10.1.0 contain a stored cros ...)
- TODO: check
+ NOT-FOR-US: LavaLite CMS
CVE-2025-70986 (Incorrect access control in the selectDept function of RuoYi v4.8.2 al ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2025-70985 (Incorrect access control in the update function of RuoYi v4.8.2 allows ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2025-70983 (Incorrect access control in the authRoutes function of SpringBlade v4. ...)
- TODO: check
+ NOT-FOR-US: SpringBlade
CVE-2025-69908 (An unauthenticated information disclosure vulnerability in Newgen Omni ...)
- TODO: check
+ NOT-FOR-US: Newgen OmniApp
CVE-2025-69907 (An unauthenticated information disclosure vulnerability exists in Newg ...)
- TODO: check
+ NOT-FOR-US: Newgen OmniDocs
CVE-2025-67231 (A reflected cross-site scripting (XSS) vulnerability in ToDesktop Buil ...)
- TODO: check
+ NOT-FOR-US: ToDesktop Builder
CVE-2025-67230 (Improper permissions in the handler for the Custom URL Scheme in ToDes ...)
- TODO: check
+ NOT-FOR-US: ToDesktop Builder
CVE-2025-67229 (An improper certificate validation vulnerability exists in ToDesktop B ...)
- TODO: check
+ NOT-FOR-US: ToDesktop Builder
CVE-2025-67125 (A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in ...)
TODO: check
CVE-2025-67124 (A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finaliz ...)
- TODO: check
+ NOT-FOR-US: svenstaro/miniserve
CVE-2025-66720 (Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/pro ...)
NOT-FOR-US: Free5GC
CVE-2025-66719 (An issue was discovered in Free5gc NRF 1.4.0. In the access-token gene ...)
NOT-FOR-US: Free5GC
CVE-2025-4320 (Authentication Bypass by Primary Weakness, Weak Password Recovery Mech ...)
- TODO: check
+ NOT-FOR-US: Birebirsoft
CVE-2025-4319 (Improper Restriction of Excessive Authentication Attempts, Weak Passwo ...)
- TODO: check
+ NOT-FOR-US: Birebirsoft
CVE-2025-46699 (Dell Data Protection Advisor, versions prior to 19.12, contains an Imp ...)
NOT-FOR-US: Dell / EMC
CVE-2025-2204 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Tapandsign
CVE-2025-14947 (The All-in-One Video Gallery plugin for WordPress is vulnerable to una ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14866 (The Melapress Role Editor plugin for WordPress is vulnerable to Privil ...)
@@ -281,23 +281,23 @@ CVE-2021-47897 (PEEL Shopping 9.3.0 contains a stored cross-site scripting vulne
CVE-2021-47896 (PDF Complete Corporate Edition 4.1.45 contains an unquoted service pat ...)
NOT-FOR-US: PDF Complete Corporate Edition
CVE-2021-47895 (Nsauditor 3.2.2.0 contains a denial of service vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2021-47894 (Managed Switch Port Mapping Tool 2.85.2 contains a denial of service v ...)
- TODO: check
+ NOT-FOR-US: Managed Switch Port Mapping Tool
CVE-2021-47893 (AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: AgataSoft PingMaster Pro
CVE-2021-47892 (PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerabili ...)
- TODO: check
+ NOT-FOR-US: PEEL Shopping
CVE-2021-47891 (Unified Remote 3.9.0.2463 contains a remote code execution vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Unified Remote
CVE-2021-47890 (LogonExpert 8.1 contains an unquoted service path vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: LogonExpert
CVE-2021-47889 (Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerab ...)
- TODO: check
+ NOT-FOR-US: Softros LAN Messenger
CVE-2021-47888 (Textpattern versions prior to 4.8.3 contain an authenticated remote co ...)
TODO: check
CVE-2021-47881 (dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer ov ...)
- TODO: check
+ NOT-FOR-US: dataSIMS Avionics ARINC 664-1
CVE-2018-25132 (MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulner ...)
NOT-FOR-US: MyBB
CVE-2018-25116 (MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vuln ...)
@@ -624,15 +624,15 @@ CVE-2025-9289 (A Cross-Site Scripting (XSS) vulnerability was identified in a pa
CVE-2025-67847 (A flaw was found in Moodle. An attacker with access to the restore int ...)
- moodle <removed>
CVE-2025-67652 (An attacker with access to the project file could use the exposed cre ...)
- TODO: check
+ NOT-FOR-US: CLICK Programmable Logic Controller
CVE-2025-55705 (This vulnerability occurs when the system permits multiple simultaneou ...)
- TODO: check
+ NOT-FOR-US: EVMAPA
CVE-2025-54816 (This vulnerability occurs when a WebSocket endpoint does not enforce ...)
- TODO: check
+ NOT-FOR-US: EVMAPA
CVE-2025-53968 (This vulnerability arises because there are no limitations on the numb ...)
- TODO: check
+ NOT-FOR-US: EVMAPA
CVE-2025-25051 (An attacker could decrypt sensitive data, impersonate legitimate users ...)
- TODO: check
+ NOT-FOR-US: CLICK Programmable Logic Controller
CVE-2025-22234 (The fix applied in CVE-2025-22228 inadvertently broke the timing attac ...)
TODO: check
CVE-2025-15522 (The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks & ...)
@@ -646,20 +646,20 @@ CVE-2025-15349 (Anritsu ShockLine SCPI Race Condition Remote Code Execution Vuln
CVE-2025-15348 (Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data R ...)
NOT-FOR-US: Anritsu
CVE-2025-15063 (Ollama MCP Server execAsync Command Injection Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Ollama MCP Server
CVE-2025-15062 (Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Trimble
CVE-2025-15061 (Framelink Figma MCP Server fetchWithRetry Command Injection Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Framelink Figma MCP Server
CVE-2025-15059 (GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
- gimp <unfixed> (bug #1126267)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1196/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e
CVE-2025-14751 (A low-privileged user can bypass account credentials without confirmin ...)
- TODO: check
+ NOT-FOR-US: Weintek cMT X Series HMI EasyWeb Service
CVE-2025-14750 (The web application does not sufficiently verify inputs that are assum ...)
- TODO: check
+ NOT-FOR-US: Weintek cMT X Series HMI EasyWeb Service
CVE-2025-14745 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14069 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)
@@ -368763,7 +368763,7 @@ CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse
NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4
NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9)
CVE-2022-25369 (An issue was discovered in Dynamicweb before 9.12.8. An attacker can a ...)
- TODO: check
+ NOT-FOR-US: Dynamicweb
CVE-2022-25368 (Spectre BHB is a variant of Spectre-v2 in which malicious code uses th ...)
NOTE: https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html
NOTE: This is a CVE specific for the impact of Spectre-BHB on Ampere
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd80e742de4ba5039dec189461c847d174009b7d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd80e742de4ba5039dec189461c847d174009b7d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/f737e41d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list