Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b86a1581 by Salvatore Bonaccorso at 2026-01-06T21:35:04+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -81,19 +81,19 @@ CVE-2025-69084 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-69083 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-65212 (An issue was discovered in NJHYST HY511 POE core before 2.1
and plugin ...)
- TODO: check
+ NOT-FOR-US: NJHYST HY511 POE core
CVE-2025-63083 (Lack of output escaping leads to a XSS vector in the pagebreak
plugin.)
NOT-FOR-US: Joomla
CVE-2025-63082 (Lack of input filtering leads to an XSS vector in the HTML
filter code ...)
NOT-FOR-US: Joomla
CVE-2025-60534 (Blue Access Cobalt v02.000.195 suffers from an authentication
bypass v ...)
- TODO: check
+ NOT-FOR-US: Blue Access Cobalt
CVE-2025-60262 (An issue in H3C M102G HM1A0V200R010 wireless controller and
BA1500L SW ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2025-5919 (The Appointment Booking and Scheduling Calendar Plugin \u2013
WP Timet ...)
NOT-FOR-US: WordPress plugin
CVE-2025-59379 (DwyerOmega Isensix Advanced Remote Monitoring System (ARMS)
1.5.7 allo ...)
- TODO: check
+ NOT-FOR-US: DwyerOmega Isensix Advanced Remote Monitoring System (ARMS)
CVE-2025-47553 (Deserialization of Untrusted Data vulnerability in Digital
zoom studio ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46696 (Dell Secure Connect Gateway (SCG) 5.0 Appliance and
Application, versi ...)
@@ -107,13 +107,13 @@ CVE-2025-32304 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-15382 (A heap buffer over-read vulnerability exists in the
wolfSSH_CleanPath( ...)
TODO: check
CVE-2025-14979 (AirVPN Eddie on MacOS contains an insecure XPC service that
allows loc ...)
- TODO: check
+ NOT-FOR-US: AirVPN Eddie on MacOS
CVE-2025-14942 (wolfSSH\u2019s key exchange state machine can be manipulated
to leak t ...)
TODO: check
CVE-2025-14552 (The MediaPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14026 (Forcepoint One DLP Client, version 23.04.5642 (and possibly
newer vers ...)
- TODO: check
+ NOT-FOR-US: Forcepoint One DLP Client
CVE-2025-13964 (The LearnPress \u2013 WordPress LMS Plugin plugin for
WordPress is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13766 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses
and Edu ...)
@@ -125,43 +125,43 @@ CVE-2024-30547 (Improper Neutralization of Input During
Web Page Generation (XSS
CVE-2023-5069
REJECTED
CVE-2020-36925 (Arteco Web Client DVR/NVR contains a session hijacking
vulnerability w ...)
- TODO: check
+ NOT-FOR-US: Arteco Web Client DVR/NVR
CVE-2020-36924 (Sony BRAVIA Digital Signage 1.7.8 contains a remote file
inclusion vul ...)
- TODO: check
+ NOT-FOR-US: Sony
CVE-2020-36923 (Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct
object r ...)
- TODO: check
+ NOT-FOR-US: Sony
CVE-2020-36922 (Sony BRAVIA Digital Signage 1.7.8 contains an information
disclosure v ...)
- TODO: check
+ NOT-FOR-US: Sony
CVE-2020-36921 (RED-V Super Digital Signage System 5.1.1 contains an
information discl ...)
- TODO: check
+ NOT-FOR-US: RED-V Super Digital Signage System
CVE-2020-36920 (iDS6 DSSPro Digital Signage System 6.2 contains an improper
access con ...)
- TODO: check
+ NOT-FOR-US: iDS6 DSSPro Digital Signage System
CVE-2020-36918 (iDS6 DSSPro Digital Signage System 6.2 contains a cross-site
request f ...)
- TODO: check
+ NOT-FOR-US: iDS6 DSSPro Digital Signage System
CVE-2020-36917 (iDS6 DSSPro Digital Signage System 6.2 contains a sensitive
informatio ...)
- TODO: check
+ NOT-FOR-US: iDS6 DSSPro Digital Signage System
CVE-2020-36916 (TDM Digital Signage PC Player 4.1.0.4 contains an elevation of
privile ...)
- TODO: check
+ NOT-FOR-US: TDM Digital Signage PC Player
CVE-2020-36915 (Adtec Digital SignEdje Digital Signage Player v2.08.28
contains multip ...)
- TODO: check
+ NOT-FOR-US: Adtec Digital SignEdje Digital Signage Player
CVE-2020-36914 (QiHang Media Web Digital Signage 3.0.9 contains a sensitive
informatio ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36913 (All-Dynamics Software enlogic:show 2.0.2 contains a session
fixation v ...)
- TODO: check
+ NOT-FOR-US: All-Dynamics Software
CVE-2020-36912 (Plexus anblick Digital Signage Management 3.1.13 contains an
open redi ...)
- TODO: check
+ NOT-FOR-US: Plexus anblick Digital Signage Management
CVE-2020-36910 (Cayin Signage Media Player 3.0 contains an authenticated
remote comman ...)
- TODO: check
+ NOT-FOR-US: Cayin Signage Media Player
CVE-2020-36909 (SnapGear Management Console SG560 3.1.5 contains a file
manipulation v ...)
- TODO: check
+ NOT-FOR-US: SnapGear Management Console
CVE-2020-36908 (SnapGear Management Console SG560 version 3.1.5 contains a
cross-site ...)
- TODO: check
+ NOT-FOR-US: SnapGear Management Console
CVE-2020-36907 (Aerohive HiveOS contains a denial of service vulnerability in
the NetC ...)
- TODO: check
+ NOT-FOR-US: Aerohive HiveOS
CVE-2020-36906 (P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request
forgery v ...)
- TODO: check
+ NOT-FOR-US: P5 FNIP-8x16A FNIP-4xSH
CVE-2020-36905 (FIBARO System Home Center 5.021 contains a remote file
inclusion vulne ...)
- TODO: check
+ NOT-FOR-US: FIBARO System Home Center
CVE-2026-21750
REJECTED
CVE-2026-21749
@@ -195,9 +195,9 @@ CVE-2026-21486 (iccDEV provides a set of libraries and
tools for working with IC
CVE-2026-21485 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
NOT-FOR-US: iccDEV
CVE-2026-21439 (badkeys is a tool and library for checking cryptographic
public keys f ...)
- TODO: check
+ NOT-FOR-US: badkeys
CVE-2026-21411 (Authentication bypass issue exists in OpenBlocks series
versions prior ...)
- TODO: check
+ NOT-FOR-US: OpenBlocks IoT DX1
CVE-2026-0625 (Multiple D-Link DSL gateway devices contain a command injection
vulner ...)
NOT-FOR-US: D-Link
CVE-2026-0621 (Anthropic's MCP TypeScript SDK versions up to and including
1.25.1 con ...)
@@ -235,15 +235,15 @@ CVE-2025-66648 (vega-functions provides function
implementations for the Vega ex
CVE-2025-65110 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
TODO: check
CVE-2025-64425 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2025-64424 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2025-64423 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2025-64422 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2025-61916 (Spinnaker is an open source, multi-cloud continuous delivery
platform. ...)
- TODO: check
+ NOT-FOR-US: Spinnaker
CVE-2025-4776 (The Phlox theme for WordPress is vulnerable to Stored
Cross-Site Scrip ...)
NOT-FOR-US: WordPress plugin
CVE-2025-20807 (In dpe, there is a possible out of bounds write due to an
integer over ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b86a158167105c7a2ed30d08dc9d4fbdec9ab891
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b86a158167105c7a2ed30d08dc9d4fbdec9ab891
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
