[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 07 Jan 2026 13:44:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4824ed87 by Salvatore Bonaccorso at 2026-01-07T22:43:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,7 @@ CVE-2026-0668 (Inefficient Regular Expression Complexity 
vulnerability in Wikime
 CVE-2026-0618 (Cross-site Scripting vulnerability in Devolutions PowerShell 
Universal ...)
        NOT-FOR-US: Devolutions
 CVE-2025-6225 (Kieback&Peter Neutrino-GLT product is used for building 
management. It ...)
-       TODO: check
+       NOT-FOR-US: Kieback & Peter Neutrino-GLT product
 CVE-2025-69344 (Missing Authorization vulnerability in ThemeHunk Oneline Lite 
allows E ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69333 (Missing Authorization vulnerability in Crocoblock JetEngine 
allows Exp ...)
@@ -79,35 +79,35 @@ CVE-2025-69081 (Improper Control of Filename for 
Include/Require Statement in PH
 CVE-2025-69080 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68637 (The Uniffle HTTP client is configured to trust all SSL 
certificates an ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-67366 (@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that 
provides file c ...)
-       TODO: check
+       NOT-FOR-US: sylphxltd/filesystem-mcp
 CVE-2025-67364 (fast-filesystem-mcp version 3.4.0 contains a critical path 
traversal v ...)
-       TODO: check
+       NOT-FOR-US: fast-filesystem-mcp
 CVE-2025-66838 (In Aris v10.0.23.0.3587512 and before, the file upload 
functionality d ...)
-       TODO: check
+       NOT-FOR-US: Aris
 CVE-2025-66837 (A file upload vulnerability in ARIS 10.0.23.0.3587512 allows 
attackers ...)
-       TODO: check
+       NOT-FOR-US: Aris
 CVE-2025-66786 (OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error 
when proces ...)
-       TODO: check
+       NOT-FOR-US: OpenAirInterface CN5G AMF
 CVE-2025-66686 (A stored Cross-Site Scripting (XSS) vulnerability exists in 
Perch CMS  ...)
-       TODO: check
+       NOT-FOR-US: Perch CMS
 CVE-2025-66560 (Quarkus is a Cloud Native, (Linux) Container First framework 
for writi ...)
-       TODO: check
+       NOT-FOR-US: Quarkus
 CVE-2025-65805 (OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: OpenAirInterface CN5G AMF
 CVE-2025-62327 (In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM 
configur ...)
        NOT-FOR-US: HCL
 CVE-2025-61939 (An unused function in MicroServer can start a reverse SSH 
connection t ...)
-       TODO: check
+       NOT-FOR-US: Columbia Weather Systems
 CVE-2025-61782 (OpenCTI is an open source platform for managing cyber threat 
intellige ...)
-       TODO: check
+       NOT-FOR-US: OpenCTI
 CVE-2025-61492 (A command injection vulnerability in the execute_command 
function of t ...)
-       TODO: check
+       NOT-FOR-US: terminal-controller-mcp
 CVE-2025-61489 (A command injection vulnerability in the shell_exec function 
of soniri ...)
-       TODO: check
+       NOT-FOR-US: sonirico mcp-shell
 CVE-2025-58441 (Knowage is an open source analytics and business intelligence 
suite. P ...)
-       TODO: check
+       NOT-FOR-US: Knowage
 CVE-2025-4677 (Insufficient Session Expiration vulnerability in ABB WebPro 
SNMP Card  ...)
        NOT-FOR-US: ABB group
 CVE-2025-4676 (Incorrect Implementation of Authentication Algorithm 
vulnerability in  ...)
@@ -131,7 +131,7 @@ CVE-2025-32300 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-31643 (Incorrect Privilege Assignment vulnerability in Dasinfomedia 
WPCHURCH  ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-15479 (Stored cross-site scripting (XSS, CWE-79) in the survey 
content and ad ...)
-       TODO: check
+       NOT-FOR-US: Data Illusion Zumbrunn NGSurvey Enterprise Edition
 CVE-2025-15158 (The WP Enable WebP plugin for WordPress is vulnerable to 
arbitrary fil ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-15058 (The Responsive Pricing Table plugin for WordPress is 
vulnerable to Sto ...)
@@ -419,7 +419,7 @@ CVE-2025-11235 (Unverified Password Change vulnerability in 
Progress MOVEit Tran
 CVE-2025-0980 (Nokia SR Linux is vulnerable to an authentication vulnerability 
allowi ...)
        NOT-FOR-US: Nokia
 CVE-2024-14020 (A weakness has been identified in carboneio carbone up to 
fbcd349077ad ...)
-       TODO: check
+       NOT-FOR-US: carboneio carbone
 CVE-2025-15224 [libssh key passphrase bypass without agent set]
        - curl <unfixed> (unimportant)
        NOTE: https://curl.se/docs/CVE-2025-15224.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4824ed87d750fd33713258af64c01c6a7532f814

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4824ed87d750fd33713258af64c01c6a7532f814
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to