Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1b59b495 by Salvatore Bonaccorso at 2026-01-09T21:32:06+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-22198 (GestSup versions up to and including 3.2.56 contain a
pre-authenticati ...)
- TODO: check
+ NOT-FOR-US: GestSup
CVE-2026-22197 (GestSup versions up to and including 3.2.56 contain multiple
SQL injec ...)
- TODO: check
+ NOT-FOR-US: GestSup
CVE-2026-22196 (GestSup versions up to and including 3.2.56 contain a SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: GestSup
CVE-2026-22195 (GestSup versions up to and including 3.2.56 contain a SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: GestSup
CVE-2026-22194 (GestSup versions up to and including 3.2.56 contain a
cross-site reque ...)
- TODO: check
+ NOT-FOR-US: GestSup
CVE-2026-22082 (This vulnerability exists in Tenda wireless routers (300Mbps
Wireless ...)
NOT-FOR-US: Tenda
CVE-2026-22081 (This vulnerability exists in Tenda wireless routers (300Mbps
Wireless ...)
@@ -23,55 +23,55 @@ CVE-2026-0803 (A vulnerability was found in PHPGurukul
Online Course Registratio
CVE-2026-0627 (The AMP for WP plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7072 (The firmware in KAON CG3000TCand CG3000T routers contains
hard-coded c ...)
- TODO: check
+ NOT-FOR-US: KAON CG3000TC and CG3000T routers
CVE-2025-70161 (EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection.
This aris ...)
- TODO: check
+ NOT-FOR-US: EDIMAX
CVE-2025-69542 (A Command Injection Vulnerability has been discovered in the
DHCP daem ...)
NOT-FOR-US: D-Link
CVE-2025-69426 (The Ruckus vRIoT IoT Controller firmware versions prior to
3.0.0.0 (GA ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-69425 (The Ruckus vRIoT IoT Controllerfirmware versions prior to
3.0.0.0 (GA) ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-67811 (Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API
endpoints ...)
- TODO: check
+ NOT-FOR-US: Area9 Rhapsode
CVE-2025-67810 (In Area9 Rhapsode 1.47.3, an authenticated attacker can
exploit the op ...)
- TODO: check
+ NOT-FOR-US: Area9 Rhapsode
CVE-2025-67282 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple
Authorization Bypass ...)
- TODO: check
+ NOT-FOR-US: TIM
CVE-2025-67281 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: TIM
CVE-2025-67280 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate
Query Lang ...)
- TODO: check
+ NOT-FOR-US: TIM
CVE-2025-67279 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before
v.9.1.2 ...)
- TODO: check
+ NOT-FOR-US: TIM
CVE-2025-67278 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before
v.9.1.2 ...)
- TODO: check
+ NOT-FOR-US: TIM
CVE-2025-67133 (An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local
attacker to ...)
- TODO: check
+ NOT-FOR-US: Hero Motocorp Vida V1 Pro
CVE-2025-67070 (A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd
V2.800.00IB ...)
NOT-FOR-US: Intelbras
CVE-2025-67004 (An Information Disclosure vulnerability in CouchCMS 2.4 allow
an Admin ...)
- TODO: check
+ NOT-FOR-US: CouchCMS
CVE-2025-66744 (In Yonyou YonBIP v3 and before, the LoginWithV8 interface in
the serie ...)
- TODO: check
+ NOT-FOR-US: Yonyou YonBIP
CVE-2025-66715 (A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4
allows at ...)
- TODO: check
+ NOT-FOR-US: Axtion ODISSAAS ODIS
CVE-2025-66052 (Vivotek IP7137 camera with firmware version 0200a is
vulnerable to com ...)
- TODO: check
+ NOT-FOR-US: Vivotek IP7137 camera
CVE-2025-66051 (Vivotek IP7137 camera with firmware version 0200a is
vulnerable to pat ...)
- TODO: check
+ NOT-FOR-US: Vivotek IP7137 camera
CVE-2025-66050 (Vivotek IP7137 camera with firmware version 0200a by default
dos not r ...)
- TODO: check
+ NOT-FOR-US: Vivotek IP7137 camera
CVE-2025-66049 (VivotekIP7137camera with firmware version0200a is vulnerable
to an inf ...)
- TODO: check
+ NOT-FOR-US: Vivotek IP7137 camera
CVE-2025-64093 (Remote Code Execution vulnerability that allows
unauthenticated attack ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-64092 (This vulnerability allows unauthenticated attackers to inject
an SQL r ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-64091 (This vulnerability allows authenticated attackers to execute
commands ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-64090 (This vulnerability allows authenticated attackers to execute
commands ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-56225 (fluidsynth-2.4.6 and earlier versions is vulnerable to Null
pointer de ...)
TODO: check
CVE-2025-46676 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
@@ -83,19 +83,19 @@ CVE-2025-46644 (Dell PowerProtect Data Domain with Data
Domain Operating System
CVE-2025-46643 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
NOT-FOR-US: Dell / EMC
CVE-2025-15496 (A vulnerability was determined in guchengwuyue yshopmall up to
1.9.1. ...)
- TODO: check
+ NOT-FOR-US: guchengwuyue yshopmall
CVE-2025-15495 (A vulnerability was found in BiggiDroid Simple PHP CMS 1.0.
This impac ...)
- TODO: check
+ NOT-FOR-US: BiggiDroid Simple PHP CMS
CVE-2025-15494 (A vulnerability has been found in RainyGao DocSys up to
2.02.37. This ...)
- TODO: check
+ NOT-FOR-US: RainyGao DocSys
CVE-2025-15493 (A flaw has been found in RainyGao DocSys up to 2.02.36. The
impacted e ...)
- TODO: check
+ NOT-FOR-US: RainyGao DocSys
CVE-2025-15492 (A vulnerability was detected in RainyGao DocSys up to 2.02.36.
The aff ...)
- TODO: check
+ NOT-FOR-US: RainyGao DocSys
CVE-2025-15035 (Improper Input Validation vulnerability in TP-Link Archer
AXE75 v1.6 ( ...)
NOT-FOR-US: TP-Link
CVE-2025-14598 (BeeS Software Solutions BET Portal contains an SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: BeeS Software Solutions BET Portal
CVE-2025-14172 (The WP Page Permalink Extension plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13967 (The Woodpecker for WordPress plugin for WordPress is
vulnerable to Sto ...)
@@ -133,7 +133,7 @@ CVE-2025-13701 (The Shabat Keeper plugin for WordPress is
vulnerable to Reflecte
CVE-2025-11453 (The Header and Footer Scripts plugin for WordPress is
vulnerable to St ...)
NOT-FOR-US: WordPress plugin
CVE-2020-36875 (AccessAlly WordPress plugin versions prior to3.3.2 contain an
unauthen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14459
NOT-FOR-US: Red Hat virt-cdi-controller
CVE-2025-51602 [vlc MMS out of bounds read]
@@ -211,7 +211,7 @@ CVE-2025-68716 (KAYSUS KS-WR3600 routers with firmware
1.0.5.9.1 enable the SSH
CVE-2025-66315 (There is a configuration defect vulnerability in the version
server of ...)
NOT-FOR-US: ZTE
CVE-2025-15464 (Exported Activity allows external applications to gain
application con ...)
- TODO: check
+ NOT-FOR-US: yintibao Fun Print Mobile
CVE-2025-15057 (The SlimStat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2025-15055 (The SlimStat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b59b49544d42a8ba5a16770c9e80eea4bde1add
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b59b49544d42a8ba5a16770c9e80eea4bde1add
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
