[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d4de8a68 by Salvatore Bonaccorso at 2026-01-13T21:54:09+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -290,7 +290,7 @@ CVE-2026-0386 (Improper access control in Windows 
Deployment Services allows an
 CVE-2025-9435 (Zohocorp ManageEngine ADManager Plus versions below7230are 
vulnerable  ...)
        NOT-FOR-US: Zoho
 CVE-2025-9427 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-8090 (Null pointer dereference in the MsgRegisterEvent() system call 
could a ...)
        NOT-FOR-US: Blackberry
 CVE-2025-71027 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack 
overflow  ...)
@@ -312,37 +312,37 @@ CVE-2025-69991 (phpgurukul News Portal Project V4.1 is 
vulnerable to SQL Injecti
 CVE-2025-69990 (phpgurukul News Portal Project V4.1 has an Arbitrary File 
Deletion Vul ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-68949 (n8n is an open source workflow automation platform. From 
1.36.0 to bef ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2025-68931 (Jervis is a library for Job DSL plugin scripts and shared 
Jenkins pipe ...)
-       TODO: check
+       NOT-FOR-US: Jervis
 CVE-2025-68925 (Jervis is a library for Job DSL plugin scripts and shared 
Jenkins pipe ...)
-       TODO: check
+       NOT-FOR-US: Jervis
 CVE-2025-68707 (An authentication bypass vulnerability in the Tongyu AX1800 
Wi-Fi 6 Ro ...)
-       TODO: check
+       NOT-FOR-US: Tongyu
 CVE-2025-68704 (Jervis is a library for Job DSL plugin scripts and shared 
Jenkins pipe ...)
-       TODO: check
+       NOT-FOR-US: Jervis
 CVE-2025-68703 (Jervis is a library for Job DSL plugin scripts and shared 
Jenkins pipe ...)
-       TODO: check
+       NOT-FOR-US: Jervis
 CVE-2025-68702 (Jervis is a library for Job DSL plugin scripts and shared 
Jenkins pipe ...)
-       TODO: check
+       NOT-FOR-US: Jervis
 CVE-2025-68701 (Jervis is a library for Job DSL plugin scripts and shared 
Jenkins pipe ...)
-       TODO: check
+       NOT-FOR-US: Jervis
 CVE-2025-68698 (Jervis is a library for Job DSL plugin scripts and shared 
Jenkins pipe ...)
-       TODO: check
+       NOT-FOR-US: Jervis
 CVE-2025-68271 (OpenC3 COSMOS provides the functionality needed to send 
commands to an ...)
-       TODO: check
+       NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-67685 (A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] 
vulnerabi ...)
        NOT-FOR-US: Fortinet
 CVE-2025-66698 (An issue in Semantic machines v5.4.8 allows attackers to 
bypass authen ...)
-       TODO: check
+       NOT-FOR-US: Semantic
 CVE-2025-65784 (Insecure permissions in Hubert Imoveis e Administracao Ltda 
Hub v2.0 1 ...)
-       TODO: check
+       NOT-FOR-US: Hubert Imoveis e Administracao Ltda Hub
 CVE-2025-65783 (An arbitrary file upload vulnerability in the 
/utils/uploadFile compon ...)
-       TODO: check
+       NOT-FOR-US: Hubert Imoveis e Administracao Ltda Hub
 CVE-2025-64155 (An improper neutralization of special elements used in an os 
command ( ...)
        NOT-FOR-US: Fortinet
 CVE-2025-62182 (Pega Customer Service Framework versions 8.7.0 through 25.1.0 
are affe ...)
-       TODO: check
+       NOT-FOR-US: Pega
 CVE-2025-59922 (An improper neutralization of special elements used in an SQL 
command  ...)
        NOT-FOR-US: Fortinet
 CVE-2025-59022 (Backend users who had access to the recycler module could 
delete arbit ...)
@@ -358,7 +358,7 @@ CVE-2025-58411 (Software installed and run as a 
non-privileged user may conduct
 CVE-2025-58409 (Software installed and run as a non-privileged user may 
conduct improp ...)
        NOT-FOR-US: Imagination Technologies
 CVE-2025-55462 (A CORS misconfiguration in Eramba Community and Enterprise 
Editions v3 ...)
-       TODO: check
+       NOT-FOR-US: Eramba
 CVE-2025-47855 (An exposure of sensitive information to an unauthorized actor 
[CWE-200 ...)
        NOT-FOR-US: Fortinet
 CVE-2025-46685 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, 
contain a  ...)
@@ -380,9 +380,9 @@ CVE-2025-37166 (A vulnerability affecting HPE Networking 
Instant On Access Point
 CVE-2025-37165 (A vulnerability in the router mode configuration of HPE 
Instant On Acc ...)
        NOT-FOR-US: HPE
 CVE-2025-36640 (A vulnerability has been identified in the 
installation/uninstallation ...)
-       TODO: check
+       NOT-FOR-US: Tenable Nessus Agent
 CVE-2025-25652 (In Eptura Archibus 2024.03.01.109, the "Run script" and 
"Server File"  ...)
-       TODO: check
+       NOT-FOR-US: Eptura Archibus
 CVE-2025-25249 (A heap-based buffer overflow vulnerability in Fortinet FortiOS 
7.6.0 t ...)
        NOT-FOR-US: Fortinet
 CVE-2025-25176 (Intermediate register values of secure workloads can be 
exfiltrated in ...)
@@ -404,7 +404,7 @@ CVE-2025-11250 (Zohocorp ManageEngine ADSelfService Plus 
versions before 6519 ar
 CVE-2025-10865 (Software installed and run as a non-privileged user may 
conduct improp ...)
        NOT-FOR-US: Imagination Technologies
 CVE-2024-54855 (fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered 
to conta ...)
-       TODO: check
+       NOT-FOR-US: fabricators Ltd Vanilla OS 2 Core image
 CVE-2025-71101 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
        - linux <unfixed>
        [bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -910,9 +910,9 @@ CVE-2026-0492 (SAP HANA database is vulnerable to privilege 
escalation allowing
 CVE-2026-0491 (SAP Landscape Transformation allows an attacker with admin 
privileges  ...)
        NOT-FOR-US: SAP
 CVE-2025-67147 (Multiple SQL Injection vulnerabilities exist in 
amansuryawanshi Gym-Ma ...)
-       TODO: check
+       NOT-FOR-US: amansuryawanshi Gym-Management-System-PHP
 CVE-2025-67146 (Multiple SQL Injection vulnerabilities exist in AbhishekMali21 
GYM-MAN ...)
-       TODO: check
+       NOT-FOR-US: AbhishekMali21 GYM-MANAGEMENT-SYSTEM
 CVE-2025-66177 (There is a Stack overflow Vulnerability in the device Search 
and Disco ...)
        NOT-FOR-US: Hikvision
 CVE-2025-66176 (There is a Stack overflow Vulnerability in the device Search 
and Disco ...)
@@ -920,7 +920,7 @@ CVE-2025-66176 (There is a Stack overflow Vulnerability in 
the device Search and
 CVE-2025-41717 (An unauthenticated remote attacker can trick a high privileged 
user in ...)
        NOT-FOR-US: Phoenix Contact
 CVE-2025-29329 (Buffer Overflow in the ippprint (Internet Printing Protocol) 
service i ...)
-       TODO: check
+       NOT-FOR-US: Sagemcom
 CVE-2025-15514 (Ollama 0.11.5-rc0 through current version 0.13.5 contain a 
null pointe ...)
        - ollama <itp> (bug #1094806)
 CVE-2025-14829 (The E-xact | Hosted Payment | WordPress plugin through 2.0 is 
vulnerab ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4de8a68eb9d1b97fb929d26a6f89df4dff657b0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4de8a68eb9d1b97fb929d26a6f89df4dff657b0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits