Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc14eb0c by security tracker role at 2026-01-20T20:13:54+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-22844 (A Command Injection vulnerability in Zoom Node Multimedia
Routers (MMR ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-1245 (A code injection vulnerability in the binary-parser library
prior to v ...)
TODO: check
CVE-2026-1183 (HTML injection vulnerability in multiple Botble products such
as Trans ...)
@@ -7,35 +7,35 @@ CVE-2026-1183 (HTML injection vulnerability in multiple
Botble products such as
CVE-2026-1180 (A flaw was identified in Keycloak\u2019s OpenID Connect Dynamic
Client ...)
TODO: check
CVE-2026-0726 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0690 (The FlatPM \u2013 Ad Manager, AdSense and Custom Code plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0622 (Open 5GS WebUI uses a hard-coded JWT signing key (change-me)
whenever ...)
TODO: check
CVE-2026-0608 (The Head Meta Data plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0554 (The NotificationX plugin for WordPress is vulnerable to
unauthorized m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0548 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9466 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9465 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9464 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9283 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9282 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9281 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9280 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9279 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9278 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-67824 (The WorklogPRO - Jira Timesheets plugin in the Jira Data
Center before ...)
TODO: check
CVE-2025-67263 (Abacre Retail Point of Sale 14.0.0.396 is affected by a stored
cross-s ...)
@@ -127,37 +127,37 @@ CVE-2025-40644 (Reflected Cross-Site Scripting (XSS)
vulnerability in Riftzilla'
CVE-2025-36556 (A reflected cross-site scripting (xss) vulnerability exists in
the lda ...)
TODO: check
CVE-2025-36419 (IBM ApplinX 11.1 could disclose sensitive information about
server arc ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36418 (IBM ApplinX 11.1 is vulnerable due to a privilege escalation
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36411 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery
which cou ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36410 (IBM ApplinX 11.1 could allow an authenticated user to perform
unauthor ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36409 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36408 (IBM ApplinX 11.1 is vulnerable to stored cross-site scripting.
This vu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36397 (IBM Application Gateway 23.10 through 25.09 is vulnerable to
HTML inje ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36396 (IBM Application Gateway 23.10 through 25.09 is vulnerable to
cross-sit ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36115 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36113 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36066 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36065 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36063 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36059 (IBM Business Automation Workflow containers 25.0.0 through
25.0.0 Inte ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36058 (IBM Business Automation Workflow containers 25.0.0 through
25.0.0 Inte ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33233 (NVIDIA Merlin Transformers4Rec for all platforms contains a
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33231 (NVIDIA Nsight Systems for Windows contains a vulnerability in
the appl ...)
TODO: check
CVE-2025-33230 (NVIDIA Nsight Systems for Linux contains a vulnerability in
the .run i ...)
@@ -167,37 +167,37 @@ CVE-2025-33229 (NVIDIA Nsight Visual Studio for Windows
contains a vulnerability
CVE-2025-33228 (NVIDIA Nsight Systems contains a vulnerability in the
gfx_hotspot reci ...)
TODO: check
CVE-2025-33015 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious
file upload ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-1722 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker
to obtai ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-1719 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker
to obtai ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-15380 (The NotificationX \u2013 FOMO, Live Sales Notification,
WooCommerce Sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15347 (The Creator LMS \u2013 The LMS for Creators, Coaches, and
Trainers plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15043 (The The Events Calendar plugin for WordPress is vulnerable to
unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14883
REJECTED
CVE-2025-14533 (The Advanced Custom Fields: Extended plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14377 (A security issue was discovered within the legacy Ansible
playbook com ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-14376 (A security issue was discovered within the legacy ADI server
component ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-14369 (dr_flac, an audio decoder within the dr_libs toolset, contains
an inte ...)
TODO: check
CVE-2025-14115 (IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through
6.3.0.6 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14027 (Multiple denial-of-service vulnerabilities exist in the
affected produ ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-13925 (IBM Aspera Console 3.4.7 stores potentially sensitive
information in l ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-12985 (IBM Licensing Operator incorrectly assigns privileges to
security crit ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-11743 (A denial-of-service security issue in the affected product.
The securi ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-15281 (Calling wordexp with WRDE_REUSE in conjunction with
WRDE_APPEND in the ...)
- glibc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/01/20/3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc14eb0c4c79f8e670401eeffbc489339d5f64e9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc14eb0c4c79f8e670401eeffbc489339d5f64e9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
