[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 08 Jan 2026 13:48:47 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e8207e82 by Salvatore Bonaccorso at 2026-01-08T22:48:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57,7 +57,7 @@ CVE-2026-22043 (RustFS is a distributed object storage system 
built in Rust. In
 CVE-2026-22042 (RustFS is a distributed object storage system built in Rust. 
Prior to  ...)
        NOT-FOR-US: RustFS
 CVE-2026-22041 (Logging Redactor is a Python library designed to redact 
sensitive data ...)
-       TODO: check
+       NOT-FOR-US: Logging Redactor
 CVE-2026-22034 (Snuffleupagus is a module that raises the cost of attacks 
against webs ...)
        TODO: check
 CVE-2026-22032 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
@@ -65,33 +65,33 @@ CVE-2026-22032 (Directus is a real-time API and App 
dashboard for managing SQL d
 CVE-2026-22028 (Preact, a lightweight web development framework, JSON 
serialization pr ...)
        TODO: check
 CVE-2026-21896 (Kirby is an open-source content management system. From 
versions 5.0.0 ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-21895 (The `rsa` crate is an RSA implementation written in rust. 
Prior to ver ...)
        TODO: check
 CVE-2026-21894 (n8n is an open source workflow automation platform. In 
versions from 0 ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-21892 (Parsl is a Python parallel scripting library. A SQL Injection 
vulnerab ...)
        TODO: check
 CVE-2026-21891 (ZimaOS is a fork of CasaOS, an operating system for Zima 
devices and x ...)
-       TODO: check
+       NOT-FOR-US: ZimaOS
 CVE-2026-21885 (Miniflux 2 is an open source feed reader. Prior to version 
2.2.16, Min ...)
        TODO: check
 CVE-2026-21876 (The OWASP core rule set (CRS) is a set of generic attack 
detection rul ...)
        TODO: check
 CVE-2026-21874 (NiceGUI is a Python-based UI framework. From versions v2.10.0 
to 3.4.1 ...)
-       TODO: check
+       NOT-FOR-US: NiceGUI
 CVE-2026-21873 (NiceGUI is a Python-based UI framework. From versions 2.22.0 
to 3.4.1, ...)
-       TODO: check
+       NOT-FOR-US: NiceGUI
 CVE-2026-21872 (NiceGUI is a Python-based UI framework. From versions 2.22.0 
to 3.4.1, ...)
-       TODO: check
+       NOT-FOR-US: NiceGUI
 CVE-2026-21871 (NiceGUI is a Python-based UI framework. From versions 2.13.0 
to 3.4.1, ...)
-       TODO: check
+       NOT-FOR-US: NiceGUI
 CVE-2026-21860 (Werkzeug is a comprehensive WSGI web application library. 
Prior to ver ...)
        TODO: check
 CVE-2026-21639 (A malicious actor in Wi-Fi range of the affected product could 
leverag ...)
-       TODO: check
+       NOT-FOR-US: airFiber AF60
 CVE-2026-21638 (A malicious actor in Wi-Fi range of the affected product could 
leverag ...)
-       TODO: check
+       NOT-FOR-US: UBB
 CVE-2026-0747 (Exposure of sensitive information in the TeamViewer entry 
dashboard co ...)
        NOT-FOR-US: Devolutions
 CVE-2026-0719 (A flaw was found in libsoup's NTLM (NT LAN Manager) 
authentication mod ...)
@@ -107,9 +107,9 @@ CVE-2026-0674 (Missing Authorization vulnerability in 
Campaign Monitor Campaign
 CVE-2026-0671 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        TODO: check
 CVE-2025-8307 (Asseco InfoMedica is a comprehensive solution used to manage 
both admi ...)
-       TODO: check
+       NOT-FOR-US: Asseco InfoMedica
 CVE-2025-8306 (Asseco InfoMedica is a comprehensive solution used to manage 
both admi ...)
-       TODO: check
+       NOT-FOR-US: Asseco InfoMedica
 CVE-2025-69260 (A message out-of-bounds read vulnerability in Trend Micro Apex 
Central ...)
        NOT-FOR-US: Trend Micro
 CVE-2025-69259 (A message unchecked NULL return value vulnerability in Trend 
Micro Ape ...)
@@ -137,7 +137,7 @@ CVE-2025-68873 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-68867 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68715 (An issue was discovered in Panda Wireless PWRU0 devices with 
firmware  ...)
-       TODO: check
+       NOT-FOR-US: Panda Wireless PWRU0 devices
 CVE-2025-68158 (Authlib is a Python library which builds OAuth and OpenID 
Connect serv ...)
        TODO: check
 CVE-2025-68151 (CoreDNS is a DNS server that chains plugins. Prior to version 
1.14.0,  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8207e82052e7164732f094a7015e1e138c7ea3b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8207e82052e7164732f094a7015e1e138c7ea3b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to