Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d309878 by Salvatore Bonaccorso at 2026-01-10T10:31:49+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46,39 +46,39 @@ CVE-2026-22690 (pypdf is a free and open-source pure-python
PDF library. Prior t
NOTE: https://github.com/py-pdf/pypdf/pull/3594
NOTE: Fixed by;
https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
(6.6.0)
CVE-2026-22689 (Mailpit is an email testing tool and API for developers. Prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Mailpit
CVE-2026-22688 (WeKnora is an LLM-powered framework designed for deep document
underst ...)
- TODO: check
+ NOT-FOR-US: WeKnora
CVE-2026-22687 (WeKnora is an LLM-powered framework designed for deep document
underst ...)
- TODO: check
+ NOT-FOR-US: WeKnora
CVE-2026-22685 (DevToys is a desktop app for developers. In versions from
2.0.0.0 to b ...)
- TODO: check
+ NOT-FOR-US: DevToys
CVE-2026-22612 (Fickling is a Python pickling decompiler and static analyzer.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2026-22611 (AWS SDK for .NET works with Amazon Web Services to help build
scalable ...)
- TODO: check
+ NOT-FOR-US: Amazon AWS SDK
CVE-2026-22610 (Angular is a development platform for building mobile and
desktop web ...)
TODO: check
CVE-2026-22609 (Fickling is a Python pickling decompiler and static analyzer.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2026-22608 (Fickling is a Python pickling decompiler and static analyzer.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2026-22607 (Fickling is a Python pickling decompiler and static analyzer.
Fickling ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2026-22606 (Fickling is a Python pickling decompiler and static analyzer.
Fickling ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2026-22605 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-22604 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-22603 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-22602 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-22601 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-22600 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-22597 (Ghost is a Node.js content management system. In versions
5.38.0 throu ...)
TODO: check
CVE-2026-22596 (Ghost is a Node.js content management system. In versions
5.90.0 throu ...)
@@ -88,37 +88,37 @@ CVE-2026-22595 (Ghost is a Node.js content management
system. In versions 5.121.
CVE-2026-22594 (Ghost is a Node.js content management system. In versions
5.105.0 thro ...)
TODO: check
CVE-2026-22589 (Spree is an open source e-commerce solution built with Ruby on
Rails. ...)
- TODO: check
+ NOT-FOR-US: Spree
CVE-2026-22584 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: Salesforce
CVE-2026-22030 (React Router is a router for React. In
@remix-run/server-runtime versi ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-22029 (React Router is a router for React. In @remix-run/router
version prior ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-22027 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-22026 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-22025 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-22024 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-22023 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-21900 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-21899 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-21898 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-21897 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
- TODO: check
+ NOT-FOR-US: NASA CryptoLib
CVE-2026-21884 (React Router is a router for React. In @remix-run/react
version prior ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-0830 (Processing specially crafted workspace folder names could allow
for ar ...)
NOT-FOR-US: Amazon
CVE-2025-68470 (React Router is a router for React. In versions 6.0.0 through
6.30.1 a ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2025-65091 (XWiki Full Calendar Macro displays objects from the wiki on
the calend ...)
NOT-FOR-US: XWiki
CVE-2025-65090 (XWiki Full Calendar Macro displays objects from the wiki on
the calend ...)
@@ -126,17 +126,17 @@ CVE-2025-65090 (XWiki Full Calendar Macro displays
objects from the wiki on the
CVE-2025-62487 (### Details On October 1, 2025, Palantir discovered that
images upload ...)
NOT-FOR-US: Palantir
CVE-2025-61686 (React Router is a router for React. In @react-router/node
versions 7.0 ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2025-61676 (October is a Content Management System (CMS) and web platform.
Prior t ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2025-61674 (October is a Content Management System (CMS) and web platform.
Prior t ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2025-60538 (A lack of rate limiting in the login page of shiori v1.7.4 and
below a ...)
- TODO: check
+ NOT-FOR-US: shiori
CVE-2025-59057 (React Router is a router for React. In @remix-run/react
versions 1.15. ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2025-51626 (SQL injection vulnerability in pss.sale.com 1.0 via the id
parameter t ...)
- TODO: check
+ NOT-FOR-US: pss.sale.com
CVE-2025-46299 (A memory initialization issue was addressed with improved
memory handl ...)
NOT-FOR-US: Apple
CVE-2025-46298 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -146,13 +146,13 @@ CVE-2025-46297 (A permissions issue was addressed with
additional restrictions.
CVE-2025-46286 (A logic issue was addressed with improved validation. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2025-15502 (A vulnerability was identified in Sangfor Operation and
Maintenance Ma ...)
- TODO: check
+ NOT-FOR-US: Sangfor Operation and Maintenance Management System
CVE-2025-15501 (A vulnerability was determined in Sangfor Operation and
Maintenance Ma ...)
- TODO: check
+ NOT-FOR-US: Sangfor Operation and Maintenance Management System
CVE-2025-15500 (A vulnerability was found in Sangfor Operation and Maintenance
Managem ...)
- TODO: check
+ NOT-FOR-US: Sangfor Operation and Maintenance Management System
CVE-2025-15499 (A vulnerability has been found in Sangfor Operation and
Maintenance Ma ...)
- TODO: check
+ NOT-FOR-US: Sangfor Operation and Maintenance Management System
CVE-2025-14948 (The miniOrange OTP Verification and SMS Notification for
WooCommerce p ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14943 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d3098785fdf1dd638358210eb868df301bfb9b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d3098785fdf1dd638358210eb868df301bfb9b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
