[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 13 Jan 2026 00:30:04 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a661f125 by Salvatore Bonaccorso at 2026-01-13T09:29:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,33 +17,33 @@ CVE-2026-22830
 CVE-2026-22829
        REJECTED
 CVE-2026-22813 (OpenCode is an open source AI coding agent. The markdown 
renderer used ...)
-       TODO: check
+       NOT-FOR-US: OpenCode
 CVE-2026-22812 (OpenCode is an open source AI coding agent. Prior to 1.0.216, 
OpenCode ...)
-       TODO: check
+       NOT-FOR-US: OpenCode
 CVE-2026-22805 (Metabase is an open-source data analytics platform. Prior to 
55.13, 56 ...)
-       TODO: check
+       NOT-FOR-US: Metabase
 CVE-2026-22804 (Termix is a web-based server management platform with SSH 
terminal, tu ...)
-       TODO: check
+       NOT-FOR-US: Termix
 CVE-2026-22800 (PILOS (Platform for Interactive Live-Online Seminars) is a 
frontend fo ...)
-       TODO: check
+       NOT-FOR-US: PILOS (Platform for Interactive Live-Online Seminars)
 CVE-2026-22799 (Emlog is an open source website building system. emlog v2.6.1 
and earl ...)
-       TODO: check
+       NOT-FOR-US: Emlog
 CVE-2026-22798 (hermes is an implementation of the HERMES workflow to 
automatize softw ...)
        TODO: check
 CVE-2026-22794 (Appsmith is a platform to build admin panels, internal tools, 
and dash ...)
-       TODO: check
+       NOT-FOR-US: Appsmith
 CVE-2026-22789 (WebErpMesv2 is a Resource Management and Manufacturing 
execution syste ...)
-       TODO: check
+       NOT-FOR-US: WebErpMesv2
 CVE-2026-22788 (WebErpMesv2 is a Resource Management and Manufacturing 
execution syste ...)
-       TODO: check
+       NOT-FOR-US: WebErpMesv2
 CVE-2026-22786 (Gin-vue-admin is a backstage management system based on vue 
and gin. G ...)
-       TODO: check
+       NOT-FOR-US: Gin-vue-admin
 CVE-2026-22772 (Fulcio is a certificate authority for issuing code signing 
certificate ...)
        TODO: check
 CVE-2026-22214 (RIOT OS versions up to and including 2026.01-devel-317 contain 
a stack ...)
-       TODO: check
+       NOT-FOR-US: RIOT OS
 CVE-2026-22213 (RIOT OS versions up to and including 2026.01-devel-317 contain 
a stack ...)
-       TODO: check
+       NOT-FOR-US: RIOT OS
 CVE-2026-22212 (TinyOS versions up to and including 2.1.2 contain a 
stack-based buffer ...)
        TODO: check
 CVE-2026-0514 (Due to a Cross-Site Scripting (XSS) vulnerability in SAP 
Business Conn ...)
@@ -93,7 +93,7 @@ CVE-2025-66177 (There is a Stack overflow Vulnerability in 
the device Search and
 CVE-2025-66176 (There is a Stack overflow Vulnerability in the device Search 
and Disco ...)
        NOT-FOR-US: Hikvision
 CVE-2025-41717 (An unauthenticated remote attacker can trick a high privileged 
user in ...)
-       TODO: check
+       NOT-FOR-US: Phoenix Contact
 CVE-2025-29329 (Buffer Overflow in the ippprint (Internet Printing Protocol) 
service i ...)
        TODO: check
 CVE-2025-15514 (Ollama 0.11.5-rc0 through current version 0.13.5 contain a 
null pointe ...)
@@ -105,11 +105,11 @@ CVE-2025-12420 (A vulnerability has been identified in 
the ServiceNow AI Platfor
 CVE-2025-10915 (The Dreamer Blog WordPress theme through 1.2 is vulnerable to 
arbitrar ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-58340 (LangChain versions up to and including 0.3.1 contain a regular 
express ...)
-       TODO: check
+       NOT-FOR-US: LangChain
 CVE-2024-58339 (LlamaIndex (run-llama/llama_index) versions up to and 
including 0.12.2 ...)
-       TODO: check
+       NOT-FOR-US: LlamaIndex (run-llama/llama_index)
 CVE-2024-14021 (LlamaIndex (run-llama/llama_index) versions up to and 
including 0.11.6 ...)
-       TODO: check
+       NOT-FOR-US: LlamaIndex (run-llama/llama_index)
 CVE-2026-22801 (LIBPNG is a reference library for use in applications that 
read, creat ...)
        - libpng1.6 <unfixed>
        NOTE: 
https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8
@@ -393264,7 +393264,7 @@ CVE-2021-41076
 CVE-2021-41075 (The NetFlow Analyzer in Zoho ManageEngine OpManger before 
125455 is vu ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2021-41074 (A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 
allows an a ...)
-       TODO: check
+       NOT-FOR-US: QloApps hotel eCommerce
 CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 
5.14.6  ...)
        {DSA-4978-1}
        - linux 5.14.6-2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a661f125e79177a2d70352002e6e8bb36b3a2bcf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a661f125e79177a2d70352002e6e8bb36b3a2bcf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to