Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76d25070 by Moritz Muehlenhoff at 2026-01-14T11:18:30+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,15 +7,15 @@ CVE-2026-22870 (GuardDog is a CLI tool to identify malicious
PyPI packages. Prio
CVE-2026-22869 (Eigent is a multi-agent Workforce. A critical security
vulnerability i ...)
NOT-FOR-US: Eigent
CVE-2026-22868 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
- TODO: check
+ - golang-github-go-ethereum <itp> (bug #890541)
CVE-2026-22862 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
- TODO: check
+ - golang-github-go-ethereum <itp> (bug #890541)
CVE-2026-22861 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
NOT-FOR-US: iccDEV
CVE-2026-22718 (The VSCode extension for Spring CLI are vulnerable to command
injectio ...)
NOT-FOR-US: VSCode extension
CVE-2026-22686 (Enclave is a secure JavaScript sandbox designed for safe AI
agent code ...)
- TODO: check
+ NOT-FOR-US: Node enclave-vm
CVE-2026-21308 (Substance3D - Designer versions 15.0.3 and earlier are
affected by an ...)
NOT-FOR-US: Adobe
CVE-2026-21307 (Substance3D - Designer versions 15.0.3 and earlier are
affected by an ...)
@@ -187,47 +187,47 @@ CVE-2025-12051 (The drivers in the tool packages use
RTL_QUERY_REGISTRY_DIRECT f
CVE-2025-12050 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT
flag to ...)
NOT-FOR-US: Insyde
CVE-2023-54341 (Webgrind 1.1 and before contains a reflected cross-site
scripting vuln ...)
- TODO: check
+ NOT-FOR-US: Webgrind
CVE-2023-54340 (WorkOrder CMS 0.1.0 contains a SQL injection vulnerability
that allows ...)
- TODO: check
+ NOT-FOR-US: WorkOrder CMS
CVE-2023-54339 (Webgrind 1.1 contains a remote command execution vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: Webgrind
CVE-2023-54338 (Tftpd32 SE 4.60 contains an unquoted service path
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Tftpd32
CVE-2023-54337 (Sysax Multi Server 6.95 contains a denial of service
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Sysax Multi Server
CVE-2023-54336 (Mediconta 3.7.27 contains an unquoted service path
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Mediconta
CVE-2023-54335 (eXtplorer 2.1.14 contains an authentication bypass
vulnerability that ...)
- TODO: check
+ - extplorer <removed>
CVE-2023-54334 (Explorer32++ 1.3.5.531 contains a buffer overflow
vulnerability in Str ...)
- TODO: check
+ NOT-FOR-US: Explorer32++
CVE-2023-54333 (Social-Share-Buttons 2.2.3 contains a critical SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-54332 (Jetpack 11.4 contains a cross-site scripting vulnerability in
the cont ...)
- TODO: check
+ NOT-FOR-US: Jetpack
CVE-2023-54331 (Outline 1.6.0 contains an unquoted service path vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2023-54330 (Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote
stack-based b ...)
- TODO: check
+ NOT-FOR-US: Inbit Messenger
CVE-2023-54329 (Inbit Messenger 4.6.0 - 4.9.0 contains a remote command
execution vuln ...)
- TODO: check
+ NOT-FOR-US: Inbit Messenger
CVE-2023-54328 (AimOne Video Converter 2.04 Build 103 contains a buffer
overflow vulne ...)
- TODO: check
+ NOT-FOR-US: AimOne Video Converter
CVE-2023-53985 (Zstore, now referred to as Zippy CRM, 6.5.4 contains a
reflected cross ...)
- TODO: check
+ NOT-FOR-US: Zippy CRM
CVE-2023-53984 (Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service
path vulne ...)
- TODO: check
+ NOT-FOR-US: Clevo HotKey Clipboard
CVE-2022-50939 (e107 CMS version 3.2.1 contains a critical file upload
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2022-50938 (CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: CONTPAQi AdminPAQ
CVE-2022-50937 (Ametys CMS v4.4.1 contains a persistent cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Ametys CMS
CVE-2022-50936 (WBCE CMS version 1.5.2 contains an authenticated remote code
execution ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2022-50935 (Flame II HSPA USB Modem contains an unquoted service path
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Flame II HSPA USB Modem
CVE-2022-50934 (Wing FTP Server versions 4.3.8 and below contain an
authenticated remo ...)
TODO: check
CVE-2022-50933 (Cain & Abel 4.9.56 contains an unquoted service path
vulnerability tha ...)
@@ -680,7 +680,7 @@ CVE-2026-0404 (An insufficient input validation
vulnerability in NETGEAR Orbi de
CVE-2026-0403 (An insufficient input validation vulnerability in NETGEAR Orbi
routers ...)
NOT-FOR-US: Netgear
CVE-2026-0386 (Improper access control in Windows Deployment Services allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-9435 (Zohocorp ManageEngine ADManager Plus versions below7230are
vulnerable ...)
NOT-FOR-US: Zoho
CVE-2025-9427 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d250705d3a1c9e540eb6338d7c1b43651a876f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d250705d3a1c9e540eb6338d7c1b43651a876f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
