Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c917019d by Salvatore Bonaccorso at 2026-01-16T21:51:01+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,9 +38,9 @@ CVE-2026-23523 (Dive is an open-source MCP Host Desktop
Application that enables
CVE-2026-23490 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2,
a Denial ...)
TODO: check
CVE-2026-22876 (Path Traversal vulnerability exists in multiple Network
Cameras TRIFOR ...)
- TODO: check
+ NOT-FOR-US: TOA Corporation
CVE-2026-22782 (RustFS is a distributed object storage system built in Rust.
From >= 1 ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-21625 (User provided uploads to the Easy Discuss component for Joomla
aren't ...)
NOT-FOR-US: Joomla
CVE-2026-21624 (Lack of input filterung leads to a persistent XSS
vulnerability in the ...)
@@ -48,9 +48,9 @@ CVE-2026-21624 (Lack of input filterung leads to a persistent
XSS vulnerability
CVE-2026-21623 (Lack of input filterung leads to a persistent XSS
vulnerability in the ...)
NOT-FOR-US: Joomla
CVE-2026-20894 (Cross-site scripting vulnerability exists in multiple Network
Cameras ...)
- TODO: check
+ NOT-FOR-US: TOA Corporation
CVE-2026-20759 (OS Command Injection vulnerability exists in multiple Network
Cameras ...)
- TODO: check
+ NOT-FOR-US: TOA Corporation
CVE-2026-1004 (The Essential Addons for Elementor plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0949 (PEM versions prior to 9.8.1 are affected by a stored Cross-site
Script ...)
@@ -60,29 +60,29 @@ CVE-2026-0913 (The User Submitted Posts \u2013 Enable Users
to Submit Posts from
CVE-2026-0823
REJECTED
CVE-2026-0696 (In ConnectWise PSA versions older than 2026.1, certain session
cookies ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2026-0695 (In ConnectWise PSA versions older than 2026.1, Time Entry notes
stored ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2026-0629 (Authentication bypass in the password recovery feature of the
local we ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-0616 (TheLibrarians web_fetch tool can be used to retrieve the
Adminer inter ...)
- TODO: check
+ NOT-FOR-US: The Librarian
CVE-2026-0615 (The Librarian `supervisord` status page can be retrieved by the
`web_f ...)
- TODO: check
+ NOT-FOR-US: TheLibrarian
CVE-2026-0613 (The Librarian contains an internal port scanning vulnerability,
facili ...)
- TODO: check
+ NOT-FOR-US: The Librarian
CVE-2026-0612 (The Librarian contains a information leakage vulnerability
through the ...)
- TODO: check
+ NOT-FOR-US: The Librarian
CVE-2025-71020 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack
overflow in t ...)
NOT-FOR-US: Tenda
CVE-2025-70746 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack
overflow in t ...)
NOT-FOR-US: Tenda
CVE-2025-69581 (An issue was discovered in Chamillo LMS 1.11.2. The Social
Network /pe ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2025-68924 (In Umbraco UmbracoForms through 8.13.16, an authenticated
attacker can ...)
NOT-FOR-US: Umbraco CMS
CVE-2025-68921 (SteelSeries Nahimic 3 1.10.7 allows Directory traversal.)
- TODO: check
+ NOT-FOR-US: SteelSeries Nahimic
CVE-2025-59870 (HCL MyXalytics v6.7 is affected by improper management of a
static JWT ...)
NOT-FOR-US: HCL
CVE-2025-48647 (In cpm_fwtp_msg_handler of
cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, t ...)
@@ -124,59 +124,59 @@ CVE-2024-44238 (The issue was addressed with improved
bounds checks. This issue
CVE-2024-44210 (This issue was addressed with improved permissions checking.
This issu ...)
NOT-FOR-US: Apple
CVE-2021-47847 (Disk Sorter Server 13.6.12 contains an unquoted service path
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Disk Sorter Server
CVE-2021-47845 (Spy Emergency 25.0.650 contains an unquoted service path
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Spy Emergency
CVE-2021-47844 (Xmind 2020 contains a cross-site scripting vulnerability that
allows a ...)
TODO: check
CVE-2021-47842 (StudyMD 0.3.2 contains a persistent cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: StudyMD
CVE-2021-47841 (SnipCommand 0.1.0 contains a cross-site scripting
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: SnipCommand
CVE-2021-47840 (Moeditor 0.2.0 contains a persistent cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Moeditor
CVE-2021-47839 (Marky 0.0.1 contains a persistent cross-site scripting
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Marky
CVE-2021-47838 (Markright 1.0 contains a persistent cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Markright
CVE-2021-47837 (Markdownify 1.2.0 contains a persistent cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Markdownify
CVE-2021-47836 (Markdown Explorer 0.1.1 contains a cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Markdown Explorer
CVE-2021-47835 (Freeter 1.2.1 contains a persistent cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Freeter
CVE-2021-47834 (Schlix CMS 2.2.6-6 contains a persistent cross-site scripting
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Schlix CMS
CVE-2021-47833 (WifiHotSpot 1.0.0.0 contains an unquoted service path
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WifiHotSpot
CVE-2021-47832 (Sandboxie Plus 0.7.4 contains an unquoted service path
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Sandboxie Plus
CVE-2021-47831 (Sandboxie 5.49.7 contains a denial of service vulnerability
that allow ...)
- TODO: check
+ NOT-FOR-US: Sandboxie
CVE-2021-47829 (DHCP Broadband 4.1.0.1503 contains an unquoted service path
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: DHCP Broadband
CVE-2021-47828 (BOOTP Turbo 2.0.0.1253 contains an unquoted service path
vulnerability ...)
- TODO: check
+ NOT-FOR-US: BOOTP Turbo
CVE-2021-47827 (WebSSH for iOS 14.16.10 contains a denial of service
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WebSSH for iOS
CVE-2021-47826 (Acer Backup Manager 3.0.0.99 contains an unquoted service path
vulnera ...)
- TODO: check
+ NOT-FOR-US: Acer Backup Manager
CVE-2021-47825 (Acer Updater Service 1.2.3500.0 contains an unquoted service
path vuln ...)
- TODO: check
+ NOT-FOR-US: Acer Updater Service
CVE-2021-47824 (iDailyDiary 4.30 contains a denial of service vulnerability
that allow ...)
- TODO: check
+ NOT-FOR-US: iDailyDiary
CVE-2021-47823 (Acer ePowerSvc 6.0.3008.0 contains an unquoted service path
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Acer ePowerSvc
CVE-2021-47822 (DiskBoss Service 12.2.18 contains an unquoted service path
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: DiskBoss Service
CVE-2021-47821 (RarmaRadio 2.72.8 contains a denial of service vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: RarmaRadio
CVE-2021-47820 (Ubee EVW327 contains a cross-site request forgery
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Ubee EVW327
CVE-2021-47818 (DupTerminator 1.4.5639.37199 contains a denial of service
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: DupTerminator
CVE-2021-47816 (Thecus N4800Eco NAS Server Control Panel contains a command
injection ...)
- TODO: check
+ NOT-FOR-US: Thecus N4800Eco NAS Server Control Panel
CVE-2025-60021 (Remote command injection vulnerability in heap profiler
builtin servic ...)
- brpc <itp> (bug #1060006)
CVE-2025-15497
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c917019d803c6c53888b3be342699f0ddf9d12be
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c917019d803c6c53888b3be342699f0ddf9d12be
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
