Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bc44b3ac by Moritz Muehlenhoff at 2026-01-18T12:00:16+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -200,7 +200,7 @@ CVE-2026-20759 (OS Command Injection vulnerability exists
in multiple Network Ca
CVE-2026-1004 (The Essential Addons for Elementor plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0949 (PEM versions prior to 9.8.1 are affected by a stored Cross-site
Script ...)
- TODO: check
+ NOT-FOR-US: Postgres Enterprise Manager (PEM)
CVE-2026-0913 (The User Submitted Posts \u2013 Enable Users to Submit Posts
from the ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0823
@@ -753,7 +753,7 @@ CVE-2026-22249 (Docmost is an open-source collaborative
wiki and documentation s
CVE-2026-20076 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2026-20075 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled
resource co ...)
@@ -840,7 +840,7 @@ CVE-2025-64516 (GLPI is a free asset and IT management
software package. Prior t
CVE-2025-62193 (Sites running NOAA PMEL Live Access Server (LAS) are
vulnerable to rem ...)
NOT-FOR-US: NOAA PMEL Live Access Server (LAS)
CVE-2025-61973 (A local privilege escalation vulnerability exists during the
installat ...)
- TODO: check
+ NOT-FOR-US: Epic Games Store
CVE-2025-36911 (In key-based pairing, there is a possible ID due to a logic
error in t ...)
NOT-FOR-US: Google devices
CVE-2025-15265 (An SSR XSS exists in async hydration when
attacker\u2011controlled key ...)
@@ -1168,7 +1168,7 @@ CVE-2025-14242 (A flaw was found in vsftpd. This
vulnerability allows a denial o
CVE-2025-13175 (Y Soft SafeQ 6 renders the Workflow Connector password field
in a way ...)
NOT-FOR-US: Y Soft
CVE-2025-0647 (In certain Arm CPUs, a CPP RCTX instruction executed on one
Processing ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2025-71144 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.18.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1574,7 +1574,7 @@ CVE-2022-50933 (Cain & Abel 4.9.56 contains an unquoted
service path vulnerabili
CVE-2022-50932 (Kyocera Command Center RX ECOSYS M2035dn contains a directory
traversa ...)
NOT-FOR-US: Kyocera Command Center RX ECOSYS
CVE-2022-50931 (TeamSpeak 3.5.6 contains an insecure file permissions
vulnerability th ...)
- TODO: check
+ NOT-FOR-US: TeamSpeak
CVE-2022-50930 (Emerson PAC Machine Edition 9.80 contains an unquoted service
path vul ...)
NOT-FOR-US: Emerson PAC Machine Edition
CVE-2022-50929 (Connectify Hotspot 2018 contains an unquoted service path
vulnerabilit ...)
@@ -1668,7 +1668,7 @@ CVE-2022-50805 (Senayan Library Management System 9.0.0
contains a SQL injection
CVE-2022-50693 (Splashtop 8.71.12001.0 contains an unquoted service path
vulnerability ...)
NOT-FOR-US: Splashtop
CVE-2021-47751 (CuteEditor for PHP (now referred to as Rich Text Editor) 6.6
contains ...)
- TODO: check
+ NOT-FOR-US: CuteEditor for PHP
CVE-2021-47750 (YouPHPTube <= 7.8 contains a cross-site scripting
vulnerability that a ...)
NOT-FOR-US: YouPHPTube
CVE-2021-47749 (YouPHPTube <= 7.8 contains a local file inclusion
vulnerability that a ...)
@@ -1791,7 +1791,7 @@ CVE-2026-21268 (Dreamweaver Desktop versions 21.6 and
earlier are affected by an
CVE-2026-21267 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
NOT-FOR-US: Adobe
CVE-2026-21265 (Windows Secure Boot stores Microsoft certificates in the UEFI
KEK and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21226 (Deserialization of untrusted data in Azure Core shared client
library ...)
NOT-FOR-US: Microsoft
CVE-2026-21224 (Stack-based buffer overflow in Azure Connected Machine Agent
allows an ...)
@@ -3658,7 +3658,7 @@ CVE-2025-65518 (Plesk Obsidian versions 8.0.1 through
18.0.73 are vulnerable to
CVE-2025-63611 (Cross-Site Scripting in phpgurukul Hostel Management System
v2.1 user- ...)
NOT-FOR-US: PHPGurukul
CVE-2025-62877 (Projects using the SUSE Virtualization (Harvester) environment
mayexpo ...)
- TODO: check
+ NOT-FOR-US: SuSE Harvester
CVE-2025-61550 (Cross-Site Scripting (XSS) is present on the
ctl00_Content01_fieldValu ...)
NOT-FOR-US: edu Business Solutions Print Shop Pro WebDesk
CVE-2025-61549 (Cross-Site Scripting (XSS) is present on the LoginID parameter
on the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc44b3ac1bebae7671cdb1e3599db5340375ebd6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc44b3ac1bebae7671cdb1e3599db5340375ebd6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
