Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81b6efca by Salvatore Bonaccorso at 2026-01-21T22:11:23+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2024-31884
NOTE: https://github.com/ceph/ceph/pull/66142
NOTE: Fixed by:
https://github.com/ceph/ceph/commit/5081933c9a0068fe9deba4fca2d943bda3168518
CVE-2026-23955 (EVerest is an EV charging software stack. Prior to version
2025.9.0, i ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2026-23755 (D-Link D-View 8 versions 2.0.1.107 and below contain an
uncontrolled s ...)
NOT-FOR-US: D-Link
CVE-2026-23754 (D-Link D-View 8 versions 2.0.1.107 and below contain an
improper acces ...)
@@ -21,7 +21,7 @@ CVE-2026-20055 (Multiple vulnerabilities in the web-based
management interface o
CVE-2026-20045 (A vulnerability in Cisco Unified Communications Manager
(Unified CM), ...)
TODO: check
CVE-2026-1290 (Authentication Bypass by Primary Weakness vulnerability in Jamf
Jamf P ...)
- TODO: check
+ NOT-FOR-US: Jamf
CVE-2026-0834 (Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53
v1.0 (T ...)
NOT-FOR-US: TP-Link
CVE-2026-0663 (Denial-of-service vulnerability in M-Files Server versions
before26.1. ...)
@@ -47,29 +47,29 @@ CVE-2025-69762 (Tenda AX3 firmware v16.03.12.11 contains a
stack overflow in for
CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration
files of th ...)
TODO: check
CVE-2025-68141 (EVerest is an EV charging software stack. Prior to version
2025.10.0, ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-68140 (EVerest is an EV charging software stack. Prior to version
2025.9.0, o ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-68139 (EVerest is an EV charging software stack. In all versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-68138 (EVerest is an EV charging software stack, and EVerest libocpp
is a C++ ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-68137 (EVerest is an EV charging software stack. Prior to version
2025.10.0, ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-68136 (EVerest is an EV charging software stack. Prior to version
2025.10.0, ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-68135 (EVerest is an EV charging software stack. Prior to version
2025.10.0, ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-68134 (EVerest is an EV charging software stack. Prior to version
2025.10.0, ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-68132 (EVerest is an EV charging software stack. Prior to version
2025.12.0, ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-66960 (An issue in ollama v.0.12.10 allows a remote attacker to cause
a denia ...)
TODO: check
CVE-2025-66959 (An issue in ollama v.0.12.10 allows a remote attacker to cause
a denia ...)
TODO: check
CVE-2025-57681 (The WorklogPRO - Timesheets for Jira plugin in Jira Data
Center before ...)
- TODO: check
+ NOT-FOR-US: WorklogPRO Timesheets for Jira plugin
CVE-2025-13878 (Malformed BRID/HHIT records can cause `named` to terminate
unexpectedl ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2025-13878
@@ -204,7 +204,7 @@ CVE-2026-24021
CVE-2026-24020
REJECTED
CVE-2026-24016 (The installer of ServerView Agents for Windows provided by
Fsas Techno ...)
- TODO: check
+ NOT-FOR-US: Fsas Technologies
CVE-2026-22976 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/c1d73b1480235731e35c81df70b08f4714a7d095 (6.19-rc5)
@@ -357,15 +357,15 @@ CVE-2026-21923 (Vulnerability in the Oracle Life Sciences
Central Designer produ
CVE-2026-21922 (Vulnerability in the Oracle Planning and Budgeting Cloud
Service produ ...)
NOT-FOR-US: Oracle
CVE-2026-21664 (HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3)
has report ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2026-21663 (HackerOne community member Patrick Lang (7yr) has reported a
reflected ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2026-21642 (HackerOne community member Patrick Lang (7yr) has reported a
reflected ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2026-21641 (HackerOne community member Jad Ghamloush (0xjad) has reported
an autho ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2026-21640 (HackerOne community member Faraz Ahmed (PakCyberbot) has
reported a fo ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2026-1035 (A flaw was found in the Keycloak server during refresh token
processin ...)
TODO: check
CVE-2026-0933 (SummaryA command injection vulnerability (CWE-78) has been
found to ex ...)
@@ -375,29 +375,29 @@ CVE-2026-0865 (User-controlled header names and values
containing newlines can a
CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values
and para ...)
TODO: check
CVE-2025-68133 (EVerest is an EV charging software stack. In versions 2025.9.0
and bel ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2025-66902 (An input validation issue in in Pithikos websocket-server
v.0.6.4 allo ...)
- TODO: check
+ NOT-FOR-US: Pithikos websocket-server
CVE-2025-66692 (A buffer over-read in the PublicKey::verify() method of
Binance - Trus ...)
TODO: check
CVE-2025-63648 (A NULL pointer dereference in the
dacp_reply_playqueueedit_move functi ...)
- TODO: check
+ NOT-FOR-US: owntone-server
CVE-2025-63647 (A NULL pointer dereference in the parse_meta function
(src/httpd_daap. ...)
- TODO: check
+ NOT-FOR-US: owntone-server
CVE-2025-58744 (Use of Default Credentials, Hard-coded Credentials
vulnerability inC2S ...)
- TODO: check
+ NOT-FOR-US: ImageDirector Capture
CVE-2025-58743 (Use of a Broken or Risky Cryptographic Algorithm (DES)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: ImageDirector Capture
CVE-2025-58742 (Insufficiently Protected Credentials, Improper Restriction of
Communic ...)
- TODO: check
+ NOT-FOR-US: ImageDirector Capture
CVE-2025-58741 (Insufficiently Protected Credentials vulnerability in the
Credential F ...)
- TODO: check
+ NOT-FOR-US: ImageDirector Capture
CVE-2025-58740 (The use of a hard-coded encryption key in calls to the
Password functi ...)
- TODO: check
+ NOT-FOR-US: ImageDirector Capture
CVE-2025-57156 (NULL pointer dereference in the dacp_reply_playqueueedit_clear
functio ...)
- TODO: check
+ NOT-FOR-US: owntone-server
CVE-2025-57155 (NULL pointer dereference in the daap_reply_groups function in
src/http ...)
- TODO: check
+ NOT-FOR-US: owntone-server
CVE-2025-15521 (The Academy LMS \u2013 WordPress LMS Plugin for Complete
eLearning Sol ...)
NOT-FOR-US: WordPress plugin
CVE-2025-15367 (The poplib module, when passed a user-controlled command, can
have add ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81b6efcaaf3a431bcc3d37d6d3af580a206dcb99
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81b6efcaaf3a431bcc3d37d6d3af580a206dcb99
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
