[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 23 Jan 2026 01:22:39 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8ec0d573 by Salvatore Bonaccorso at 2026-01-23T10:21:40+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,9 +38,9 @@ CVE-2026-24130 (Moonraker is a Python web server providing 
API access to Klipper
 CVE-2026-24129 (Runtipi is a Docker-based, personal homeserver orchestrator 
that facil ...)
        NOT-FOR-US: Runtipi
 CVE-2026-24124 (Dragonfly is an open source P2P-based file distribution and 
image acce ...)
-       TODO: check
+       NOT-FOR-US: Dragonfly
 CVE-2026-24058 (Soft Serve is a self-hostable Git server for the command line. 
Version ...)
-       TODO: check
+       NOT-FOR-US: Soft Serve
 CVE-2026-23988 (Rufus is a utility that helps format and create bootable USB 
flash dri ...)
        NOT-FOR-US: Rufus
 CVE-2026-21524 (Exposure of sensitive information to an unauthorized actor in 
Azure Da ...)
@@ -72,99 +72,99 @@ CVE-2026-20736 (Gitea does not properly verify repository 
context when deleting
 CVE-2026-20613 (The ArchiveReader.extractContents() function used by cctl 
image load a ...)
        NOT-FOR-US: Apple
 CVE-2026-1201 (An Authorization Bypass Through User-Controlled Key 
vulnerability in H ...)
-       TODO: check
+       NOT-FOR-US: Hubitat Elevation home automation controllers
 CVE-2026-0927 (The KiviCare \u2013 Clinic & Patient Management System (EHR) 
plugin fo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-0798 (Gitea may send release notification emails for private 
repositories to ...)
        TODO: check
 CVE-2026-0796 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code 
Execut ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0795 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code 
Execut ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0794 (ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code 
Execution Vu ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0793 (ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer 
Overflow Remo ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0792 (ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based 
Buffer Ov ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0791 (ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based 
Buffer Over ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0790 (ALGO 8180 IP Audio Alerter Web UI Direct Request Information 
Disclosur ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0789 (ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication 
Cookie i ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0788 (ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site 
Scripting Vuln ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0787 (ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code 
Execution ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0786 (ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code 
Execution ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0785 (ALGO 8180 IP Audio Alerter API Command Injection Remote Code 
Execution ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0784 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code 
Execut ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0783 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code 
Execut ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0782 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code 
Execut ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0781 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code 
Execut ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0780 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code 
Execut ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0779 (ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code 
Executio ...)
-       TODO: check
+       NOT-FOR-US: ALGO
 CVE-2026-0778 (Enel X JuiceBox 40 Telnet Service Missing Authentication Remote 
Code E ...)
-       TODO: check
+       NOT-FOR-US: Enel X
 CVE-2026-0776 (Discord Client Uncontrolled Search Path Element Local Privilege 
Escala ...)
-       TODO: check
+       NOT-FOR-US: Discord
 CVE-2026-0775 (npm cli Incorrect Permission Assignment Local Privilege 
Escalation Vul ...)
        TODO: check
 CVE-2026-0774 (WatchYourLAN Configuration Page Argument Injection Remote Code 
Executi ...)
-       TODO: check
+       NOT-FOR-US: WatchYourLAN
 CVE-2026-0773 (Upsonic Cloudpickle Deserialization of Untrusted Data Remote 
Code Exec ...)
-       TODO: check
+       NOT-FOR-US: Upsonic
 CVE-2026-0772 (Langflow Disk Cache Deserialization of Untrusted Data Remote 
Code Exec ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-0771 (Langflow PythonFunction Code Injection Remote Code Execution 
Vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-0770 (Langflow exec_globals Inclusion of Functionality from Untrusted 
Contro ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-0769 (Langflow eval_custom_component_code Eval Injection Remote Code 
Executi ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-0768 (Langflow code Code Injection Remote Code Execution 
Vulnerability. This ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-0767 (Open WebUI Cleartext Transmission of Credentials Information 
Disclosur ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-0766 (Open WebUI load_tool_module_by_id Command Injection Remote Code 
Execut ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-0765 (Open WebUI PIP install_frontmatter_requirements Command 
Injection Remo ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-0764 (GPT Academic upload Deserialization of Untrusted Data Remote 
Code Exec ...)
-       TODO: check
+       NOT-FOR-US: GPT Academic
 CVE-2026-0763 (GPT Academic run_in_subprocess_wrapper_func Deserialization of 
Untrust ...)
-       TODO: check
+       NOT-FOR-US: GPT Academic
 CVE-2026-0762 (GPT Academic stream_daas Deserialization of Untrusted Data 
Remote Code ...)
-       TODO: check
+       NOT-FOR-US: GPT Academic
 CVE-2026-0761 (Foundation Agents MetaGPT actionoutput_str_to_mapping Code 
Injection R ...)
-       TODO: check
+       NOT-FOR-US: Foundation Agents MetaGPT
 CVE-2026-0760 (Foundation Agents MetaGPT deserialize_message Deserialization 
of Untru ...)
-       TODO: check
+       NOT-FOR-US: Foundation Agents MetaGPT
 CVE-2026-0759 (Katana Network Development Starter Kit executeCommand Command 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: Katana Network
 CVE-2026-0758 (mcp-server-siri-shortcuts shortcutName Command Injection 
Privilege Esc ...)
-       TODO: check
+       NOT-FOR-US: mcp-server-siri-shortcuts
 CVE-2026-0757 (MCP Manager for Claude Desktop execute-command Command 
Injection Sandb ...)
-       TODO: check
+       NOT-FOR-US: MCP Manager for Claude Desktop
 CVE-2026-0756 (github-kanban-mcp-server execAsync Command Injection Remote 
Code Execu ...)
-       TODO: check
+       NOT-FOR-US: github-kanban-mcp-server
 CVE-2026-0755 (gemini-mcp-tool execAsync Command Injection Remote Code 
Execution Vuln ...)
-       TODO: check
+       NOT-FOR-US: gemini-mcp-tool
 CVE-2026-0710 (A flaw was found in SIPp. A remote attacker could exploit this 
by send ...)
        TODO: check
 CVE-2025-9290 (An authentication weakness was identified in Omada Controllers, 
Gatewa ...)
-       TODO: check
+       NOT-FOR-US: Omada
 CVE-2025-9289 (A Cross-Site Scripting (XSS) vulnerability was identified in a 
paramet ...)
-       TODO: check
+       NOT-FOR-US: Omada
 CVE-2025-67847 (A flaw was found in Moodle. An attacker with access to the 
restore int ...)
        TODO: check
 CVE-2025-67652 (An attacker with access to the project file could use the 
exposed  cre ...)
@@ -182,13 +182,13 @@ CVE-2025-22234 (The fix applied in CVE-2025-22228 
inadvertently broke the timing
 CVE-2025-15522 (The Uncanny Automator \u2013 Easy Automation, Integration, 
Webhooks &  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-15351 (Anritsu VectorStar CHX File Parsing Deserialization of 
Untrusted Data  ...)
-       TODO: check
+       NOT-FOR-US: Anritsu
 CVE-2025-15350 (Anritsu VectorStar CHX File Parsing Deserialization of 
Untrusted Data  ...)
-       TODO: check
+       NOT-FOR-US: Anritsu
 CVE-2025-15349 (Anritsu ShockLine SCPI Race Condition Remote Code Execution 
Vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Anritsu
 CVE-2025-15348 (Anritsu ShockLine CHX File Parsing Deserialization of 
Untrusted Data R ...)
-       TODO: check
+       NOT-FOR-US: Anritsu
 CVE-2025-15063 (Ollama MCP Server execAsync Command Injection Remote Code 
Execution Vu ...)
        TODO: check
 CVE-2025-15062 (Trimble SketchUp SKP File Parsing Use-After-Free Remote Code 
Execution ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ec0d573764b6974105246151416911655507026

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ec0d573764b6974105246151416911655507026
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to