Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e57741b5 by Salvatore Bonaccorso at 2026-01-28T10:32:58+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2026-24859
CVE-2026-24852 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
NOT-FOR-US: iccDEV
CVE-2026-24850 (The ML-DSA crate is a Rust implementation of the
Module-Lattice-Based ...)
- TODO: check
+ NOT-FOR-US: Rust signatures crate
CVE-2026-24842 (node-tar,a Tar for Node.js, contains a vulnerability in
versions prior ...)
- node-tar <unfixed>
NOTE:
https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v
@@ -43,17 +43,17 @@ CVE-2026-24836 (DNN (formerly DotNetNuke) is an open-source
web content manageme
CVE-2026-24833 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2026-24785 (Clatter is a no_std compatible, pure Rust implementation of
the Noise ...)
- TODO: check
+ NOT-FOR-US: Clatter
CVE-2026-24784 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2026-24783 (soroban-fixed-point-math is a fixed-point math library for
Soroban sma ...)
- TODO: check
+ NOT-FOR-US: soroban-fixed-point-math
CVE-2026-24779 (vLLM is an inference and serving engine for large language
models (LLM ...)
TODO: check
CVE-2026-24778 (Ghost is an open source content management system. In Ghost
versions 5 ...)
TODO: check
CVE-2026-24770 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation)
engine. ...)
- TODO: check
+ NOT-FOR-US: RAGFlow
CVE-2026-24765 (PHPUnit is a testing framework for PHP. A vulnerability has
been disco ...)
TODO: check
CVE-2026-24748 (Kargo manages and automates the promotion of software
artifacts. Prior ...)
@@ -61,29 +61,29 @@ CVE-2026-24748 (Kargo manages and automates the promotion
of software artifacts.
CVE-2026-24747 (PyTorch is a Python package that provides tensor computation.
Prior to ...)
TODO: check
CVE-2026-24741 (ConvertXis a self-hosted online file converter. In versions
prior to 0 ...)
- TODO: check
+ NOT-FOR-US: ConvertXis
CVE-2026-24740 (Dozzle is a realtime log viewer for docker containers. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Dozzle
CVE-2026-24738 (gmrtd is a Go library for reading Machine Readable Travel
Documents (M ...)
- TODO: check
+ NOT-FOR-US: gmrtd
CVE-2026-24736 (Squidex is an open source headless content management system
and conte ...)
- TODO: check
+ NOT-FOR-US: Squidex
CVE-2026-24134 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
- TODO: check
+ NOT-FOR-US: StudioCMS
CVE-2026-23830 (SandboxJS is a JavaScript sandboxing library. Versions prior
to 0.8.26 ...)
- TODO: check
+ NOT-FOR-US: SandboxJS Node module
CVE-2026-21569 (This High severity XXE (XML External Entity Injection)
vulnerability w ...)
NOT-FOR-US: Atlassian
CVE-2026-1514 (Official Document Management System developed by 2100
Technology has a ...)
- TODO: check
+ NOT-FOR-US: 2100 Technology
CVE-2026-1513 (billboard.js before 3.18.0 allows an attacker to execute
malicious Jav ...)
- TODO: check
+ NOT-FOR-US: billboard.js
CVE-2026-1506 (A vulnerability was determined in D-Link DIR-615 4.10. Impacted
is an ...)
NOT-FOR-US: D-Link
CVE-2026-1505 (A vulnerability was found in D-Link DIR-615 4.10. This issue
affects s ...)
NOT-FOR-US: D-Link
CVE-2026-1466 (Jirafeau normally prevents browser preview for text files due
to the p ...)
- TODO: check
+ NOT-FOR-US: Jirafeau
CVE-2026-1389 (The Document Embedder \u2013 Embed PDFs, Word, Excel, and Other
Files ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1310 (The Simple calendar for Elementor plugin for WordPress is
vulnerable t ...)
@@ -111,7 +111,7 @@ CVE-2025-8072 (The Target Video Easy Publish plugin for
WordPress is vulnerable
CVE-2025-67645 (OpenEMR is a free and open source electronic health records
and medica ...)
NOT-FOR-US: OpenEMR
CVE-2025-55292 (Meshtastic is an open source mesh networking solution. In the
current ...)
- TODO: check
+ NOT-FOR-US: Meshtastic
CVE-2025-54373 (OpenEMR is a free and open source electronic health records
and medica ...)
NOT-FOR-US: OpenEMR
CVE-2025-40554 (SolarWinds Web Help Desk was found to be susceptible to an
authenticat ...)
@@ -129,7 +129,7 @@ CVE-2025-40536 (SolarWinds Web Help Desk was found to be
susceptible to a securi
CVE-2025-21589 (An Authentication Bypass Using an Alternate Path or Channel
vulnerabil ...)
NOT-FOR-US: Juniper
CVE-2025-14988 (A security issue has been identified in ibaPDA that could
allow unauth ...)
- TODO: check
+ NOT-FOR-US: ibaPDA
CVE-2025-14610 (The TableMaster for Elementor plugin for WordPress is
vulnerable to Se ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14039 (The Simple Folio plugin for WordPress is vulnerable to Stored
Cross-Si ...)
@@ -477,7 +477,7 @@ CVE-2020-36974 (Realtek Andrea RT Filters 1.0.64.7 contains
an unquoted service
CVE-2020-36951 (Phpscript-sgh 0.1.0 contains a time-based blind SQL injection
vulnerab ...)
NOT-FOR-US: Phpscript-sgh
CVE-2020-36950 (Laravel Nova 3.7.0 contains a denial of service vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: Laravel Nova
CVE-2020-36949 (TapinRadio 2.13.7 contains a denial of service vulnerability
in the ap ...)
NOT-FOR-US: TapinRadio
CVE-2020-36948 (VestaCP 0.9.8-26 contains a session token vulnerability in the
LoginAs ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e57741b542cc26dc00afd77d9b7508b416a32f92
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e57741b542cc26dc00afd77d9b7508b416a32f92
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
