Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2711e4b0 by Salvatore Bonaccorso at 2026-01-28T21:58:10+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,25 +57,25 @@ CVE-2026-0749 (Improper Neutralization of Input During Web
Page Generation ('Cro
CVE-2026-0702 (The VidShop \u2013 Shoppable Videos for WooCommerce plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0483 (Stored Cross-Site Scripting (XSS) vulnerability in the PDF file
upload ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2025-7740 (Default credentials vulnerability exists in SuprOS product. If
exploit ...)
NOT-FOR-US: Hitachi Energy
CVE-2025-71002 (A floating-point exception (FPE) in the flow.column_stack
component of ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-71001 (A segmentation violation in the flow.column_stack component of
OneFlow ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-71000 (An issue in the flow.cuda.BoolTensor component of OneFlow
v0.9.0 allow ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-70999 (A GPU device-ID validation flaw in the
flow.cuda.get_device_capability ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-70336 (A Stored cross-site scripting (XSS) vulnerability in 'Create
New Live ...)
- TODO: check
+ NOT-FOR-US: PodcastGenerator
CVE-2025-69602 (A session fixation vulnerability exists in 66biolinks v62.0.0
by Altum ...)
- TODO: check
+ NOT-FOR-US: 66biolinks
CVE-2025-69601 (A directory traversal (Zip Slip) vulnerability exists in the
\u201cSta ...)
- TODO: check
+ NOT-FOR-US: 66biolinks
CVE-2025-69517 (An issue in Amidaware Inc Tactical RMM v1.3.1 and before
allows a remo ...)
- TODO: check
+ NOT-FOR-US: Amidaware Inc Tactical RMM
CVE-2025-69289 (Discourse is an open source discussion platform. A privilege
escalatio ...)
NOT-FOR-US: Discourse
CVE-2025-69218 (Discourse is an open source discussion platform. In versions
prior to ...)
@@ -99,51 +99,51 @@ CVE-2025-67723 (Discourse is an open source discussion
platform. Versions prior
CVE-2025-66488 (Discourse is an open source discussion platform. A
vulnerability prese ...)
NOT-FOR-US: Discourse
CVE-2025-65891 (A GPU device-ID validation flaw in OneFlow v0.9.0 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65890 (A device-ID validation flaw in OneFlow v0.9.0 allows attackers
to caus ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65889 (A type validation flaw in the flow.dstack() component of
OneFlow v0.9. ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65888 (A dimension validation flaw in the flow.empty() component of
OneFlow 0 ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65887 (A division-by-zero vulnerability in the flow.floor_divide()
component ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65886 (A shape mismatch vulnerability in OneFlow v0.9.0 allows
attackers to c ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-61140 (The value function in jsonpath 1.1.1 lib/index.js is
vulnerable to Pro ...)
TODO: check
CVE-2025-59901 (Disk Pulse Enterprise v10.4.18 has an authenticated reflected
XSS vuln ...)
- TODO: check
+ NOT-FOR-US: Disk Pulse Enterprise
CVE-2025-59900 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse
Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59899 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse
Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59898 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse
Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59897 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse
Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59896 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse
Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59895 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse
Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59894 (Cross-Site request forgery (CSRF) vulnerability in Sync Breeze
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59893 (Cross-Site request forgery (CSRF) vulnerability in Sync Breeze
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server and Disk Pulse Enterprise
CVE-2025-59892 (Cross-Site request forgery (CSRF) vulnerability in Sync Breeze
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server and Disk Pulse Enterprise
CVE-2025-59891 (Cross-Site request forgery (CSRF) vulnerability in Sync Breeze
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server and Disk Pulse Enterprise
CVE-2025-57796 (Explorance Blue versions prior to 8.14.12 use reversible
symmetric enc ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57795 (Explorance Blue versions prior to 8.14.13 contain an
authenticated rem ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57794 (Explorance Blue versions prior to 8.14.9 contain an
authenticated unre ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57793 (Explorance Blue versions prior to 8.14.9 contain a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57792 (Explorance Blue versions prior to 8.14.9 contain a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57283 (The Node.js package browserstack-local 1.5.8 contains a
command inject ...)
TODO: check
CVE-2025-46691 (Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01,
contain ...)
@@ -153,7 +153,7 @@ CVE-2025-46316 (An out-of-bounds read was addressed with
improved input validati
CVE-2025-46306 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2025-41351 (Vulnerability that allows a Padding Oracle Attack to be
performed on t ...)
- TODO: check
+ NOT-FOR-US: Funambol
CVE-2025-33237 (NVIDIA HD Audio Driver for Windows contains a vulnerability
where an a ...)
TODO: check
CVE-2025-33220 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
@@ -211,39 +211,39 @@ CVE-2020-36993 (LimeSurvey 4.3.10 contains a stored
cross-site scripting vulnera
CVE-2020-36992 (Nord VPN 6.31.13.0 contains an unquoted service path
vulnerability in ...)
TODO: check
CVE-2020-36991 (ShareMouse 5.0.43 contains an unquoted service path
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: ShareMouse
CVE-2020-36990 (Input Director 1.4.3 contains an unquoted service path
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Input Director
CVE-2020-36989 (ForensiT AppX Management Service 2.2.0.4 contains an unquoted
service ...)
- TODO: check
+ NOT-FOR-US: ForensiT AppX Management Service
CVE-2020-36988 (PDW File Browser version 1.3 contains stored and reflected
cross-site ...)
- TODO: check
+ NOT-FOR-US: PDW File Browser
CVE-2020-36987 (Program Access Controller 1.2.0.0 contains an unquoted service
path vu ...)
- TODO: check
+ NOT-FOR-US: Program Access Controller
CVE-2020-36986 (Prey 1.9.6 contains an unquoted service path vulnerability
that allows ...)
TODO: check
CVE-2020-36985 (IP Watcher 3.0.0.30 contains an unquoted service path
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: IP Watcher
CVE-2020-36984 (EPSON 1.124 contains an unquoted service path vulnerability in
the SEN ...)
- TODO: check
+ NOT-FOR-US: EPSON
CVE-2020-36973 (PDW File Browser 1.3 contains a remote code execution
vulnerability th ...)
- TODO: check
+ NOT-FOR-US: PDW File Browser
CVE-2020-36972 (SmartBlog 2.0.1 contains a blind SQL injection vulnerability
in the 'i ...)
- TODO: check
+ NOT-FOR-US: SmartBlog
CVE-2020-36971 (Nidesoft 3GP Video Converter 2.6.18 contains a local stack
buffer over ...)
- TODO: check
+ NOT-FOR-US: Nidesoft 3GP Video Converter
CVE-2020-36970 (PMB 5.6 contains a local file disclosure vulnerability in
getgif.php t ...)
- TODO: check
+ NOT-FOR-US: PMB
CVE-2020-36969 (M/Monit 3.7.4 contains a privilege escalation vulnerability
that allow ...)
TODO: check
CVE-2020-36968 (M/Monit 3.7.4 contains an authentication vulnerability that
allows aut ...)
TODO: check
CVE-2020-36967 (Zortam Mp3 Media Studio 27.60 contains a buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Zortam Mp3 Media Studio
CVE-2020-36965 (docPrint Pro 8.0 contains a local buffer overflow
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: docPrint Pro
CVE-2020-36964 (YATinyWinFTP contains a denial of service vulnerability that
allows at ...)
- TODO: check
+ NOT-FOR-US: YATinyWinFTP
CVE-2020-36963 (Intelbras Router RF 301K firmware version 1.1.2 contains an
authentica ...)
NOT-FOR-US: Intelbras
CVE-2020-36962 (Tendenci 12.3.1 contains a CSV formula injection vulnerability
in the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2711e4b0b8f3ea395cee1aad2d1ce042e2d91474
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2711e4b0b8f3ea395cee1aad2d1ce042e2d91474
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
