Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2472837a by Salvatore Bonaccorso at 2026-01-29T22:05:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,17 +2,17 @@ CVE-2026-25068 (alsa-lib versions 1.2.2 up to and including
1.2.15.2, prior to c
- alsa-lib <unfixed>
NOTE: Fixed by:
https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40
CVE-2026-24780 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2026-24687 (Umbraco Forms is a form builder that integrates with the
Umbraco conte ...)
NOT-FOR-US: Umbraco CMS
CVE-2026-24414 (The Icinga PowerShell Framework provides configuration and
check possi ...)
- TODO: check
+ NOT-FOR-US: Icinga PowerShell Framework
CVE-2026-24413 (Icinga 2 is an open source monitoring system. Starting in
version 2.3. ...)
- icinga2 <not-affected> (Only affects Icinga 2 on Windows)
CVE-2026-24054 (Kata Containers is an open source project focusing on a
standard imple ...)
- TODO: check
+ NOT-FOR-US: Kata Containers
CVE-2026-23896 (immich is a high performance self-hosted photo and video
management so ...)
- TODO: check
+ NOT-FOR-US: immich
CVE-2026-23571 (A command injection vulnerability was discovered in TeamViewer
DEX (fo ...)
NOT-FOR-US: TeamViewer
CVE-2026-23570 (A missing validation of a user-controlled value in the
TeamViewer DEX ...)
@@ -32,23 +32,23 @@ CVE-2026-23564 (A vulnerability in TeamViewer DEX Client
(former 1E Client) - Co
CVE-2026-23563 (Improper Link Resolution Before File Access (invoked by
1E\u2011Explor ...)
NOT-FOR-US: TeamViewer
CVE-2026-22806 (vCluster Platform provides a Kubernetes platform for managing
virtual ...)
- TODO: check
+ NOT-FOR-US: vCluster Platform
CVE-2026-22764 (Dell OpenManage Network Integration, versions prior to 3.9,
contains a ...)
NOT-FOR-US: Dell / EMC
CVE-2026-1616 (The $uri$args concatenation in nginx configuration file present
in Ope ...)
- TODO: check
+ NOT-FOR-US: Open Security Issue Management (OSIM)
CVE-2026-1610 (A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn.
Affecte ...)
NOT-FOR-US: Tenda
CVE-2026-1601 (A weakness has been identified in Totolink A7000R 4.1cu.4154.
The impa ...)
NOT-FOR-US: TOTOLINK
CVE-2026-1600 (A vulnerability was identified in Bdtask Bhojon All-In-One
Restaurant ...)
- TODO: check
+ NOT-FOR-US: Bdtask Bhojon All-In-One Restaurant Management System
CVE-2026-1599 (A vulnerability was determined in Bdtask Bhojon All-In-One
Restaurant ...)
- TODO: check
+ NOT-FOR-US: Bdtask Bhojon All-In-One Restaurant Management System
CVE-2026-1598 (A vulnerability was found in Bdtask Bhojon All-In-One
Restaurant Manag ...)
- TODO: check
+ NOT-FOR-US: Bdtask Bhojon All-In-One Restaurant Management System
CVE-2026-1597 (A vulnerability has been found in Bdtask SalesERP up to
20260116. This ...)
- TODO: check
+ NOT-FOR-US: Bdtask SalesERP
CVE-2026-1596 (A flaw has been found in D-Link DWR-M961 1.1.47. This
vulnerability af ...)
NOT-FOR-US: D-Link
CVE-2026-1595 (A vulnerability was detected in itsourcecode Society Management
System ...)
@@ -62,47 +62,47 @@ CVE-2026-1590 (A vulnerability was identified in
itsourcecode School Management
CVE-2026-1589 (A vulnerability was determined in itsourcecode School
Management Syste ...)
NOT-FOR-US: itsourcecode System
CVE-2026-1588 (A vulnerability was found in jishenghua jshERP up to 3.6. The
impacted ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2026-1587 (A vulnerability has been found in Open5GS up to 2.7.6. The
affected el ...)
- open5gs <itp> (bug #1094791)
CVE-2026-1586 (A flaw has been found in Open5GS up to 2.7.5. Impacted is the
function ...)
- open5gs <itp> (bug #1094791)
CVE-2026-1469 (Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager.
This vuln ...)
- TODO: check
+ NOT-FOR-US: NOVAs PlanManager
CVE-2026-1457 (An authenticated buffer handling flaw in TP-Link VIGI C385 V1
Web API ...)
NOT-FOR-US: TP-Link
CVE-2026-1453 (A missing authentication for critical function vulnerability in
KiloVi ...)
- TODO: check
+ NOT-FOR-US: KiloView Encoder Series
CVE-2026-1188 (In the Eclipse OMR port library component since release 0.2.0,
an API ...)
NOT-FOR-US: Eclipse
CVE-2026-0936 (An Insertion of Sensitive Information into Log File
vulnerability in B ...)
NOT-FOR-US: ABB group
CVE-2025-7714 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Content Management System (CMS)
CVE-2025-7713 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Content Management System (CMS)
CVE-2025-7016 (Improper Access Control vulnerability in Ak\u0131n Software
Computer I ...)
- TODO: check
+ NOT-FOR-US: QR Menu
CVE-2025-7015 (Session Fixation vulnerability in Ak\u0131n Software Computer
Import E ...)
- TODO: check
+ NOT-FOR-US: QR Menu
CVE-2025-7014 (Session Fixation vulnerability in QR Menu Pro Smart Menu
Systems Menu ...)
- TODO: check
+ NOT-FOR-US: QR Menu
CVE-2025-7013 (Authorization Bypass Through User-Controlled Key vulnerability
in QR M ...)
- TODO: check
+ NOT-FOR-US: QR Menu
CVE-2025-71011 (An input validation vulnerability in the
flow.Tensor.new_empty/flow.Te ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-71009 (An input validation vulnerability in the
flow.scatter/flow.scatter_add ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-71008 (A segmentation violation in the
oneflow._oneflow_internal.autograd.Fun ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-69929 (An issue in N3uron Web User Interface v.1.21.7-240207.1047
allows a re ...)
- TODO: check
+ NOT-FOR-US: N3uron Web User Interface
CVE-2025-69749 (Cross Site Scripting vulnerability in tale v.2.0.5 allows an
attacker ...)
- TODO: check
+ NOT-FOR-US: otale tale
CVE-2025-69604 (An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow
a local ...)
- TODO: check
+ NOT-FOR-US: Shirt Pocket's SuperDuper
CVE-2025-69516 (A Server-Side Template Injection (SSTI) vulnerability in the
/reportin ...)
- TODO: check
+ NOT-FOR-US: Amidaware Tactical RMM
CVE-2025-63658 (A stack overflow in the mk_http_index_lookup function
(mk_server/mk_ht ...)
- monkey <removed>
CVE-2025-63657 (An out-of-bounds read in the mk_mimetype_find function
(mk_server/mk_m ...)
@@ -122,73 +122,73 @@ CVE-2025-63650 (An out-of-bounds read in the
mk_ptr_to_buf in mk_core function (
CVE-2025-63649 (An out-of-bounds read in the
http_parser_transfer_encoding_chunked fun ...)
- monkey <removed>
CVE-2025-62514 (Parsec is a cloud-based application for cryptographically
secure file ...)
- TODO: check
+ NOT-FOR-US: Parsec
CVE-2025-45160 (A HTML injection vulnerability exists in the file upload
functionality ...)
TODO: check
CVE-2025-15550 (birkir prime <= 0.4.0.beta.0 contains a cross-site request
forgery vul ...)
- TODO: check
+ NOT-FOR-US: birkir prime
CVE-2025-15549 (FluentCMS 2026 contains a stored cross-site scripting
vulnerability th ...)
- TODO: check
+ NOT-FOR-US: FluentCMS
CVE-2025-15548 (Some VX800v v1.0 web interface endpoints transmit sensitive
informatio ...)
- TODO: check
+ NOT-FOR-US: VX800v
CVE-2025-15545 (The backup restore function does not properly validate
unexpected or u ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-15543 (Improper link resolution in USB HTTP access path in VX800v
v1.0 allows ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-15542 (Improper handling of exceptional conditions in VX800v v1.0 in
SIP proc ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-15541 (Improper link resolution in the VX800v v1.0 SFTP service
allows authen ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-13905 (CWE-276: Incorrect Default Permissions vulnerability exists
that could ...)
NOT-FOR-US: Schneider Electric
CVE-2025-13399 (A weakness in the web interface\u2019s application layer
encryption in ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2020-37021 (10-Strike Bandwidth Monitor 3.9 contains an unquoted service
path vuln ...)
- TODO: check
+ NOT-FOR-US: 10-Strike Bandwidth Monitor
CVE-2020-37020 (SonarQube 8.3.1 contains an unquoted service path
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: SonarQube
CVE-2020-37018 (GOautodial 4.0 contains a persistent cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: GOautodial
CVE-2020-37017 (CodeMeter 6.60 contains an unquoted service path vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: CodeMeter
CVE-2020-37016 (BarcodeOCR 19.3.6 contains an unquoted service path
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: BarcodeOCR
CVE-2020-37015 (Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory
travers ...)
- TODO: check
+ NOT-FOR-US: Ruijie Networks Switch eWeb S29_RGOS
CVE-2020-37013 (Audio Playback Recorder 3.2.2 contains a local buffer overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Audio Playback Recorder
CVE-2020-37012 (Tea LaTex 1.0 contains a remote code execution vulnerability
that allo ...)
TODO: check
CVE-2020-37011 (Gnome Fonts Viewer 3.34.0 contains a heap corruption
vulnerability tha ...)
TODO: check
CVE-2020-37010 (BearShare Lite 5.2.5 contains a buffer overflow vulnerability
in the A ...)
- TODO: check
+ NOT-FOR-US: BearShare Lite
CVE-2020-37009 (MedDream PACS Server 6.8.3.751 contains an authenticated
remote code e ...)
- TODO: check
+ NOT-FOR-US: MedDream PACS Server
CVE-2020-37008 (EasyPMS 1.0.0 contains an authentication bypass vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: EasyPMS
CVE-2020-37007 (Liman 0.7 contains a cross-site request forgery vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: Liman
CVE-2020-37006 (berliCRM 1.0.24 contains a SQL injection vulnerability in the
'src_rec ...)
- TODO: check
+ NOT-FOR-US: berliCRM
CVE-2020-37005 (TimeClock Software 1.01 contains an authenticated time-based
SQL injec ...)
- TODO: check
+ NOT-FOR-US: TimeClock Software
CVE-2020-37004 (Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL
injection ...)
- TODO: check
+ NOT-FOR-US: Ultimate Project Manager CRM PRO
CVE-2020-37002 (Ajenti 2.1.36 contains an authentication bypass vulnerability
that all ...)
- ajenti <itp> (bug #792019)
CVE-2020-37001 (Frigate Professional 3.36.0.9 contains a local buffer overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Frigate Professional
CVE-2020-37000 (Free MP3 CD Ripper 2.8 contains a stack buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Free MP3 CD Ripper
CVE-2020-36999 (Elaniin CMS 1.0 contains an authentication bypass
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Elaniin CMS
CVE-2020-36997 (BacklinkSpeed 2.4 contains a buffer overflow vulnerability
that allows ...)
- TODO: check
+ NOT-FOR-US: BacklinkSpeed
CVE-2020-36995 (Mocha Telnet Lite for iOS 4.2 contains a denial of service
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Mocha Telnet Lite for iOS
CVE-2020-36994 (QlikView 12.50.20000.0 contains a denial of service
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: QlikView
CVE-2026-24682
- freerdp3 3.22.0+dfsg-1
- freerdp2 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2472837aecd1e9bddc61322567aaca62ac25e018
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2472837aecd1e9bddc61322567aaca62ac25e018
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
