Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a4a9afb by Salvatore Bonaccorso at 2026-02-03T21:53:42+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -217,27 +217,27 @@ CVE-2025-70560 (Boltz 2.0.0 contains an insecure
deserialization vulnerability i
CVE-2025-70559 (pdfminer.six before 20251230 contains an insecure
deserialization vuln ...)
TODO: check
CVE-2025-70311 (JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can
inject malici ...)
- TODO: check
+ NOT-FOR-US: JEEWMS
CVE-2025-6397 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-69983 (FUXA v1.2.7 allows Remote Code Execution (RCE) via the project
import ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2025-69981 (FUXA v1.2.7 contains an Unrestricted File Upload vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2025-69971 (FUXA v1.2.7 contains a hard-coded credential vulnerability in
server/a ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2025-69970 (FUXA v1.2.7 contains an insecure default configuration
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2025-69875 (A vulnerability exists in Quick Heal Total Security 23.0.0 in
the quar ...)
- TODO: check
+ NOT-FOR-US: Quick Heal Total Security
CVE-2025-69848 (NetBox is an open-source infrastructure resource modeling and
IP addre ...)
TODO: check
CVE-2025-69431 (The ZSPACE Q2C NAS contains a vulnerability related to
incorrect symbo ...)
- TODO: check
+ NOT-FOR-US: ZSPACE Q2C NAS
CVE-2025-69430 (An Incorrect Symlink Follow vulnerability exists in multiple
Yottamast ...)
- TODO: check
+ NOT-FOR-US: Yottamaster NAS devices
CVE-2025-69429 (The ORICO NAS CD3510 (version V1.9.12 and below) contains an
Incorrect ...)
- TODO: check
+ NOT-FOR-US: ORICO NAS CD3510
CVE-2025-67857 (A flaw was found in moodle. During anonymous assignment
submissions, u ...)
TODO: check
CVE-2025-67856 (A flaw was found in Moodle. An authorization logic flaw,
specifically ...)
@@ -427,9 +427,9 @@ CVE-2026-25137 (The NixOs Odoo package is an open source
ERP and CRM system. Fro
CVE-2026-25134 (Group-Office is an enterprise customer relationship management
and gro ...)
NOT-FOR-US: Group-Office
CVE-2026-25060 (OpenList Frontend is a UI component for OpenList. Prior to
4.1.10, cer ...)
- TODO: check
+ NOT-FOR-US: OpenList
CVE-2026-25059 (OpenList Frontend is a UI component for OpenList. Prior to
4.1.10, the ...)
- TODO: check
+ NOT-FOR-US: OpenList
CVE-2026-24936 (When a specific function is enabled while joining a AD Domain
from ADM ...)
NOT-FOR-US: Asustor
CVE-2026-24935 (A third-party NAT traversal module fails to validate SSL/TLS
certifica ...)
@@ -441,17 +441,17 @@ CVE-2026-24933 (The API communication component fails to
validate the SSL/TLS ce
CVE-2026-24932 (The DDNS update function in ADM fails to properly validate the
hostnam ...)
NOT-FOR-US: Asustor
CVE-2026-24763 (OpenClaw (formerly Clawdbot) is a personal AI assistant you
run on yo ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-24737 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.1.0, use ...)
- jspdf <itp> (bug #998381)
CVE-2026-24694 (The installer for Roland Cloud Manager ver.3.1.19 and prior
insecurely ...)
- TODO: check
+ NOT-FOR-US: Roland Cloud Manager
CVE-2026-24471 (continuwuity is a Matrix homeserver written in Rust. This
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: continuwuity
CVE-2026-24465 (Stack-based buffer overflow vulnerability exists in ELECOM
wireless LA ...)
- TODO: check
+ NOT-FOR-US: ELECOM devices
CVE-2026-24449 (For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords
can be cal ...)
- TODO: check
+ NOT-FOR-US: ELECOM devices
CVE-2026-24133 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.1.0, use ...)
- jspdf <itp> (bug #998381)
CVE-2026-24051 (OpenTelemetry-Go is the Go implementation of OpenTelemetry.
The OpenTe ...)
@@ -463,21 +463,21 @@ CVE-2026-24040 (jsPDF is a library to generate PDFs in
JavaScript. Prior to 4.1.
CVE-2026-24007 (Tuleap is an Open Source Suite for management of software
development ...)
NOT-FOR-US: Tuleap
CVE-2026-23997 (FacturaScripts is open-source enterprise resource planning and
account ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2026-23515 (Signal K Server is a server application that runs on a central
hub in ...)
- TODO: check
+ NOT-FOR-US: Signal K Server
CVE-2026-23476 (FacturaScripts is open-source enterprise resource planning and
account ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2026-22780 (Rizin is a UNIX-like reverse engineering framework and
command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2026-22778 (vLLM is an inference and serving engine for large language
models (LLM ...)
TODO: check
CVE-2026-22550 (OS command injection vulnerability exists in WRC-X1500GS-B and
WRC-X15 ...)
- TODO: check
+ NOT-FOR-US: ELECOM devices
CVE-2026-20704 (Cross-site request forgery vulnerability exists in
WRC-X1500GS-B and W ...)
- TODO: check
+ NOT-FOR-US: ELECOM devices
CVE-2026-1788 (: Out-of-bounds Write vulnerability in Xquic Project Xquic
Server xqui ...)
- TODO: check
+ NOT-FOR-US: Xquic
CVE-2026-1778 (Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables
TLS cer ...)
NOT-FOR-US: Amazon
CVE-2026-1777 (The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0
includes th ...)
@@ -503,7 +503,7 @@ CVE-2026-1058 (The Form Maker plugin for WordPress is
vulnerable to Stored Cross
CVE-2026-0950 (The Spectra Gutenberg Blocks \u2013 Website Builder for the
Block Edit ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0924 (BuhoCleanercontains an insecure XPC service that allows local,
unprivi ...)
- TODO: check
+ NOT-FOR-US: BuhoCleaner
CVE-2026-0909 (The WP ULike plugin for WordPress is vulnerable to Insecure
Direct Obj ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0617 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
@@ -513,15 +513,15 @@ CVE-2026-0383 (A vulnerability in Brocade Fabric OS could
allow an authenticated
CVE-2025-9711 (A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow
elevat ...)
NOT-FOR-US: Brocade
CVE-2025-8590 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: SKSPro
CVE-2025-8589 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: SKSPro
CVE-2025-70960 (A stored cross-site scripting (XSS) vulnerability in the
Forums module ...)
- TODO: check
+ NOT-FOR-US: Tendenci CMS
CVE-2025-70959 (A stored cross-site scripting (XSS) vulnerability in the Jobs
module o ...)
- TODO: check
+ NOT-FOR-US: Tendenci CMS
CVE-2025-70958 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in the i ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2025-69207 (Khoj is a self-hostable artificial intelligence app. Prior to
2.0.0-be ...)
TODO: check
CVE-2025-66480 (Wildfire IM is an instant messaging and real-time audio/video
solution ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4a9afb7c7a4b31c88fabac890f6659d8ef270f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4a9afb7c7a4b31c88fabac890f6659d8ef270f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
