Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
83f20c16 by Salvatore Bonaccorso at 2026-02-04T22:40:49+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,13 +47,13 @@ CVE-2026-24844 (melange allows users to build apk packages
using declarative pip
CVE-2026-24843 (melange allows users to build apk packages using declarative
pipelines ...)
NOT-FOR-US: melange
CVE-2026-24735 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23897 (Apollo Server is an open-source, spec-compliant GraphQL server
that's ...)
- TODO: check
+ NOT-FOR-US: Apollo Server
CVE-2026-23624 (GLPI is a free asset and IT management software package. In
versions s ...)
TODO: check
CVE-2026-22549 (A vulnerability exists in F5 BIG-IP Container Ingress Services
that ma ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-22548 (When a BIG-IP Advanced WAF or ASM security policy is
configured on a v ...)
NOT-FOR-US: F5
CVE-2026-22247 (GLPI is a free asset and IT management software package. From
version ...)
@@ -61,7 +61,7 @@ CVE-2026-22247 (GLPI is a free asset and IT management
software package. From ve
CVE-2026-22044 (GLPI is a free asset and IT management software package. From
version ...)
TODO: check
CVE-2026-21893 (n8n is an open source workflow automation platform. From
version 0.187 ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-20732 (A vulnerability exists in an undisclosed BIG-IP Configuration
utility ...)
NOT-FOR-US: F5
CVE-2026-20730 (A vulnerability exists in BIG-IP Edge Client and browser VPN
clients o ...)
@@ -83,7 +83,7 @@ CVE-2026-1622 (Neo4j Enterprise and Community editions
versions prior to 2026.01
CVE-2026-1370 (The SIBS woocommerce payment gateway plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0873 (On a Cryptobox platform where administrator segregation based
on entit ...)
- TODO: check
+ NOT-FOR-US: Cryptobox
CVE-2026-0816 (The All push notification for WP plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0743 (The WP Content Permission plugin for WordPress is vulnerable to
Stored ...)
@@ -111,27 +111,27 @@ CVE-2026-0537 (A maliciously crafted RGB file, when
parsed through Autodesk 3ds
CVE-2026-0536 (A maliciously crafted GIF file, when parsed through Autodesk
3ds Max, ...)
NOT-FOR-US: Autodesk
CVE-2025-70997 (A vulnerability has been discovered in eladmin v2.7 and
before. This v ...)
- TODO: check
+ NOT-FOR-US: eladmin
CVE-2025-70545 (A stored cross-site scripting (XSS) vulnerability exists in
the web ma ...)
- TODO: check
+ NOT-FOR-US: PPC (Belden) ONT 2K05X router
CVE-2025-69618 (An arbitrary file overwrite vulnerability in the file import
process o ...)
- TODO: check
+ NOT-FOR-US: Tarot, Astro & Healing
CVE-2025-69215 (OpenSTAManager is an open source management software for
technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2025-69213 (OpenSTAManager is an open source management software for
technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2025-68699 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging
Platform. ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2025-64712 (The unstructured library provides open-source components for
ingesting ...)
- TODO: check
+ NOT-FOR-US: unstructured
CVE-2025-61917 (n8n is an open source workflow automation platform. From
version 1.65. ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2025-5329 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Delta Course Automation
CVE-2025-59818 (This vulnerability allows authenticated attackers to execute
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-41085 (Stored Cross-Site Scripting (XSS) vulnerability type in Apidog
in the ...)
- TODO: check
+ NOT-FOR-US: Apidog
CVE-2025-15508 (The Magic Import Document Extractor plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-15507 (The Magic Import Document Extractor plugin for WordPress is
vulnerable ...)
@@ -605,33 +605,33 @@ CVE-2020-37080 (webTareas 2.0.p8 contains a file deletion
vulnerability in the p
CVE-2020-37078 (i-doit Open Source CMDB 1.14.1 contains a file deletion
vulnerability ...)
NOT-FOR-US: i-doit Open Source CMDB
CVE-2020-37077 (Booked Scheduler 2.7.7 contains a directory traversal
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Booked Scheduler
CVE-2020-37076 (Victor CMS version 1.0 contains a SQL injection vulnerability
in the ' ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2020-37075 (LanSend 3.2 contains a buffer overflow vulnerability in the
Add Comput ...)
- TODO: check
+ NOT-FOR-US: LanSend
CVE-2020-37074 (Remote Desktop Audit 2.3.0.157 contains a buffer overflow
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Remote Desktop Audit
CVE-2020-37073 (Victor CMS 1.0 contains an authenticated file upload
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2020-37072 (Victor CMS 1.0 contains a stored cross-site scripting
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2020-37071 (CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization
vulnerability ...)
- TODO: check
+ NOT-FOR-US: CraftCMS 3 vCard Plugin
CVE-2020-37070 (CloudMe 1.11.2 contains a buffer overflow vulnerability that
allows re ...)
- TODO: check
+ NOT-FOR-US: CloudMe
CVE-2020-37069 (Konica Minolta FTP Utility 1.0 contains a buffer overflow
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta FTP Utility
CVE-2020-37068 (Konica Minolta FTP Utility 1.0 contains a buffer overflow
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta FTP Utility
CVE-2020-37067 (Filetto 1.0 FTP server contains a denial of service
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Filetto 1.0 FTP server
CVE-2020-37066 (GoldWave 5.70 contains a buffer overflow vulnerability that
allows att ...)
- TODO: check
+ NOT-FOR-US: GoldWave
CVE-2020-37065 (StreamRipper32 version 2.6 contains a buffer overflow
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: StreamRipper32
CVE-2019-25260 (OXID eShop versions 6.x prior to 6.3.4 contains a SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: OXID eShop
CVE-2026-25541
- rust-bytes 1.11.1-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0007.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83f20c16b87de2f52151d911ceeb3ab14ab24c6e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83f20c16b87de2f52151d911ceeb3ab14ab24c6e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
