Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
176196f3 by Salvatore Bonaccorso at 2026-02-06T21:35:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-2103 (Infor SyteLine ERP uses hard-coded static cryptographic keys to
encryp ...)
- TODO: check
+ NOT-FOR-US: Infor SyteLine ERP
CVE-2026-2065 (A security flaw has been discovered in Flycatcher Toys smART
Pixelator ...)
- TODO: check
+ NOT-FOR-US: Flycatcher Toys smART Pixelator
CVE-2026-2064 (A vulnerability was identified in Portabilis i-Educar up to
2.10. Affe ...)
NOT-FOR-US: Portabilis
CVE-2026-2063 (A security flaw has been discovered in D-Link DIR-823X 250416.
This vu ...)
@@ -15,7 +15,7 @@ CVE-2026-2060 (A vulnerability was found in code-projects
Simple Blood Donor Man
CVE-2026-2059 (A vulnerability has been found in SourceCodester Medical Center
Portal ...)
NOT-FOR-US: SourceCodester
CVE-2026-2058 (A flaw has been found in mathurvishal
CloudClassroom-PHP-Project up to ...)
- TODO: check
+ NOT-FOR-US: mathurvishal CloudClassroom-PHP-Project
CVE-2026-2057 (A vulnerability was detected in SourceCodester Medical Center
Portal M ...)
NOT-FOR-US: SourceCodester
CVE-2026-2056 (A security vulnerability has been detected in D-Link DIR-605L
and DIR- ...)
@@ -41,41 +41,41 @@ CVE-2026-2012 (A vulnerability was determined in
itsourcecode Student Management
CVE-2026-2011 (A vulnerability was found in itsourcecode Student Management
System 1. ...)
NOT-FOR-US: itsourcecode System
CVE-2026-25753 (PlaciPy is a placement management system designed for
educational inst ...)
- TODO: check
+ NOT-FOR-US: PlaciPy
CVE-2026-25752 (FUXA is a web-based Process Visualization
(SCADA/HMI/Dashboard) softwa ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2026-25751 (FUXA is a web-based Process Visualization
(SCADA/HMI/Dashboard) softwa ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2026-25725 (Claude Code is an agentic coding tool. Prior to version 2.1.2,
Claude ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2026-25724 (Claude Code is an agentic coding tool. Prior to version 2.1.7,
Claude ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2026-25723 (Claude Code is an agentic coding tool. Prior to version
2.0.55, Claude ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2026-25722 (Claude Code is an agentic coding tool. Prior to version
2.0.57, Claude ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2026-25651 (client-certificate-auth is middleware for Node.js implementing
client ...)
- TODO: check
+ NOT-FOR-US: client-certificate-auth Node.js module
CVE-2026-25650 (MCP Salesforce Connector is a Model Context Protocol (MCP)
server impl ...)
- TODO: check
+ NOT-FOR-US: MCP Salesforce Connector
CVE-2026-25647 (Lute is a structured Markdown engine supporting Go and
JavaScript. Lut ...)
- TODO: check
+ NOT-FOR-US: Lute
CVE-2026-25643 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
- TODO: check
+ NOT-FOR-US: Frigate
CVE-2026-25642 (HedgeDoc is an open source, real-time, collaborative, markdown
notes a ...)
- TODO: check
+ NOT-FOR-US: HedgeDoc
CVE-2026-25641 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29,
there i ...)
- TODO: check
+ NOT-FOR-US: SandboxJS Node module
CVE-2026-25640 (Pydantic AI is a Python agent framework for building
applications and ...)
- TODO: check
+ NOT-FOR-US: Pydantic AI
CVE-2026-25587 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29,
as Map ...)
- TODO: check
+ NOT-FOR-US: SandboxJS Node module
CVE-2026-25586 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29,
a sandb ...)
- TODO: check
+ NOT-FOR-US: SandboxJS Node module
CVE-2026-25556 (MuPDF versions 1.23.0 through 1.27.0 contain a double-free
vulnerabili ...)
TODO: check
CVE-2026-25520 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29,
The ret ...)
- TODO: check
+ NOT-FOR-US: SandboxJS Node module
CVE-2026-24931 (Vulnerability of improper criterion security check in the card
module. ...)
NOT-FOR-US: Huawei
CVE-2026-24930 (UAF concurrency vulnerability in the graphics module. Impact:
Successf ...)
@@ -113,25 +113,25 @@ CVE-2026-24915 (Out-of-bounds read issue in the media
subsystem. Impact: Success
CVE-2026-24914 (Type confusion vulnerability in the camera module. Impact:
Successful ...)
NOT-FOR-US: Huawei
CVE-2026-24903 (OrcaStatLLM Researcher is an LLM Based Research Paper
Generator. A Sto ...)
- TODO: check
+ NOT-FOR-US: OrcaStatLLM Researcher
CVE-2026-24851 (OpenFGA is a high-performance and flexible
authorization/permission en ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2026-24776 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-24419 (OpenSTAManager is an open source management software for
technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2026-24418 (OpenSTAManager is an open source management software for
technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2026-24417 (OpenSTAManager is an open source management software for
technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2026-24416 (OpenSTAManager is an open source management software for
technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2026-24135 (Gogs is an open source self-hosted Git service. In version
0.13.3 and ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-24050 (Zulip is an open-source team collaboration tool. From 5.0 to
before 11 ...)
TODO: check
CVE-2026-23989 (REVA is an interoperability platform. Prior to 2.42.3 and
2.40.3, a bu ...)
- TODO: check
+ NOT-FOR-US: REVA
CVE-2026-23741 (Asterisk is an open source private branch exchange and
telephony toolk ...)
TODO: check
CVE-2026-23740 (Asterisk is an open source private branch exchange and
telephony toolk ...)
@@ -141,13 +141,13 @@ CVE-2026-23739 (Asterisk is an open source private branch
exchange and telephony
CVE-2026-23738 (Asterisk is an open source private branch exchange and
telephony toolk ...)
TODO: check
CVE-2026-23633 (Gogs is an open source self-hosted Git service. In version
0.13.3 and ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-23632 (Gogs is an open source self-hosted Git service. In version
0.13.3 and ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-22592 (Gogs is an open source self-hosted Git service. In version
0.13.3 and ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-22254 (Winter is a free, open-source content management system (CMS)
based on ...)
- TODO: check
+ NOT-FOR-US: Winter CMS
CVE-2026-21643 (An improper neutralization of special elements used in an sql
command ...)
NOT-FOR-US: Fortinet
CVE-2026-1785 (The Code Snippets plugin for WordPress is vulnerable to
Cross-Site Req ...)
@@ -173,9 +173,9 @@ CVE-2025-69214 (OpenSTAManager is an open source management
software for technic
CVE-2025-69212 (OpenSTAManager is an open source management software for
technical ass ...)
TODO: check
CVE-2025-64175 (Gogs is an open source self-hosted Git service. In version
0.13.3 and ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2025-64111 (Gogs is an open source self-hosted Git service. In version
0.13.3 and ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2025-15320 (Tanium addressed a denial of service vulnerability in Tanium
Client.)
NOT-FOR-US: Tanium
CVE-2025-13818 (Local privilege escalation vulnerability via insecure
temporary batch ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/176196f3a2ac1bf800c55c0a0e9dbd3ca0fe09c6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/176196f3a2ac1bf800c55c0a0e9dbd3ca0fe09c6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
