Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d266eecb by Salvatore Bonaccorso at 2026-02-11T22:46:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -44,11 +44,11 @@ CVE-2026-2313 (Use after free in CSS in Google Chrome prior
to 145.0.7632.45 all
CVE-2026-2295 (The WPZOOM Addons for Elementor \u2013 Starter Templates &
Widgets plu ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2250 (The /dbviewer/ web endpoint in METIS WIC devices is exposed
without au ...)
- TODO: check
+ NOT-FOR-US: METIS
CVE-2026-2249 (METIS DFS devices (versions <= oscore 2.1.234-r18) expose a
web-based ...)
- TODO: check
+ NOT-FOR-US: METIS
CVE-2026-2248 (METIS WIC devices (versions <= oscore 2.1.234-r18) expose a
web-based ...)
- TODO: check
+ NOT-FOR-US: METIS
CVE-2026-25869 (MiniGal Nano versions 0.3.5 and prior contain a path traversal
vulnera ...)
NOT-FOR-US: MiniGal Nano
CVE-2026-25868 (MiniGal Nano version 0.3.5 and prior contain a reflected
cross-site sc ...)
@@ -100,23 +100,23 @@ CVE-2026-0229 (A denial-of-service (DoS) vulnerability in
the Advanced DNS Secur
CVE-2026-0228 (An improper certificate validation vulnerability in PAN-OS
allows user ...)
NOT-FOR-US: Palo Alto Networks
CVE-2025-9986 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: DIGIKENT
CVE-2025-8668 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Turboard
CVE-2025-8025 (Missing Authentication for Critical Function, Improper Access
Control ...)
- TODO: check
+ NOT-FOR-US: Dinosoft ERP
CVE-2025-70297 (A stored cross-site scripting (XSS) vulnerability in the
recipe asset ...)
TODO: check
CVE-2025-70296 (A stored HTML injection vulnerability in the Recipe Notes
rendering co ...)
TODO: check
CVE-2025-70085 (An issue was discovered in OpenSatKit 2.2.1. The EventErrStr
buffer ha ...)
- TODO: check
+ NOT-FOR-US: OpenSatKit
CVE-2025-70084 (Directory traversal vulnerability in OpenSatKit 2.2.1 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: OpenSatKit
CVE-2025-70083 (An issue was discovered in OpenSatKit 2.2.1. The DirName field
in the ...)
- TODO: check
+ NOT-FOR-US: OpenSatKit
CVE-2025-70029 (An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows
attackers to ob ...)
- TODO: check
+ NOT-FOR-US: Sunbird-Ed SunbirdEd-portal
CVE-2025-69874 (nanotar through 0.2.0 has a path traversal vulnerability in
parseTar() ...)
TODO: check
CVE-2025-69873 (ajv (Another JSON Schema Validator) through version 8.17.1 is
vulnerab ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d266eecbe25fa567acf0965d7cdbc90a06549ae1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d266eecbe25fa567acf0965d7cdbc90a06549ae1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
