Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
16177a3f by Salvatore Bonaccorso at 2026-02-12T22:06:28+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-2276 (Reflected Cross-Site Scripting (XSS) vulnerability in the Wix
web appl ...)
- TODO: check
+ NOT-FOR-US: Wix web application
CVE-2026-26219 (newbee-mall stores and verifies user passwords using an
unsalted MD5 h ...)
NOT-FOR-US: newbee-mall
CVE-2026-26218 (newbee-mall includes pre-seeded administrator accounts in its
database ...)
@@ -29,17 +29,17 @@ CVE-2026-24895 (FrankenPHP is a modern application server
for PHP. Prior to 1.11
CVE-2026-24894 (FrankenPHP is a modern application server for PHP. Prior to
1.11.2, wh ...)
NOT-FOR-US: FrankenPHP
CVE-2026-24044 (Element Server Suite Community Edition (ESS Community) deploys
a Matri ...)
- TODO: check
+ NOT-FOR-US: Element Server Suite Community Edition (ESS Community)
CVE-2026-22821 (mreporting is the more reporting GLPI plugin. Prior to 1.9.4,
there is ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2026-21722 (Public dashboards with annotations enabled did not limit their
annotat ...)
TODO: check
CVE-2026-21438 (webtransport-go is an implementation of the WebTransport
protocol. Pri ...)
- TODO: check
+ NOT-FOR-US: webtransport-go
CVE-2026-21435 (webtransport-go is an implementation of the WebTransport
protocol. Pri ...)
- TODO: check
+ NOT-FOR-US: webtransport-go
CVE-2026-21434 (webtransport-go is an implementation of the WebTransport
protocol. Fro ...)
- TODO: check
+ NOT-FOR-US: webtransport-go
CVE-2026-1671 (The Activity Log for WordPress plugin for WordPress is
vulnerable to u ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1356 (The Converter for Media \u2013 Optimize images | Convert WebP &
AVIF p ...)
@@ -51,17 +51,17 @@ CVE-2026-1316 (The Customer Reviews for WooCommerce plugin
for WordPress is vuln
CVE-2026-1104 (The FastDup \u2013 Fastest WordPress Migration & Duplicator
plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2025-70981 (CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee
list qu ...)
- TODO: check
+ NOT-FOR-US: CordysCRM
CVE-2025-70886 (An issue in halo v.2.22.4 and before allows a remote attacker
to cause ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2025-70314 (webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted
request. ...)
- TODO: check
+ NOT-FOR-US: webfsd
CVE-2025-69807 (p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer
Overflow, whic ...)
- TODO: check
+ NOT-FOR-US: p2r3 Bareiron
CVE-2025-69806 (p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds
Read, which ...)
- TODO: check
+ NOT-FOR-US: p2r3 Bareiron
CVE-2025-69752 (An issue in the "My Details" user profile functionality of
Ideagen Q-P ...)
- TODO: check
+ NOT-FOR-US: Ideagen Q-Pulse
CVE-2025-69634 (Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM
v.22.0. ...)
TODO: check
CVE-2025-67433 (A heap buffer overflow in the processRequest function of Open
TFTP Ser ...)
@@ -671,7 +671,7 @@ CVE-2025-69872 (DiskCache (python-diskcache) through 5.6.3
uses Python pickle fo
NOTE:
https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md
TODO: check, check upstream (report) status
CVE-2025-69871 (A race condition vulnerability exists in MedusaJS Medusa
v2.12.2 and e ...)
- TODO: check
+ NOT-FOR-US: Medusa
CVE-2025-68406 (A path traversal vulnerability has been reported to affect
Qsync Centr ...)
NOT-FOR-US: QNAP
CVE-2025-66278 (A path traversal vulnerability has been reported to affect
File Statio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16177a3fe64e262425a5477289500775beace83d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16177a3fe64e262425a5477289500775beace83d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
