Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9efd528 by Salvatore Bonaccorso at 2026-02-13T08:07:43+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -92,37 +92,37 @@ CVE-2025-52533 (Improper Access Control in an on-chip debug
interface could allo
CVE-2025-41117 (Stack traces in Grafana's Explore Traces view can be rendered
as raw H ...)
- grafana <removed>
CVE-2025-15575 (The firmware update functionality does not verify the
authenticity of ...)
- TODO: check
+ NOT-FOR-US: Solax
CVE-2025-15574 (When connecting to the Solax Cloud MQTT server the username is
the "re ...)
- TODO: check
+ NOT-FOR-US: Solax
CVE-2025-15573 (The affected devices do not validate the server certificate
when conne ...)
- TODO: check
+ NOT-FOR-US: Solax
CVE-2025-14014 (Unrestricted Upload of File with Dangerous Type vulnerability
in NTN I ...)
- TODO: check
+ NOT-FOR-US: Smart Panel
CVE-2025-13004 (Authorization Bypass Through User-Controlled Key vulnerability
in Fark ...)
- TODO: check
+ NOT-FOR-US: Farktor Software E-Commerce
CVE-2025-13002 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Farktor Software E-Commerce
CVE-2025-10969 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Farktor Software E-Commerce
CVE-2024-36319 (Debug code left active in AMD's Video Decoder Engine Firmware
(VCN FW) ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31323 (Type confusion in the AMD Secure Processor (ASP) could allow
an attack ...)
TODO: check
CVE-2023-31313 (An unintended proxy or intermediary in the AMD power
management firmwa ...)
TODO: check
CVE-2019-25348 (Computrols CBAS-Web 19.0.0 contains a boolean-based blind SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS-Web
CVE-2019-25347 (thesystem App 1.0 contains a SQL injection vulnerability that
allows a ...)
- TODO: check
+ NOT-FOR-US: thesystem App
CVE-2019-25346 (TheSystem 1.0 contains a SQL injection vulnerability that
allows attac ...)
- TODO: check
+ NOT-FOR-US: TheSystem
CVE-2019-25345 (Realtek IIS Codec Service 6.4.10041.133 contains an unquoted
service p ...)
- TODO: check
+ NOT-FOR-US: Realtek IIS Codec Service
CVE-2019-25344 (Wondershare MobileGo 8.5.0 contains an insecure file
permissions vulne ...)
- TODO: check
+ NOT-FOR-US: Wondershare MobileGo
CVE-2019-25343 (NextVPN 4.10 contains an insecure file permissions
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: NextVPN
CVE-2026-2007 (Heap buffer overflow in PostgreSQL pg_trgm allows a database
user to a ...)
- postgresql-18 18.2-1
- postgresql-17 <not-affected> (Vulnerable code not present)
@@ -430,111 +430,111 @@ CVE-2025-43417 (A path handling issue was addressed
with improved logic. This is
CVE-2025-43403 (An authorization issue was addressed with improved state
management. T ...)
NOT-FOR-US: Apple
CVE-2025-15577 (An unauthenticated attacker can exploit this vulnerability by
manipula ...)
- TODO: check
+ NOT-FOR-US: Valmet DNA Web Tools
CVE-2025-14892 (The Prime Listing Manager WordPress plugin through 1.1 allows
an attac ...)
NOT-FOR-US: WordPress plugin
CVE-2024-50620 (Unrestricted Upload of File with Dangerous Type
vulnerabilities exist ...)
- TODO: check
+ NOT-FOR-US: CIPPlanner CIPAce
CVE-2024-50619 (Vulnerabilities in the My Account and User Management
components in CI ...)
- TODO: check
+ NOT-FOR-US: CIPPlanner CIPAce
CVE-2024-50617 (Vulnerabilities in the File Download and Get File handler
components i ...)
- TODO: check
+ NOT-FOR-US: CIPPlanner CIPAce
CVE-2020-37215 (MSN Password Recovery version 1.30 contains a denial of
service vulner ...)
- TODO: check
+ NOT-FOR-US: MSN Password Recovery
CVE-2020-37214 (Voyager 1.3.0 contains a directory traversal vulnerability
that allows ...)
- TODO: check
+ NOT-FOR-US: Voyager
CVE-2020-37213 (TextCrawler Pro 3.1.1 contains a denial of service
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: TextCrawler Pro
CVE-2020-37212 (SpotMSN 2.4.6 contains a denial of service vulnerability in
the regist ...)
- TODO: check
+ NOT-FOR-US: SpotMSN
CVE-2020-37211 (SpotIM 2.2 contains a denial of service vulnerability that
allows atta ...)
- TODO: check
+ NOT-FOR-US: SpotIM
CVE-2020-37210 (SpotIE 2.9.5 contains a denial of service vulnerability in the
registr ...)
- TODO: check
+ NOT-FOR-US: SpotIE
CVE-2020-37209 (SpotFTP 3.0.0.0 contains a denial of service vulnerability in
the regi ...)
- TODO: check
+ NOT-FOR-US: SpotFTP
CVE-2020-37208 (SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in
the regist ...)
- TODO: check
+ NOT-FOR-US: SpotFTP
CVE-2020-37207 (SpotDialup 1.6.7 contains a denial of service vulnerability in
the reg ...)
- TODO: check
+ NOT-FOR-US: SpotDialup
CVE-2020-37206 (ShareAlarmPro contains a denial of service vulnerability that
allows a ...)
- TODO: check
+ NOT-FOR-US: ShareAlarmPro
CVE-2020-37205 (RemShutdown 2.9.0.0 contains a denial of service vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: RemShutdown
CVE-2020-37204 (RemShutdown 2.9.0.0 contains a denial of service vulnerability
in its ...)
- TODO: check
+ NOT-FOR-US: RemShutdown
CVE-2020-37203 (Office Product Key Finder 1.5.4 contains a denial of service
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Office Product Key Finder
CVE-2020-37202 (NetworkSleuth 3.0.0.0 contains a denial of service
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: NetworkSleuth
CVE-2020-37201 (NetShareWatcher 1.5.8.0 contains a buffer overflow
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: NetShareWatcher
CVE-2020-37200 (NetShareWatcher 1.5.8.0 contains a buffer overflow
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: NetShareWatcher
CVE-2020-37199 (NBMonitor 1.6.6.0 contains a denial of service vulnerability
in its re ...)
- TODO: check
+ NOT-FOR-US: NBMonitor
CVE-2020-37198 (Duplicate Cleaner Pro 4.1.3 contains a denial of service
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Duplicate Cleaner Pro
CVE-2020-37197 (Dnss Domain Name Search Software contains a denial of service
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Dnss Domain Name Search Software
CVE-2020-37196 (Dnss Domain Name Search Software contains a denial of service
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Dnss Domain Name Search Software
CVE-2020-37195 (BlueAuditor 1.7.2.0 contains a denial of service vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: BlueAuditor
CVE-2020-37194 (Backup Key Recovery 2.2.5 contains a denial of service
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Backup Key Recovery
CVE-2020-37193 (ZIP Password Recovery 2.30 contains a denial of service
vulnerability ...)
- TODO: check
+ NOT-FOR-US: ZIP Password Recovery
CVE-2020-37192 (MSN Password Recovery 1.30 contains an XML external entity
injection v ...)
- TODO: check
+ NOT-FOR-US: MSN Password Recovery
CVE-2020-37191 (Top Password Software Dialup Password Recovery 1.30 contains a
denial ...)
- TODO: check
+ NOT-FOR-US: Top Password Software Dialup Password Recovery
CVE-2020-37190 (Top Password Firefox Password Recovery 2.8 contains a denial
of servic ...)
- TODO: check
+ NOT-FOR-US: Top Password Firefox Password Recovery
CVE-2020-37189 (TaskCanvas 1.4.0 contains a denial of service vulnerability in
the reg ...)
- TODO: check
+ NOT-FOR-US: TaskCanvas
CVE-2020-37188 (SpotOutlook 1.2.6 contains a denial of service vulnerability
in the re ...)
- TODO: check
+ NOT-FOR-US: SpotOutlook
CVE-2020-37187 (SpotDialup 1.6.7 contains a denial of service vulnerability in
the reg ...)
- TODO: check
+ NOT-FOR-US: SpotDialup
CVE-2020-37186 (Chevereto 3.13.4 Core contains a remote code execution
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Chevereto
CVE-2020-37185 (Backup Key Recovery 2.2.5 contains a denial of service
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Backup Key Recovery
CVE-2020-37184 (Allok Video Converter 4.6.1217 contains a stack overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Allok Video Converter
CVE-2020-37183 (Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a
stack over ...)
- TODO: check
+ NOT-FOR-US: Allok RM RMVB to AVI MPEG DVD Converter
CVE-2020-37182 (Redir 3.3 contains a stack overflow vulnerability in the
doproxyconnec ...)
TODO: check
CVE-2020-37181 (Torrent FLV Converter 1.51 Build 117 contains a stack overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Torrent FLV Converter
CVE-2020-37180 (GTalk Password Finder 2.2.1 contains a denial of service
vulnerability ...)
- TODO: check
+ NOT-FOR-US: GTalk Password Finder
CVE-2020-37179 (APKF Product Key Finder 2.5.8.0 contains a denial of service
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: APKF Product Key Finder
CVE-2020-37178 (KeePass Password Safe versions before 2.44 contain a denial of
service ...)
TODO: check
CVE-2020-37177 (BOOTP Turbo 2.0 contains a denial of service vulnerability
that allows ...)
- TODO: check
+ NOT-FOR-US: BOOTP Turbo
CVE-2020-37176 (Torrent 3GP Converter 1.51 contains a stack overflow
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Torrent 3GP Converter
CVE-2020-37175 (P2PWIFICAM2 for iOS 10.4.1 contains a denial of service
vulnerability ...)
- TODO: check
+ NOT-FOR-US: P2PWIFICAM2 for iOS
CVE-2020-37173 (AVideo Platform 8.1 contains an information disclosure
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: AVideo Platform
CVE-2020-37172 (AVideo Platform 8.1 contains a cross-site request forgery
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: AVideo Platform
CVE-2020-37158 (AVideo Platform 8.1 contains a cross-site request forgery
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: AVideo Platform
CVE-2020-37156 (BloodX 1.0 contains an authentication bypass vulnerability in
login.ph ...)
- TODO: check
+ NOT-FOR-US: BloodX
CVE-2020-37153 (ASTPP 4.0.1 contains multiple vulnerabilities including
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: ASTPP
CVE-2020-37104 (ASTPP 4.0.1 contains an information disclosure vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: ASTPP
CVE-2019-25313 (FlexNet Publisher 11.12.1 contains a cross-site request
forgery vulner ...)
- TODO: check
+ NOT-FOR-US: FlexNet Publisher
CVE-2026-25990 (Pillow is a Python imaging library. From 10.3.0 to before
12.1.1, n ou ...)
- pillow <unfixed>
NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
@@ -797,13 +797,13 @@ CVE-2025-15440 (The iONE360 configurator plugin for
WordPress is vulnerable to
CVE-2025-15096 (The 'Videospirecore Theme Plugin' plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13651 (Exposure of Sensitive System Information to an Unauthorized
Actor vuln ...)
- TODO: check
+ NOT-FOR-US: ZeusWeb
CVE-2025-13650 (An attacker with access to the web application ZeusWeb of the
provider ...)
- TODO: check
+ NOT-FOR-US: ZeusWeb
CVE-2025-13649 (An attacker with access to the web applicationZeusWeb of the
provider ...)
- TODO: check
+ NOT-FOR-US: ZeusWeb
CVE-2025-13648 (An attacker with access to the web application ZeusWeb of the
provider ...)
- TODO: check
+ NOT-FOR-US: ZeusWeb
CVE-2025-13391 (The Product Options and Price Calculation Formulas for
WooCommerce \u2 ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12474 (A specially-crafted file can cause libjxl's decoder to read
pixel data ...)
@@ -811,57 +811,57 @@ CVE-2025-12474 (A specially-crafted file can cause
libjxl's decoder to read pixe
NOTE: https://github.com/libjxl/libjxl/pull/4495
NOTE: Fixed by:
https://github.com/libjxl/libjxl/commit/4523cf652f568f1fbb57bf9a10ae3caae785cd9f
CVE-2025-12059 (Insertion of Sensitive Information into Externally-Accessible
File or ...)
- TODO: check
+ NOT-FOR-US: Logo j-Platform
CVE-2025-10913 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: TemizlikYolda
CVE-2025-10174 (Cleartext Transmission of Sensitive Information vulnerability
in Pan S ...)
- TODO: check
+ NOT-FOR-US: PanCafe Pro
CVE-2024-56808 (A command injection vulnerability has been reported to affect
Media St ...)
NOT-FOR-US: QNAP
CVE-2024-56807 (An out-of-bounds read vulnerability has been reported to
affect Media ...)
NOT-FOR-US: QNAP
CVE-2024-50618 (A Use of Single-factor Authentication vulnerability in the
Authenticat ...)
- TODO: check
+ NOT-FOR-US: CIPPlanner CIPAce
CVE-2024-36324 (Improper input validation in AMD Graphics Driver could allow
an attack ...)
TODO: check
CVE-2024-36320 (Integer Overflow within atihdwt6.sys can allow a local
attacker to cau ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36316 (The integer overflow vulnerability within AMD Graphics driver
could al ...)
TODO: check
CVE-2024-26480 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain
sensitiv ...)
- TODO: check
+ NOT-FOR-US: Statping-ng
CVE-2024-26479 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain
sensitiv ...)
- TODO: check
+ NOT-FOR-US: Statping-ng
CVE-2024-26478 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain
sensitiv ...)
- TODO: check
+ NOT-FOR-US: Statping-ng
CVE-2024-26477 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain
sensitiv ...)
- TODO: check
+ NOT-FOR-US: Statping-ng
CVE-2023-31324 (A Time-of-check time-of-use (TOCTOU) race condition in the AMD
Secure ...)
TODO: check
CVE-2019-25317 (Kimai 2 contains a persistent cross-site scripting
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Kimai
CVE-2019-25316 (GOautodial 4.0 contains a persistent cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: GOautodial
CVE-2019-25315 (WordPress Server Log Viewer 1.0 contains a persistent
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: WordPress Server Log Viewer
CVE-2019-25314 (Duplicate-Post WordPress Plugin 3.2.3 contains a persistent
cross-site ...)
- TODO: check
+ NOT-FOR-US: Duplicate-Post WordPress Plugin
CVE-2019-25312 (InoERP 0.7.2 contains a persistent cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: InoERP
CVE-2019-25311 (thesystem version 1.0 contains a persistent cross-site
scripting vulne ...)
- TODO: check
+ NOT-FOR-US: TheSystem
CVE-2019-25310 (ActiveFax Server 6.92 Build 0316 contains an unquoted service
path vul ...)
- TODO: check
+ NOT-FOR-US: ActiveFax Server
CVE-2019-25309 (Zilab Remote Console Server 3.2.9 contains an unquoted service
path vu ...)
- TODO: check
+ NOT-FOR-US: Zilab Remote Console Server
CVE-2019-25308 (Mikogo 5.2.2.150317 contains an unquoted service path
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Mikogo
CVE-2019-25307 (WorkgroupMail 7.5.1 contains an unquoted service path
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WorkgroupMail
CVE-2019-25306 (BlackMoon FTP Server 3.1.2.1731 contains an unquoted service
path vuln ...)
- TODO: check
+ NOT-FOR-US: BlackMoon FTP Server
CVE-2018-25157 (Phraseanet 4.0.3 contains a stored cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Phraseanet
CVE-2026-0968 [Denial of Service due to malformed SFTP message]
- libssh <unfixed> (bug #1127693)
NOTE: https://www.libssh.org/security/advisories/CVE-2026-0968.txt
@@ -1378,11 +1378,11 @@ CVE-2025-30508 (Improper authorization in the Intel(R)
Quick Assist Technology f
CVE-2025-29952 (Improper Initialization within the AMD Secure Encrypted
Virtualization ...)
TODO: check
CVE-2025-29951 (A buffer overflow in the AMD Secure Processor (ASP) bootloader
could a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29950 (Improper input validation in system management mode (SMM)
could allow ...)
TODO: check
CVE-2025-29949 (Insufficient input parameter sanitization in AMD Secure
Processor (ASP ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29948 (Improper access control in AMD Secure Encrypted Virtualization
(SEV) f ...)
TODO: check
CVE-2025-29946 (Insufficient or Incomplete Data Removal in Hardware Component
in SEV f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9efd528de0d22ddd578bcbf35ceaa6c522f371c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9efd528de0d22ddd578bcbf35ceaa6c522f371c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
