[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 19 Feb 2026 00:48:20 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b22741f8 by Salvatore Bonaccorso at 2026-02-19T09:47:21+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2026-2731 (Path traversal and content injection in 
JobRunnerBackground.aspx
 CVE-2026-2711 (A vulnerability has been found in zhutoutoutousan 
worldquant-miner up  ...)
        NOT-FOR-US: zhutoutoutousan worldquant-miner
 CVE-2026-2709 (A flaw has been found in busy up to 2.5.5. The affected element 
is an  ...)
-       TODO: check
+       NOT-FOR-US: Busy
 CVE-2026-2706 (A flaw has been found in code-projects Patient Record 
Management Syste ...)
        NOT-FOR-US: code-projects
 CVE-2026-2705 (A vulnerability was detected in Open Babel up to 3.1.1. The 
impacted e ...)
@@ -15,7 +15,7 @@ CVE-2026-2704 (A security vulnerability has been detected in 
Open Babel up to 3.
        - openbabel <unfixed>
        NOTE: https://github.com/openbabel/openbabel/issues/2848
 CVE-2026-2703 (A weakness has been identified in xlnt-community xlnt up to 
1.6.1. Imp ...)
-       TODO: check
+       NOT-FOR-US: xlnt-community xlnt
 CVE-2026-2702 (A security flaw has been discovered in Beetel 777VR1 up to 
01.00.09. T ...)
        NOT-FOR-US: Beetel
 CVE-2026-2693 (A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 
1.3.0.  ...)
@@ -95,23 +95,23 @@ CVE-2026-25548 (InvoicePlane is a self-hosted open source 
application for managi
 CVE-2026-25474 (OpenClaw is a personal AI assistant. In versions 2026.1.30 and 
below,  ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-25242 (Gogs is an open source self-hosted Git service. Versions 
0.13.4 and be ...)
-       TODO: check
+       NOT-FOR-US: Go Git Service
 CVE-2026-25232 (Gogs is an open source self-hosted Git service. Versions 
0.13.4 and be ...)
-       TODO: check
+       NOT-FOR-US: Go Git Service
 CVE-2026-25229 (Gogs is an open source self-hosted Git service. Versions 
0.13.4 and be ...)
-       TODO: check
+       NOT-FOR-US: Go Git Service
 CVE-2026-25120 (Gogs is an open source self-hosted Git service. In versions 
0.13.4 and ...)
-       TODO: check
+       NOT-FOR-US: Go Git Service
 CVE-2026-24764 (OpenClaw (formerly Clawdbot) is a personal AI assistant users 
run on t ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-24746 (InvoicePlane is a self-hosted open source application for 
managing inv ...)
-       TODO: check
+       NOT-FOR-US: InvoicePlane
 CVE-2026-24745 (InvoicePlane is a self-hosted open source application for 
managing inv ...)
-       TODO: check
+       NOT-FOR-US: InvoicePlane
 CVE-2026-24744 (InvoicePlane is a self-hosted open source application for 
managing inv ...)
-       TODO: check
+       NOT-FOR-US: InvoicePlane
 CVE-2026-24743 (InvoicePlane is a self-hosted open source application for 
managing inv ...)
-       TODO: check
+       NOT-FOR-US: InvoicePlane
 CVE-2026-24126 (Weblate is a web based localization tool. Prior to 5.16.0, the 
SSH man ...)
        TODO: check
 CVE-2026-1999 (An incorrect authorization vulnerability was identified in 
GitHub Ente ...)
@@ -153,13 +153,13 @@ CVE-2026-0556 (The XO Event Calendar plugin for WordPress 
is vulnerable to Store
 CVE-2026-0549 (The Groups plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4960 (The com.epson.InstallNavi.helper tool, deployed with the EPSON 
printer ...)
-       TODO: check
+       NOT-FOR-US: EPSON
 CVE-2025-4521 (The IDonate \u2013 Blood Donation, Request And Donor Management 
System ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-15586 (OGP-Website installs prior git commit 
52f865a4fba763594453068acf8fa9e3 ...)
-       TODO: check
+       NOT-FOR-US: OGP-Website
 CVE-2025-15585 (Fileflows versions before 25.05.2 are affected by an 
authenticated SQL ...)
-       TODO: check
+       NOT-FOR-US: Fileflows
 CVE-2025-15581 (Orthanc versions before 1.12.10 are affected by an 
authorisation logic ...)
        TODO: check
 CVE-2025-15041 (The BackWPup \u2013 WordPress Backup & Restore Plugin plugin 
for WordP ...)
@@ -233,9 +233,9 @@ CVE-2025-12845 (The Tablesome Table \u2013 Contact Form DB 
\u2013 WPForms, CF7,
 CVE-2025-12821 (The NewsBlogger theme for WordPress is vulnerable to 
Cross-Site Reques ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12812 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Delinea
 CVE-2025-12811 (Improper Inconsistent Interpretation of HTTP Requests ('HTTP 
Request S ...)
-       TODO: check
+       NOT-FOR-US: Delinea
 CVE-2025-12707 (The Library Management System plugin for WordPress is 
vulnerable to SQ ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-12500 (The Checkout Field Manager (Checkout Manager) for WooCommerce 
plugin f ...)
@@ -263,53 +263,53 @@ CVE-2025-11725 (The Aruba HiSpeed Cache plugin for 
WordPress is vulnerable to un
 CVE-2025-11706 (The Aruba HiSpeed Cache plugin for WordPress is vulnerable to 
Reflecte ...)
        NOT-FOR-US: WordPress plugin
 CVE-2019-25401 (Bematech (formerly Logic Controls, now Elgin) MP-4200 TH 
printer conta ...)
-       TODO: check
+       NOT-FOR-US: Bematech
 CVE-2019-25400 (IPFire 2.21 Core Update 127 contains multiple reflected 
cross-site scr ...)
-       TODO: check
+       NOT-FOR-US: IPFire
 CVE-2019-25399 (IPFire 2.21 Core Update 127 contains multiple stored 
cross-site script ...)
-       TODO: check
+       NOT-FOR-US: IPFire
 CVE-2019-25398 (IPFire 2.21 Core Update 127 contains multiple cross-site 
scripting vul ...)
-       TODO: check
+       NOT-FOR-US: IPFire
 CVE-2019-25397 (IPFire 2.21 Core Update 127 contains multiple reflected 
cross-site scr ...)
-       TODO: check
+       NOT-FOR-US: IPFire
 CVE-2019-25396 (IPFire 2.21 Core Update 127 contains a reflected cross-site 
scripting  ...)
-       TODO: check
+       NOT-FOR-US: IPFire
 CVE-2019-25365 (ChaosPro 2.0 contains a buffer overflow vulnerability in the 
configura ...)
-       TODO: check
+       NOT-FOR-US: ChaosPro
 CVE-2019-25364 (MailCarrier 2.51 contains a buffer overflow vulnerability in 
the POP3  ...)
-       TODO: check
+       NOT-FOR-US: MailCarrier
 CVE-2019-25363 (WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: WMV to AVI MPEG DVD WMV Convertor
 CVE-2019-25362 (WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: WMV to AVI MPEG DVD WMV Convertor
 CVE-2019-25361 (Ayukov NFTP client 1.71 contains a buffer overflow 
vulnerability in th ...)
-       TODO: check
+       NOT-FOR-US: Ayukov NFTP client
 CVE-2019-25360 (Aida64 Engineer 6.10.5200 contains a buffer overflow 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Aida64 Engineer
 CVE-2019-25359 (SD.NET RIM versions before 4.7.3c contain a SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: SD.NET RIM
 CVE-2019-25358 (FileOptimizer 14.00.2524 contains a denial of service 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: FileOptimizer
 CVE-2019-25357 (Control Center PRO 6.2.9 contains a stack-based buffer 
overflow vulner ...)
-       TODO: check
+       NOT-FOR-US: Control Center PRO
 CVE-2019-25356 (Bematech (formerly Logic Controls, now Elgin) MP-4200 TH 
printer conta ...)
-       TODO: check
+       NOT-FOR-US: Bematech
 CVE-2019-25355 (gSOAP 2.8 contains a directory traversal vulnerability that 
allows una ...)
        TODO: check
 CVE-2019-25354 (iSmartViewPro 1.3.34 contains a denial of service 
vulnerability that a ...)
-       TODO: check
+       NOT-FOR-US: iSmartViewPro
 CVE-2019-25353 (Foscam Video Management System 1.1.4.9 contains a denial of 
service vu ...)
-       TODO: check
+       NOT-FOR-US: Foscam Video Management System
 CVE-2019-25352 (Crystal Live HTTP Server 6.01 contains a directory traversal 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Crystal Live HTTP Server
 CVE-2019-25351 (Centova Cast 3.2.11 contains a file download vulnerability 
that allows ...)
-       TODO: check
+       NOT-FOR-US: Centova Cast
 CVE-2019-25350 (XMedia Recode 3.4.8.6 contains a denial of service 
vulnerability that  ...)
-       TODO: check
+       NOT-FOR-US: XMedia Recode
 CVE-2019-25349 (ScadaApp for iOS 1.1.4.0 contains a denial of service 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: ScadaApp for iOS
 CVE-2019-25326 (ipPulse 1.92 contains a denial of service vulnerability that 
allows lo ...)
-       TODO: check
+       NOT-FOR-US: ipPulse
 CVE-2026-2650 (Heap buffer overflow in Media in Google Chrome prior to 
145.0.7632.109 ...)
        - chromium 145.0.7632.109-1
        [bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22741f8d828068716b9691a693efd4b25a31c15

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22741f8d828068716b9691a693efd4b25a31c15
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to