Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89499fb3 by Moritz Muehlenhoff at 2026-03-05T09:37:06+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -680,7 +680,6 @@ CVE-2025-40931 (Apache::Session::Generate::MD5 versions
through 1.94 for Perl cr
CVE-2024-57854 (Net::NSCA::Client versions through 0.009002 for Perl uses a
poor rando ...)
NOT-FOR-US: Net::NSCA::Client Perl module
NOTE: Net::NSCAng::Client embedded in nsca-ng is different code
- TODO: double check assessment
CVE-2025-40926 (Plack::Middleware::Session::Simple versions through 0.04 for
Perl gene ...)
NOT-FOR-US: Plack::Middleware::Session::Simple Perl module
CVE-2026-3545 (Insufficient data validation in Navigation in Google Chrome
prior to 1 ...)
@@ -944,13 +943,13 @@ CVE-2025-70218 (Stack buffer overflow vulnerability in
D-Link DIR-513 v1.10 via
CVE-2025-69969 (A lack of authentication and authorization mechanisms in the
Bluetooth ...)
TODO: check
CVE-2025-66944 (SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and
before ...)
- TODO: check
+ NOT-FOR-US: databaseir
CVE-2025-66678 (An issue in the HwRwDrv.sys component of Nil Hardware Editor
Hardware ...)
- TODO: check
+ NOT-FOR-US: Nil Hardware Editor
CVE-2025-66168 (Apache ActiveMQ does not properly validate the remaining
length field ...)
TODO: check
CVE-2025-62879 (A vulnerability has been identified within the Rancher Backup
Operator ...)
- TODO: check
+ NOT-FOR-US: Rancher backup operator
CVE-2025-59787 (2N Access Commander application version 3.4.2 and prior
returns HTTP 5 ...)
TODO: check
CVE-2025-59786 (2N Access Commander version 3.4.2 and prior improperly
invalidates ses ...)
@@ -987,15 +986,15 @@ CVE-2019-25504 (NCrypted Jobgator contains an SQL
injection vulnerability that a
CVE-2019-25503 (PHPads 2.0 contains an SQL injection vulnerability that allows
unauthe ...)
TODO: check
CVE-2019-25502 (Simple Job Script contains a cross-site scripting
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Simple Job Script
CVE-2019-25501 (Simple Job Script contains an SQL injection vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: Simple Job Script
CVE-2019-25500 (Simple Job Script contains an SQL injection vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: Simple Job Script
CVE-2019-25499 (Simple Job Script contains an SQL injection vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: Simple Job Script
CVE-2019-25498 (Simple Job Script contains an SQL injection vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: Simple Job Script
CVE-2026-23238 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.18.13-1
NOTE:
https://git.kernel.org/linus/ab7ad7abb3660c58ffffdf07ff3bb976e7e0afa0 (6.19-rc8)
@@ -1278,7 +1277,7 @@ CVE-2025-59059 (Remote Code Execution Vulnerability in
NashornScriptEngineCreato
CVE-2025-57622 (An issue in Step-Video-T2V allows a remote attacker to execute
arbitra ...)
NOT-FOR-US: Step-Video-T2V
CVE-2025-52365 (A command injection vulnerability in the szc script of the
ccurtsinger ...)
- TODO: check
+ NOT-FOR-US: ccurtsinger/stabilizer
CVE-2025-36364 (IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to
be stored ...)
NOT-FOR-US: IBM
CVE-2025-36363 (IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account
lockout ...)
@@ -1298,23 +1297,23 @@ CVE-2025-13616 (IBM DataStage on Cloud Pak for Data
5.1.2 through 5.3.0 returns
CVE-2025-13490 (IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and
12.1.0 ...)
NOT-FOR-US: IBM
CVE-2024-55027 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to st ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2024-55026 (An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2
easyweb v ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2024-55025 (Incorrect access control in the VNC component of Weintek
cMT-3072XH2 e ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2024-55024 (An authentication bypass vulnerability in the authorization
mechanism ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2024-55023 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2024-55022 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2024-55021 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2024-55020 (A command injection vulnerability in the DHCP activation
feature of We ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2024-55019 (Incorrect access control in the component download_wb.cgi of
Weintek c ...)
- TODO: check
+ NOT-FOR-US: Weintek
CVE-2026-25674 (An issue was discovered in 6.0 before 6.0.3, 5.2 before
5.2.12, and 4. ...)
- python-django 3:4.2.29-1 (bug #1129595)
[trixie] - python-django <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89499fb380f46cbc6024bcfde919a9853290677e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89499fb380f46cbc6024bcfde919a9853290677e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
