Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12eaf13b by Moritz Muehlenhoff at 2026-03-16T11:28:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -65,9 +65,9 @@ CVE-2026-4193 (A security vulnerability has been detected in
D-Link DIR-823G 1.0
CVE-2026-4192 (A vulnerability has been found in AvinashBole quip-mcp-server
1.0.0. A ...)
NOT-FOR-US: hypermodel-labs mcp-server-auto-commonAvinashBole
quip-mcp-server
CVE-2026-4191 (A flaw has been found in JawherKl node-api-postgres up to 2.5.
Affecte ...)
- TODO: check
+ NOT-FOR-US: node-api-postgres
CVE-2026-4190 (A vulnerability was detected in JawherKl node-api-postgres up
to 2.5. ...)
- TODO: check
+ NOT-FOR-US: node-api-postgres
CVE-2026-4189 (A weakness has been identified in phpipam up to 1.7.4. The
impacted el ...)
- phpipam <itp> (bug #731713)
CVE-2026-4188 (A security flaw has been discovered in D-Link DIR-619L 2.06B01.
The af ...)
@@ -93,11 +93,11 @@ CVE-2026-4175 (A vulnerability was determined in Aureus ERP
up to 1.3.0-BETA2. T
CVE-2026-4174 (A vulnerability has been found in Radare2 5.9.9. This issue
affects th ...)
TODO: check
CVE-2026-4173 (A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This
vulnera ...)
- TODO: check
+ NOT-FOR-US: CodePhiliaX Chat2DB
CVE-2026-4172 (A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32.
This aff ...)
NOT-FOR-US: TRENDnet
CVE-2026-4171 (A security vulnerability has been detected in CodeGenieApp
serverless- ...)
- TODO: check
+ NOT-FOR-US: CodeGenieApp serverless-express
CVE-2026-32778 (libexpat before 2.7.5 allows a NULL pointer dereference in the
functio ...)
TODO: check
CVE-2026-32777 (libexpat before 2.7.5 allows an infinite loop while parsing
DTD conten ...)
@@ -107,17 +107,17 @@ CVE-2026-32776 (libexpat before 2.7.5 allows a NULL
pointer dereference with emp
CVE-2026-32775 (libexif through 0.6.25 has a flaw in decoding MakerNotes. If
the exif_ ...)
TODO: check
CVE-2026-31386 (OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed
Technologies c ...)
- TODO: check
+ NOT-FOR-US: OpenLiteSpeed and LSWS Enterprise
CVE-2026-28522 (arduino-TuyaOpen before version 1.2.1 contains a null pointer
derefere ...)
- TODO: check
+ NOT-FOR-US: arduino-TuyaOpen
CVE-2026-28521 (arduino-TuyaOpen before version 1.2.1 contains an
out-of-bounds memory ...)
- TODO: check
+ NOT-FOR-US: arduino-TuyaOpen
CVE-2026-28520 (arduino-TuyaOpen before version 1.2.1 contains a single-byte
buffer ov ...)
- TODO: check
+ NOT-FOR-US: arduino-TuyaOpen
CVE-2026-28519 (arduino-TuyaOpen before version 1.2.1 contains a heap-based
buffer ove ...)
- TODO: check
+ NOT-FOR-US: arduino-TuyaOpen
CVE-2026-25083 (GROWI OpenAI thread/message API endpoints do not perform
authorization ...)
- TODO: check
+ NOT-FOR-US: GROWI OpenAI
CVE-2026-21005 (Path traversal in Smart Switch prior to version 3.7.69.15
allows adjac ...)
NOT-FOR-US: Samsung Mobile
CVE-2026-21004 (Improper authentication in Smart Switch prior to version
3.7.69.15 all ...)
@@ -169,69 +169,69 @@ CVE-2025-14287 (A command injection vulnerability exists
in mlflow/mlflow versio
CVE-2025-12736 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker case s ...)
NOT-FOR-US: OpenHarmony
CVE-2017-20224 (Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an
arbitrar ...)
- TODO: check
+ NOT-FOR-US: Telesquare SKT LTE Router SDT-CS3B1
CVE-2017-20223 (Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0
contains an ...)
- TODO: check
+ NOT-FOR-US: Telesquare SKT LTE Router SDT-CS3B1
CVE-2017-20222 (Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0
contains an ...)
- TODO: check
+ NOT-FOR-US: Telesquare SKT LTE Router SDT-CS3B1
CVE-2017-20221 (Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a
cross-sit ...)
- TODO: check
+ NOT-FOR-US: Telesquare SKT LTE Router SDT-CS3B1
CVE-2017-20220 (Serviio PRO 1.8 contains an improper access control
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Serviio PRO
CVE-2017-20219 (Serviio PRO 1.8 DLNA Media Streaming Server contains a
DOM-based cross ...)
- TODO: check
+ NOT-FOR-US: Serviio PRO
CVE-2017-20218 (Serviio PRO 1.8 contains an unquoted search path vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: Serviio PRO
CVE-2017-20217 (Serviio PRO 1.8 contains an information disclosure
vulnerability due t ...)
- TODO: check
+ NOT-FOR-US: Serviio PRO
CVE-2016-20036 (Wowza Streaming Engine 4.5.0 contains multiple reflected
cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2016-20035 (Wowza Streaming Engine 4.5.0 contains a cross-site request
forgery vul ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2016-20034 (Wowza Streaming Engine 4.5.0 contains a privilege escalation
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2016-20033 (Wowza Streaming Engine 4.5.0 contains a local privilege
escalation vul ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2016-20032 (ZKTeco ZKAccess Security System 5.3.1 contains a stored
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20031 (ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass
vulnera ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20030 (ZKTeco ZKBioSecurity 3.0 contains a user enumeration
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20029 (ZKTeco ZKBioSecurity 3.0 contains a file path manipulation
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20028 (ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery
vulnera ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20027 (ZKTeco ZKBioSecurity 3.0 contains multiple reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20026 (ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the
bundled ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20025 (ZKTeco ZKAccess Professional 3.5.3 contains an insecure file
permissio ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20024 (ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file
permissions vulner ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2015-20121 (Next Click Ventures RealtyScript 4.0.2 contains SQL injection
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20120 (Next Click Ventures RealtyScript 4.0.2 contains multiple
time-based bl ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20119 (Next Click Ventures RealtyScript 4.0.2 contains a stored
cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20118 (Next Click Ventures RealtyScript 4.0.2 contains a stored
cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20117 (Next Click Ventures RealtyScript 4.0.2 contains a cross-site
request f ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20116 (Next Click Ventures RealtyScript 4.0.2 fails to properly
sanitize CSV ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20115 (Next Click Ventures RealtyScript 4.0.2 fails to properly
sanitize file ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20114 (Next Click Ventures RealtyScript 4.0.2 contains a cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20113 (Next Click Ventures RealtyScript 4.0.2 contains cross-site
request for ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2013-20006 (Qool CMS contains multiple persistent cross-site scripting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Qool CMS
CVE-2013-20005 (Qool CMS 2.0 RC2 contains a cross-site request forgery
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Qool CMS
CVE-2026-4179 (Issues in stm32 USB device driver
(drivers/usb/device/usb_dc_stm32.c) ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-4170 (A weakness has been identified in Topsec TopACM 3.0. Affected
by this ...)
@@ -330,7 +330,7 @@ CVE-2026-32640 (SimpleEval is a library for adding
evaluatable expressions into
CVE-2026-32635 (Angular is a development platform for building mobile and
desktop web ...)
TODO: check
CVE-2026-32630 (file-type detects the file type of a file, stream, or data.
From 20.0. ...)
- TODO: check
+ NOT-FOR-US: Node file-type
CVE-2026-32628 (AnythingLLM is an application that turns pieces of content
into contex ...)
NOT-FOR-US: AnythingLLM
CVE-2026-32627 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12eaf13b70b0ae4ef73c82ef602615c6e1b0c267
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12eaf13b70b0ae4ef73c82ef602615c6e1b0c267
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
