Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
972ee211 by Salvatore Bonaccorso at 2026-03-21T08:34:10+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -158,9 +158,9 @@ CVE-2026-32303 (Cryptomator encrypts data being stored on
cloud infrastructure.
CVE-2026-31836 (Checkmate is an open-source, self-hosted tool designed to
track and mo ...)
NOT-FOR-US: Checkmate
CVE-2026-31382 (The error_description parameter is vulnerable to Reflected
XSS. An att ...)
- TODO: check
+ NOT-FOR-US: Gainsight
CVE-2026-31381 (An attacker can extract user email addresses (PII) exposed in
base64 e ...)
- TODO: check
+ NOT-FOR-US: Gainsight
CVE-2026-30580 (File Thingie 2.5.7 is vulnerable to Directory Traversal. A
malicious u ...)
NOT-FOR-US: File Thingie
CVE-2026-30579 (File Thingie 2.5.7 is vulnerable to Cross Site Scripting
(XSS). A mali ...)
@@ -198,9 +198,9 @@ CVE-2026-22172 (OpenClaw versions prior to 2026.3.12
contain an authorization by
CVE-2026-0677 (Deserialization of Untrusted Data vulnerability in TotalSuite
TotalCon ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67260 (The Terrapack software, from ASTER TEC / ASTER S.p.A., with
the indica ...)
- TODO: check
+ NOT-FOR-US: Terrapack
CVE-2025-63260 (SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS)
via the ...)
- TODO: check
+ NOT-FOR-US: SyncFusion
CVE-2025-62846 (An SQL injection vulnerability has been reported to affect
QHora. If a ...)
NOT-FOR-US: QNAP
CVE-2025-62845 (An improper neutralization of escape, meta, or control
sequences vulne ...)
@@ -220,7 +220,7 @@ CVE-2025-15608 (This vulnerability in AX53 v1 results from
insufficient input sa
CVE-2025-15607 (A command injection vulnerability on AX53 v1 occurs in mscd
debug func ...)
NOT-FOR-US: TPLink
CVE-2024-44722 (SysAK v2.0 and before is vulnerable to command execution via
aaa;cat / ...)
- TODO: check
+ NOT-FOR-US: SysAK
CVE-2024-32537 (Cross-Site request forgery (CSRF) vulnerability in joshuae1974
Flash V ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-31119 (Improper neutralization of input during web page generation
('cross-si ...)
@@ -401,7 +401,7 @@ CVE-2026-33013 (Micronaut Framework is a JVM-based full
stack Java framework des
CVE-2026-33012 (Micronaut Framework is a JVM-based full stack Java framework
designed ...)
NOT-FOR-US: Micronaut Framework
CVE-2026-33011 (Nest is a framework for building scalable Node.js server-side
applicat ...)
- TODO: check
+ NOT-FOR-US: Nest
CVE-2026-32985 (Xerte Online Toolkits versions 3.14 and earlier contain an
unauthentic ...)
NOT-FOR-US: Xerte Online Toolkits
CVE-2026-32954 (ERP is a free and open source Enterprise Resource Planning
tool. In ve ...)
@@ -442,7 +442,7 @@ CVE-2026-32891 (Anchorr is a Discord bot for requesting
movies and TV shows and
CVE-2026-32890 (Anchorr is a Discord bot for requesting movies and TV shows
and receiv ...)
NOT-FOR-US: Anchorr
CVE-2026-32889 (tinytag is a Python library for reading audio file metadata.
Version 2 ...)
- TODO: check
+ NOT-FOR-US: tinytag Python library
CVE-2026-32888 (Open Source Point of Sale is a web based point-of-sale
application wri ...)
NOT-FOR-US: Open Source Point of Sale
CVE-2026-32881 (ewe is a Gleam web server. ewe is a Gleam web server. Versions
0.6.0 t ...)
@@ -493,7 +493,7 @@ CVE-2026-32765
CVE-2026-32764
REJECTED
CVE-2026-32763 (Kysely is a type-safe TypeScript SQL query builder. Versions
up to and ...)
- TODO: check
+ NOT-FOR-US: Kysely
CVE-2026-32761 (File Browser is a file managing interface for uploading,
deleting, pre ...)
NOT-FOR-US: File Browser
CVE-2026-32760 (File Browser is a file managing interface for uploading,
deleting, pre ...)
@@ -623,7 +623,7 @@ CVE-2026-31869 (Discourse is an open-source discussion
platform. Prior to versio
CVE-2026-31805 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
NOT-FOR-US: Discourse
CVE-2026-30924 (qui is a web interface for managing qBittorrent instances.
Versions 1. ...)
- TODO: check
+ NOT-FOR-US: autobrr qui
CVE-2026-30891 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
NOT-FOR-US: Discourse
CVE-2026-30889 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
@@ -920,13 +920,13 @@ CVE-2026-1005 (Integer underflow in wolfSSL packet
sniffer <= 5.8.4 allows an at
CVE-2026-0819 (A stack buffer overflow vulnerability exists in wolfSSL's PKCS7
Signed ...)
TODO: check
CVE-2025-71260 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain a d ...)
- TODO: check
+ NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-71259 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain a b ...)
- TODO: check
+ NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-71258 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain a b ...)
- TODO: check
+ NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-71257 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain an ...)
- TODO: check
+ NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-69720 (ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in
progs/infoc ...)
TODO: check
CVE-2025-68836 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -934,13 +934,13 @@ CVE-2025-68836 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-67618 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67115 (A path traversal vulnerability in /ftl/web/setup.cgi in Small
Cell Ser ...)
- TODO: check
+ NOT-FOR-US: Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware
CVE-2025-67114 (Use of a deterministic credential generation algorithm in
/ftl/bin/cal ...)
- TODO: check
+ NOT-FOR-US: Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware
CVE-2025-67113 (OS command injection in the CWMP client (/ftl/bin/cwmp) of
Small Cell ...)
- TODO: check
+ NOT-FOR-US: Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware
CVE-2025-67112 (Use of a hard-coded AES-256-CBC key in the configuration
backup/restor ...)
- TODO: check
+ NOT-FOR-US: Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware
CVE-2025-62043 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-60237 (Deserialization of Untrusted Data vulnerability in Themeton
Finag allo ...)
@@ -954,7 +954,7 @@ CVE-2025-50001 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-32223 (Authorization Bypass Through User-Controlled Key vulnerability
in Them ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-14716 (Improper Authentication vulnerability in Secomea GateManager
(webserve ...)
- TODO: check
+ NOT-FOR-US: Secomea GateManager
CVE-2026-4342 (A security issue was discovered in ingress-nginx where a
combination o ...)
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to
incorrect v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972ee211ed11327a21502d236a6730c5ce0a05fe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972ee211ed11327a21502d236a6730c5ce0a05fe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
