[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 08 May 2026 02:04:00 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6ee34313 by Moritz Muehlenhoff at 2026-05-08T11:03:40+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66,11 +66,11 @@ CVE-2026-7263
        NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733
        NOTE: 
https://github.com/php/php-src/commit/d43c523c48960e9ca0bf9c747e9bad8e5121edff
 CVE-2026-8149 (A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA 
BC-FIPS on  ...)
-       TODO: check
+       NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian 
package for Bouncycastle
 CVE-2026-8148 (NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a 
local atta ...)
        NOT-FOR-US: NAVER MYBOX Explorer for Windows
 CVE-2026-8142 (VINCE versions 3.0.38 and earlier do not properly verify the 
From addr ...)
-       TODO: check
+       NOT-FOR-US: VINCE portal of CERT
 CVE-2026-8138 (A vulnerability was found in Tenda CX12L 16.03.53.12. This 
issue affec ...)
        NOT-FOR-US: Tenda
 CVE-2026-8137 (A vulnerability has been found in Totolink X5000R 
9.1.0u.6369_B2023011 ...)
@@ -283,13 +283,13 @@ CVE-2026-26164 (Improper neutralization of special 
elements in output used by a
 CVE-2026-26129 (Improper neutralization of special elements in M365 Copilot 
allows an  ...)
        NOT-FOR-US: Microsoft
 CVE-2025-69691 (Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC 
API via p ...)
-       TODO: check
+       NOT-FOR-US: Netgate pfSene
 CVE-2025-69690 (Netgate pfSense CE 2.7.2 allows code execution by using the 
module ins ...)
-       TODO: check
+       NOT-FOR-US: Netgate pfSene
 CVE-2025-69599 (RayVentory Scan Engine through 12.6 Update 8 allows attackers 
to gain  ...)
-       TODO: check
+       NOT-FOR-US: RayVentory Scan Engine
 CVE-2025-67888 (An issue was discovered in Control Web Panel (CWP) before 
0.9.8.1209.  ...)
-       TODO: check
+       NOT-FOR-US: Control Web Panel (CWP)
 CVE-2025-67887 (1C-Bitrix through 25.100.500 allows Remote Code Execution 
because an a ...)
        NOT-FOR-US: 1C-Bitrix
 CVE-2025-67886 (Bitrix24 through 25.100.300 allows Remote Code Execution 
because an ac ...)
@@ -297,23 +297,23 @@ CVE-2025-67886 (Bitrix24 through 25.100.300 allows Remote 
Code Execution because
 CVE-2025-55449 (AstrBotDevs AstrBot 3.5.15 has 
Advanced_System_for_Text_Response_and_B ...)
        NOT-FOR-US: AstrBotDevs AstrBot
 CVE-2024-53326 (LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe 
Deserializa ...)
-       TODO: check
+       NOT-FOR-US: LINQPad
 CVE-2024-51092 (LibreNMS before 24.10.0 allows a remote attacker to execute 
arbitrary  ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2024-46508 (yeti-platform yeti before 2.1.12 allows attackers to generate 
valid JW ...)
-       TODO: check
+       NOT-FOR-US: yeti-platform yeti
 CVE-2024-46507 (A SSTI (server side template injection) vulnerability in the 
custom te ...)
-       TODO: check
+       NOT-FOR-US: yeti-platform yeti
 CVE-2024-45257 (A Command Injection issue in the payload build page in BYOB 
(Build You ...)
-       TODO: check
+       NOT-FOR-US: BYOB (Build Your Own Botnet)
 CVE-2024-33724 (SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) 
via the ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2024-33722 (SOPlanning 1.52.00 is vulnerable to SQL Injection by an 
authenticated  ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2024-33288 (Prison Management System Using PHP v1.0 was discovered to 
contain a SQ ...)
-       TODO: check
+       NOT-FOR-US: Prison Management System
 CVE-2024-30167 (/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 
allow re ...)
-       TODO: check
+       NOT-FOR-US: Atlona AT-OME-MS42 Matrix Switcher
 CVE-2024-27686 (Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) 
allows a r ...)
        NOT-FOR-US: MikroTik
 CVE-2023-47268 (In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer 
through 2.6. ...)
@@ -506,15 +506,15 @@ CVE-2025-67202 (Sidekiq-cron thru 2.3.1, an open-source 
scheduling add-on for Si
 CVE-2025-66105 (Missing Authorization vulnerability in Magepeople inc. Bus 
Ticket Book ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-65122 (Regex Denial of Service in youtube-regex npm package through 
version 1 ...)
-       TODO: check
+       NOT-FOR-US: Node youtube-regex
 CVE-2025-63706 (NPM package next-npm-version1.0.1 is vulnerable to Command 
injection.)
-       TODO: check
+       NOT-FOR-US: Node next-npm-version
 CVE-2025-63705 (NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: Node node-ts-ocr
 CVE-2025-63704 (NPM package query-parser-string 1.0.0 is vulnerable to 
Prototype Pollu ...)
-       TODO: check
+       NOT-FOR-US: Node query-parser-string
 CVE-2025-63703 (npm package parse-ini v1.0.6 is vulnerable to Prototype 
Pollution in i ...)
-       TODO: check
+       NOT-FOR-US: Node parse-ini
 CVE-2025-62127 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-4397 (Medtronic MyCareLink Patient Monitor uses per-product 
credentials that ...)
@@ -526,9 +526,9 @@ CVE-2025-2514 (Improper restriction of excessive 
authentication attempts vulnera
 CVE-2025-1978 (Remote Code Execution Vulnerability in Hitachi Storage 
Navigator and t ...)
        NOT-FOR-US: Hitachi
 CVE-2025-14341 (Improperly controlled modification of Dynamically-Determined 
object at ...)
-       TODO: check
+       NOT-FOR-US: DivvyDrive
 CVE-2024-43384 (A low privileged remote attacker can gainthe root password due 
to impr ...)
-       TODO: check
+       NOT-FOR-US: PHOENIX FL MGUARD 2102
 CVE-2026-4430 (Out-of-bounds write vulnerability in The Document Foundation 
LibreOffi ...)
        {DSA-6251-1}
        - libreoffice 4:26.2.3.2-2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee34313c1f39921d1c67c9eb6d630ca232b2c45

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee34313c1f39921d1c67c9eb6d630ca232b2c45
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to