[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 23 May 2026 12:26:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4b83c908 by Salvatore Bonaccorso at 2026-05-23T21:26:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,67 +1,67 @@
 CVE-2026-9306 (A security vulnerability has been detected in QuantumNous 
new-api up t ...)
-       TODO: check
+       NOT-FOR-US: QuantumNous new-api
 CVE-2026-9305 (A weakness has been identified in QuantumNous new-api up to 
0.12.1. Th ...)
-       TODO: check
+       NOT-FOR-US: QuantumNous new-api
 CVE-2026-9304 (A security flaw has been discovered in calcom cal.diy up to 
4.9.4. The ...)
-       TODO: check
+       NOT-FOR-US: calcom cal.diy
 CVE-2026-9303 (A vulnerability was identified in calcom cal.diy up to 4.9.4. 
Impacted ...)
-       TODO: check
+       NOT-FOR-US: calcom cal.diy
 CVE-2026-9302 (A vulnerability was determined in 546669204 
vps-inventory-monitoring u ...)
-       TODO: check
+       NOT-FOR-US: vps-inventory-monitoring
 CVE-2026-9301 (A vulnerability was found in omec-project amf up to 2.1.1. This 
vulner ...)
-       TODO: check
+       NOT-FOR-US: omec-project amf
 CVE-2026-9300 (A vulnerability has been found in omec-project amf up to 2.1.1. 
This a ...)
-       TODO: check
+       NOT-FOR-US: omec-project amf
 CVE-2026-9299 (A flaw has been found in omec-project amf up to 2.1.1. Affected 
by thi ...)
-       TODO: check
+       NOT-FOR-US: omec-project amf
 CVE-2026-9298 (A vulnerability was detected in omec-project amf up to 2.1.1. 
Affected ...)
-       TODO: check
+       NOT-FOR-US: omec-project amf
 CVE-2026-9297 (A security vulnerability has been detected in Edimax BR-6428NS 
1.10. A ...)
-       TODO: check
+       NOT-FOR-US: Edimax
 CVE-2026-9296 (A weakness has been identified in Edimax BR-6428NS 1.10. This 
impacts  ...)
-       TODO: check
+       NOT-FOR-US: Edimax
 CVE-2026-9295 (A security flaw has been discovered in Edimax BR-6428NS 1.10. 
This aff ...)
-       TODO: check
+       NOT-FOR-US: Edimax
 CVE-2026-9294 (A vulnerability was identified in Edimax BR-6428NS 1.10. The 
impacted  ...)
-       TODO: check
+       NOT-FOR-US: Edimax
 CVE-2018-25358 (D-Link DIR601 2.02NA contains a credential disclosure 
vulnerability th ...)
        NOT-FOR-US: D-Link
 CVE-2018-25357 (Dolibarr ERP CRM 7.0.3 contains a remote code evaluation 
vulnerability ...)
        TODO: check
 CVE-2018-25356 (SIPp 3.6 and earlier contains a local buffer overflow 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: SIPp
 CVE-2018-25355 (Audiograbber 1.83 contains a local buffer overflow 
vulnerability that  ...)
-       TODO: check
+       NOT-FOR-US: Audiograbber
 CVE-2018-25354 (Joomla Component jomres 9.11.2 contains a cross-site request 
forgery v ...)
-       TODO: check
+       NOT-FOR-US: Joomla Component jomres
 CVE-2018-25353 (Redaxo CMS Mediapool Addon 5.5.1 and older contains an 
arbitrary file  ...)
-       TODO: check
+       NOT-FOR-US: Redaxo CMS Mediapool Addon
 CVE-2018-25352 (WordPress Ultimate Form Builder Lite plugin version 1.3.7 and 
below co ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2018-25351 (Joomla! Component EkRishta 2.10 contains an error-based SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Joomla! Component EkRishta
 CVE-2018-25350 (userSpice 4.3.24 contains a username enumeration vulnerability 
that al ...)
-       TODO: check
+       NOT-FOR-US: userSpice
 CVE-2018-25349 (userSpice 4.3.24 contains a cross-site scripting vulnerability 
that al ...)
-       TODO: check
+       NOT-FOR-US: userSpice
 CVE-2018-25348 (Joomla! Component Ek Rishta 2.10 contains an SQL injection 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Joomla! Component Ek Rishta
 CVE-2018-25347 (WordPress Contact Form Maker Plugin 1.12.20 contains SQL 
injection vul ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2018-25346 (WordPress Form Maker Plugin 1.12.24 and below contains SQL 
injection v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2018-25345 (10-Strike Network Scanner 3.0 contains a local buffer overflow 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: 10-Strike Network Scanner
 CVE-2018-25344 (10-Strike Network Inventory Explorer 8.54 contains a 
stack-based buffe ...)
-       TODO: check
+       NOT-FOR-US: 10-Strike Network Inventory Explorer
 CVE-2018-25343 (Smartshop 1 contains a cross-site request forgery 
vulnerability that a ...)
-       TODO: check
+       NOT-FOR-US: Smartshop
 CVE-2018-25342 (Smartshop 1 contains a time-based blind SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Smartshop
 CVE-2018-25341 (Smartshop 1 contains a SQL injection vulnerability that allows 
unauthe ...)
-       TODO: check
+       NOT-FOR-US: Smartshop
 CVE-2018-25340 (Smartshop 1 contains a SQL injection vulnerability that allows 
unauthe ...)
-       TODO: check
+       NOT-FOR-US: Smartshop
 CVE-2026-43503 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.9-1
        NOTE: 
https://git.kernel.org/linus/48f6a5356a33dd78e7144ae1faef95ffc990aae0
@@ -321,15 +321,15 @@ CVE-2026-25680 (Parsing arbitrary HTML can consume 
excessive CPU time, possibly
        NOTE: https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
        NOTE: https://github.com/golang/go/issues/79573
 CVE-2026-25608 (STER uses unencrypted TCP traffic to transmit data over the 
network. I ...)
-       TODO: check
+       NOT-FOR-US: STER
 CVE-2026-25607 (Use of a weak password encoding algorithm in STER software 
allows the  ...)
-       TODO: check
+       NOT-FOR-US: STER
 CVE-2026-25606 (A SQL injection vulnerability has been identified in STER. 
Improper ne ...)
-       TODO: check
+       NOT-FOR-US: STER
 CVE-2025-46371 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use 
of a Brok ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-45145 (Directory traversal in Follett Software's Destiny Library 
Manager 22_0 ...)
-       TODO: check
+       NOT-FOR-US: Destiny Library Manager
 CVE-2025-32751 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an 
Insecure Sto ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-32749 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an 
Exposure of  ...)
@@ -1855,7 +1855,7 @@ CVE-2026-24160 (NVIDIA TRT-LLM for any platform contains 
a vulnerability where a
 CVE-2026-24142 (NVIDIA TRT-LLM for any platform contains a deserialization 
vulnerabili ...)
        NOT-FOR-US: NVIDIA
 CVE-2025-70950 (An issue in gohttp commit 34ea51 allows attackers to execute a 
directo ...)
-       TODO: check
+       NOT-FOR-US: gohttp
 CVE-2025-61081 (In BYD Atto3, an attacker can obtain an authentication key 
through Bru ...)
        NOT-FOR-US: BYD Atto3
 CVE-2025-57798 (Joplin is an open source note-taking and to-do application 
that organi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b83c9088c92feb5b51f841d5da7efa207fc61f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b83c9088c92feb5b51f841d5da7efa207fc61f0
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to