[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 2 20:53:40 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
855e83c5 by Salvatore Bonaccorso at 2026-02-02T21:53:16+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2026-22227 (A command injection vulnerability may be exploited after the adm
 CVE-2026-22226 (A command injection vulnerability may be exploited after the admin's a ...)
 	NOT-FOR-US: TP-Link
 CVE-2026-22225 (A command injection vulnerability may be exploited after the admin's a ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2026-22224 (A command injection vulnerability may be exploited after the admin's a ...)
 	NOT-FOR-US: TP-Link
 CVE-2026-22223 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn ...)
@@ -61,7 +61,7 @@ CVE-2026-20402 (In Modem, there is a possible system crash due to improper input
 CVE-2026-20401 (In Modem, there is a possible system crash due to an uncaught exceptio ...)
 	NOT-FOR-US: MediaTek
 CVE-2026-1770 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2026-1761 (A flaw was found in libsoup. This stack-based buffer overflow vulnerab ...)
 	- libsoup3 <unfixed>
 	- libsoup2.4 <removed>
@@ -84,9 +84,9 @@ CVE-2026-1703 (When pip is installing and extracting a maliciously crafted wheel
 CVE-2026-1232 (A medium-severity vulnerability has been identified in BeyondTrust Pri ...)
 	NOT-FOR-US: BeyondTrust
 CVE-2026-1186 (EAP Legislator is vulnerable to Path Traversal in file extraction func ...)
-	TODO: check
+	NOT-FOR-US: EAP Legislator
 CVE-2026-1117 (A vulnerability in the `lollms_generation_events.py` component of pari ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms
 CVE-2026-0921
 	REJECTED
 CVE-2026-0631 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn ...)
@@ -94,15 +94,15 @@ CVE-2026-0631 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.
 CVE-2026-0630 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web ...)
 	NOT-FOR-US: TP-Link
 CVE-2026-0599 (A vulnerability in huggingface/text-generation-inference version 3.3.6 ...)
-	TODO: check
+	NOT-FOR-US: huggingface/text-generation-inference
 CVE-2025-9974 (The unified WEBUI application of the ONT/Beacon device contains an inp ...)
 	NOT-FOR-US: Nokia
 CVE-2025-8587 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: SKSPro
 CVE-2025-7105 (A vulnerability in danny-avila/librechat allows attackers to exploit t ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2025-6208 (The `SimpleDirectoryReader` component in `llama_index.core` version 0. ...)
-	TODO: check
+	NOT-FOR-US: run-llama/llama_index
 CVE-2025-47402 (Transient DOS when processing a received frame with an excessively lar ...)
 	NOT-FOR-US: Qualcomm
 CVE-2025-47399 (Memory Corruption while processing IOCTL call to update sensor propert ...)
@@ -128,29 +128,29 @@ CVE-2025-14914 (IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0
 CVE-2025-10279 (In mlflow version 2.20.3, the temporary directory used for creating Py ...)
 	NOT-FOR-US: mlflow
 CVE-2024-5986 (A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: h2oai/h2o-3
 CVE-2024-5386 (In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-54263 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2024-4147 (In lunary-ai/lunary version 1.2.13, an insufficient granularity of acc ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-2356 (A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_e ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2022-50981 (An unauthenticated remote attacker can gain full access on the affecte ...)
-	TODO: check
+	NOT-FOR-US: Innomic
 CVE-2022-50980 (A unauthenticated adjacent attacker could potentially disrupt operatio ...)
-	TODO: check
+	NOT-FOR-US: Innomic
 CVE-2022-50979 (An unauthenticated adjacent attacker could potentially disrupt operati ...)
-	TODO: check
+	NOT-FOR-US: Innomic
 CVE-2022-50978 (An unauthenticated remote attacker could potentially disrupt operation ...)
-	TODO: check
+	NOT-FOR-US: Innomic
 CVE-2022-50977 (An unauthenticated remote attacker could potentially disrupt operation ...)
-	TODO: check
+	NOT-FOR-US: Innomic
 CVE-2022-50976 (A local attacker could cause a full device reset by resetting the devi ...)
-	TODO: check
+	NOT-FOR-US: Innomic
 CVE-2022-50975 (An unauthenticated remote attacker is able to use an existing session  ...)
-	TODO: check
+	NOT-FOR-US: Innomic
 CVE-2026-25253 (OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayU ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-25202 (The database account and password are hardcoded, allowing login with t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/855e83c53b9ff645a09f9a62b846750ad50f4b8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/855e83c53b9ff645a09f9a62b846750ad50f4b8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260202/7662faf9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list