[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 3 20:46:22 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a769249f by Salvatore Bonaccorso at 2026-02-03T21:45:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -135,33 +135,33 @@ CVE-2026-24939 (Missing Authorization vulnerability in WP Chill Modula Image Gal
 CVE-2026-24938 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24774 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24773 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24762 (RustFS is a distributed object storage system built in Rust. From vers ...)
-	TODO: check
+	NOT-FOR-US: RustFS
 CVE-2026-24674 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24673 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24672 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24671 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24670 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24669 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24668 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24667 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24666 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24665 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24664 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-24441 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose a ...)
 	NOT-FOR-US: Tenda
 CVE-2026-24434 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not ...)
@@ -181,37 +181,37 @@ CVE-2026-22228 (An authenticated user with high privileges may trigger a denial\
 CVE-2026-22220 (A lack of proper input validation in the HTTP processing path in TP-Li ...)
 	NOT-FOR-US: TP-Link
 CVE-2026-21862 (RustFS is a distributed object storage system built in Rust. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: RustFS
 CVE-2026-1846
 	REJECTED
 CVE-2026-1814 (Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insuffic ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 Nexpose
 CVE-2026-1803 (A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted ...)
-	TODO: check
+	NOT-FOR-US: Ziroom ZHOME A0101
 CVE-2026-1802 (A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. Thi ...)
-	TODO: check
+	NOT-FOR-US: Ziroom ZHOME A0101
 CVE-2026-1664 (Summary  An Insecure Direct Object Reference has been found to exist i ...)
 	TODO: check
 CVE-2026-1568 (Rapid7 InsightVM versions before8.34.0 contain a signature verificatio ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 InsightVM
 CVE-2026-1432 (SQL injection vulnerability in the Buroweb platform version 2505.0.12, ...)
-	TODO: check
+	NOT-FOR-US: Buroweb platform
 CVE-2026-0620 (When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept c ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-8461 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: syWEB
 CVE-2025-8456 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Kod8 Individual and SME Website
 CVE-2025-7760 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Association Web Package Flora
 CVE-2025-71179 (Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting ( ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Academy LMS
 CVE-2025-70849 (Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated att ...)
 	TODO: check
 CVE-2025-70841 (Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauth ...)
-	TODO: check
+	NOT-FOR-US: Dokans Multi-Tenancy Based eCommerce Platform SaaS
 CVE-2025-70758 (chetans9 core-php-admin-panel through commit a94a780d6 contains an aut ...)
-	TODO: check
+	NOT-FOR-US: chetans9 core-php-admin-panel
 CVE-2025-70560 (Boltz 2.0.0 contains an insecure deserialization vulnerability in its  ...)
 	TODO: check
 CVE-2025-70559 (pdfminer.six before 20251230 contains an insecure deserialization vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a769249f24e34a2a0a64e54fc6c2ed16a50c05df

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a769249f24e34a2a0a64e54fc6c2ed16a50c05df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/deaf9d9c/attachment.htm>

More information about the debian-security-tracker-commits mailing list