[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 3 20:54:15 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a4a9afb by Salvatore Bonaccorso at 2026-02-03T21:53:42+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -217,27 +217,27 @@ CVE-2025-70560 (Boltz 2.0.0 contains an insecure deserialization vulnerability i
CVE-2025-70559 (pdfminer.six before 20251230 contains an insecure deserialization vuln ...)
TODO: check
CVE-2025-70311 (JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malici ...)
- TODO: check
+ NOT-FOR-US: JEEWMS
CVE-2025-6397 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-69983 (FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2025-69981 (FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2025-69971 (FUXA v1.2.7 contains a hard-coded credential vulnerability in server/a ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2025-69970 (FUXA v1.2.7 contains an insecure default configuration vulnerability i ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2025-69875 (A vulnerability exists in Quick Heal Total Security 23.0.0 in the quar ...)
- TODO: check
+ NOT-FOR-US: Quick Heal Total Security
CVE-2025-69848 (NetBox is an open-source infrastructure resource modeling and IP addre ...)
TODO: check
CVE-2025-69431 (The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbo ...)
- TODO: check
+ NOT-FOR-US: ZSPACE Q2C NAS
CVE-2025-69430 (An Incorrect Symlink Follow vulnerability exists in multiple Yottamast ...)
- TODO: check
+ NOT-FOR-US: Yottamaster NAS devices
CVE-2025-69429 (The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect ...)
- TODO: check
+ NOT-FOR-US: ORICO NAS CD3510
CVE-2025-67857 (A flaw was found in moodle. During anonymous assignment submissions, u ...)
TODO: check
CVE-2025-67856 (A flaw was found in Moodle. An authorization logic flaw, specifically ...)
@@ -427,9 +427,9 @@ CVE-2026-25137 (The NixOs Odoo package is an open source ERP and CRM system. Fro
CVE-2026-25134 (Group-Office is an enterprise customer relationship management and gro ...)
NOT-FOR-US: Group-Office
CVE-2026-25060 (OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, cer ...)
- TODO: check
+ NOT-FOR-US: OpenList
CVE-2026-25059 (OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the ...)
- TODO: check
+ NOT-FOR-US: OpenList
CVE-2026-24936 (When a specific function is enabled while joining a AD Domain from ADM ...)
NOT-FOR-US: Asustor
CVE-2026-24935 (A third-party NAT traversal module fails to validate SSL/TLS certifica ...)
@@ -441,17 +441,17 @@ CVE-2026-24933 (The API communication component fails to validate the SSL/TLS ce
CVE-2026-24932 (The DDNS update function in ADM fails to properly validate the hostnam ...)
NOT-FOR-US: Asustor
CVE-2026-24763 (OpenClaw (formerly Clawdbot) is a personal AI assistant you run on yo ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-24737 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, use ...)
- jspdf <itp> (bug #998381)
CVE-2026-24694 (The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely ...)
- TODO: check
+ NOT-FOR-US: Roland Cloud Manager
CVE-2026-24471 (continuwuity is a Matrix homeserver written in Rust. This vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: continuwuity
CVE-2026-24465 (Stack-based buffer overflow vulnerability exists in ELECOM wireless LA ...)
- TODO: check
+ NOT-FOR-US: ELECOM devices
CVE-2026-24449 (For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be cal ...)
- TODO: check
+ NOT-FOR-US: ELECOM devices
CVE-2026-24133 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, use ...)
- jspdf <itp> (bug #998381)
CVE-2026-24051 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTe ...)
@@ -463,21 +463,21 @@ CVE-2026-24040 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.
CVE-2026-24007 (Tuleap is an Open Source Suite for management of software development ...)
NOT-FOR-US: Tuleap
CVE-2026-23997 (FacturaScripts is open-source enterprise resource planning and account ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2026-23515 (Signal K Server is a server application that runs on a central hub in ...)
- TODO: check
+ NOT-FOR-US: Signal K Server
CVE-2026-23476 (FacturaScripts is open-source enterprise resource planning and account ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2026-22780 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2026-22778 (vLLM is an inference and serving engine for large language models (LLM ...)
TODO: check
CVE-2026-22550 (OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X15 ...)
- TODO: check
+ NOT-FOR-US: ELECOM devices
CVE-2026-20704 (Cross-site request forgery vulnerability exists in WRC-X1500GS-B and W ...)
- TODO: check
+ NOT-FOR-US: ELECOM devices
CVE-2026-1788 (: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xqui ...)
- TODO: check
+ NOT-FOR-US: Xquic
CVE-2026-1778 (Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS cer ...)
NOT-FOR-US: Amazon
CVE-2026-1777 (The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes th ...)
@@ -503,7 +503,7 @@ CVE-2026-1058 (The Form Maker plugin for WordPress is vulnerable to Stored Cross
CVE-2026-0950 (The Spectra Gutenberg Blocks \u2013 Website Builder for the Block Edit ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0924 (BuhoCleanercontains an insecure XPC service that allows local, unprivi ...)
- TODO: check
+ NOT-FOR-US: BuhoCleaner
CVE-2026-0909 (The WP ULike plugin for WordPress is vulnerable to Insecure Direct Obj ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0617 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
@@ -513,15 +513,15 @@ CVE-2026-0383 (A vulnerability in Brocade Fabric OS could allow an authenticated
CVE-2025-9711 (A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevat ...)
NOT-FOR-US: Brocade
CVE-2025-8590 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: SKSPro
CVE-2025-8589 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: SKSPro
CVE-2025-70960 (A stored cross-site scripting (XSS) vulnerability in the Forums module ...)
- TODO: check
+ NOT-FOR-US: Tendenci CMS
CVE-2025-70959 (A stored cross-site scripting (XSS) vulnerability in the Jobs module o ...)
- TODO: check
+ NOT-FOR-US: Tendenci CMS
CVE-2025-70958 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the i ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2025-69207 (Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-be ...)
TODO: check
CVE-2025-66480 (Wildfire IM is an instant messaging and real-time audio/video solution ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4a9afb7c7a4b31c88fabac890f6659d8ef270f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4a9afb7c7a4b31c88fabac890f6659d8ef270f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/6287747c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list