[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 6 20:35:36 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
176196f3 by Salvatore Bonaccorso at 2026-02-06T21:35:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-2103 (Infor SyteLine ERP uses hard-coded static cryptographic keys to encryp ...)
-	TODO: check
+	NOT-FOR-US: Infor SyteLine ERP
 CVE-2026-2065 (A security flaw has been discovered in Flycatcher Toys smART Pixelator ...)
-	TODO: check
+	NOT-FOR-US: Flycatcher Toys smART Pixelator
 CVE-2026-2064 (A vulnerability was identified in Portabilis i-Educar up to 2.10. Affe ...)
 	NOT-FOR-US: Portabilis
 CVE-2026-2063 (A security flaw has been discovered in D-Link DIR-823X 250416. This vu ...)
@@ -15,7 +15,7 @@ CVE-2026-2060 (A vulnerability was found in code-projects Simple Blood Donor Man
 CVE-2026-2059 (A vulnerability has been found in SourceCodester Medical Center Portal ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-2058 (A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to ...)
-	TODO: check
+	NOT-FOR-US: mathurvishal CloudClassroom-PHP-Project
 CVE-2026-2057 (A vulnerability was detected in SourceCodester Medical Center Portal M ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-2056 (A security vulnerability has been detected in D-Link DIR-605L and DIR- ...)
@@ -41,41 +41,41 @@ CVE-2026-2012 (A vulnerability was determined in itsourcecode Student Management
 CVE-2026-2011 (A vulnerability was found in itsourcecode Student Management System 1. ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-25753 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25752 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
-	TODO: check
+	NOT-FOR-US: FUXA
 CVE-2026-25751 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
-	TODO: check
+	NOT-FOR-US: FUXA
 CVE-2026-25725 (Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude  ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2026-25724 (Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude  ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2026-25723 (Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2026-25722 (Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2026-25651 (client-certificate-auth is middleware for Node.js implementing client  ...)
-	TODO: check
+	NOT-FOR-US: client-certificate-auth Node.js module
 CVE-2026-25650 (MCP Salesforce Connector is a Model Context Protocol (MCP) server impl ...)
-	TODO: check
+	NOT-FOR-US: MCP Salesforce Connector
 CVE-2026-25647 (Lute is a structured Markdown engine supporting Go and JavaScript. Lut ...)
-	TODO: check
+	NOT-FOR-US: Lute
 CVE-2026-25643 (Frigate is a network video recorder (NVR) with realtime local object d ...)
-	TODO: check
+	NOT-FOR-US: Frigate
 CVE-2026-25642 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
-	TODO: check
+	NOT-FOR-US: HedgeDoc
 CVE-2026-25641 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there i ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-25640 (Pydantic AI is a Python agent framework for building applications and  ...)
-	TODO: check
+	NOT-FOR-US: Pydantic AI
 CVE-2026-25587 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map  ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-25586 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandb ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-25556 (MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerabili ...)
 	TODO: check
 CVE-2026-25520 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The ret ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-24931 (Vulnerability of improper criterion security check in the card module. ...)
 	NOT-FOR-US: Huawei
 CVE-2026-24930 (UAF concurrency vulnerability in the graphics module. Impact: Successf ...)
@@ -113,25 +113,25 @@ CVE-2026-24915 (Out-of-bounds read issue in the media subsystem. Impact: Success
 CVE-2026-24914 (Type confusion vulnerability in the camera module. Impact: Successful  ...)
 	NOT-FOR-US: Huawei
 CVE-2026-24903 (OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Sto ...)
-	TODO: check
+	NOT-FOR-US: OrcaStatLLM Researcher
 CVE-2026-24851 (OpenFGA is a high-performance and flexible authorization/permission en ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2026-24776 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-24419 (OpenSTAManager is an open source management software for technical ass ...)
-	TODO: check
+	NOT-FOR-US: OpenSTAManager
 CVE-2026-24418 (OpenSTAManager is an open source management software for technical ass ...)
-	TODO: check
+	NOT-FOR-US: OpenSTAManager
 CVE-2026-24417 (OpenSTAManager is an open source management software for technical ass ...)
-	TODO: check
+	NOT-FOR-US: OpenSTAManager
 CVE-2026-24416 (OpenSTAManager is an open source management software for technical ass ...)
-	TODO: check
+	NOT-FOR-US: OpenSTAManager
 CVE-2026-24135 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2026-24050 (Zulip is an open-source team collaboration tool. From 5.0 to before 11 ...)
 	TODO: check
 CVE-2026-23989 (REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bu ...)
-	TODO: check
+	NOT-FOR-US: REVA
 CVE-2026-23741 (Asterisk is an open source private branch exchange and telephony toolk ...)
 	TODO: check
 CVE-2026-23740 (Asterisk is an open source private branch exchange and telephony toolk ...)
@@ -141,13 +141,13 @@ CVE-2026-23739 (Asterisk is an open source private branch exchange and telephony
 CVE-2026-23738 (Asterisk is an open source private branch exchange and telephony toolk ...)
 	TODO: check
 CVE-2026-23633 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2026-23632 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2026-22592 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2026-22254 (Winter is a free, open-source content management system (CMS) based on ...)
-	TODO: check
+	NOT-FOR-US: Winter CMS
 CVE-2026-21643 (An improper neutralization of special elements used in an sql command  ...)
 	NOT-FOR-US: Fortinet
 CVE-2026-1785 (The Code Snippets plugin for WordPress is vulnerable to Cross-Site Req ...)
@@ -173,9 +173,9 @@ CVE-2025-69214 (OpenSTAManager is an open source management software for technic
 CVE-2025-69212 (OpenSTAManager is an open source management software for technical ass ...)
 	TODO: check
 CVE-2025-64175 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2025-64111 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2025-15320 (Tanium addressed a denial of service vulnerability in Tanium Client.)
 	NOT-FOR-US: Tanium
 CVE-2025-13818 (Local privilege escalation vulnerability via insecure temporary batch  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/176196f3a2ac1bf800c55c0a0e9dbd3ca0fe09c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/176196f3a2ac1bf800c55c0a0e9dbd3ca0fe09c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260206/e9801933/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list