[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 6 21:13:23 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4a04770 by Salvatore Bonaccorso at 2026-02-06T22:12:57+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,9 +27,9 @@ CVE-2026-2054 (A security flaw has been discovered in D-Link DIR-605L and DIR-61
CVE-2026-2018 (A flaw has been found in itsourcecode School Management System 1.0. Th ...)
NOT-FOR-US: itsourcecode System
CVE-2026-2017 (A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Aff ...)
- TODO: check
+ NOT-FOR-US: IP-COM W30AP
CVE-2026-2016 (A security vulnerability has been detected in happyfish100 libfastcomm ...)
- TODO: check
+ NOT-FOR-US: happyfish100 libfastcommon
CVE-2026-2015 (A weakness has been identified in Portabilis i-Educar up to 2.10. Affe ...)
NOT-FOR-US: Portabilis
CVE-2026-2014 (A security flaw has been discovered in itsourcecode Student Management ...)
@@ -161,7 +161,7 @@ CVE-2026-1785 (The Code Snippets plugin for WordPress is vulnerable to Cross-Sit
CVE-2026-1769 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: Xerox
CVE-2026-1709 (A flaw was found in Keylime. The Keylime registrar, since version 7.12 ...)
- TODO: check
+ NOT-FOR-US: Keylime
CVE-2026-1499 (The WP Duplicate plugin for WordPress is vulnerable to Missing Authori ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1337 (Insufficient escaping of unicode characters in query log in Neo4j Ente ...)
@@ -171,13 +171,13 @@ CVE-2026-1293 (The Yoast SEO \u2013 Advanced SEO with real-time guidance and bui
CVE-2026-1252 (The Events Listing Widget plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-70963 (Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The admini ...)
- TODO: check
+ NOT-FOR-US: Gophish
CVE-2025-69216 (OpenSTAManager is an open source management software for technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2025-69214 (OpenSTAManager is an open source management software for technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2025-69212 (OpenSTAManager is an open source management software for technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2025-64175 (Gogs is an open source self-hosted Git service. In version 0.13.3 and ...)
NOT-FOR-US: Go Git Service
CVE-2025-64111 (Gogs is an open source self-hosted Git service. In version 0.13.3 and ...)
@@ -185,33 +185,33 @@ CVE-2025-64111 (Gogs is an open source self-hosted Git service. In version 0.13.
CVE-2025-15320 (Tanium addressed a denial of service vulnerability in Tanium Client.)
NOT-FOR-US: Tanium
CVE-2025-13818 (Local privilege escalation vulnerability via insecure temporary batch ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2025-13523 (Mattermost Confluence plugin version <1.7.0 fails to properly escape u ...)
- TODO: check
+ NOT-FOR-US: Mattermost Confluence plugin
CVE-2019-25305 (JumpStart 0.6.0.0 contains an unquoted service path vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: JumpStart
CVE-2019-25304 (SecurOS Enterprise 10.2 contains an unquoted service path vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: SecurOS Enterprise
CVE-2019-25303 (TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnera ...)
- TODO: check
+ NOT-FOR-US: TheJshen ContentManagementSystem
CVE-2019-25302 (Acer Launch Manager 6.1.7600.16385 contains an unquoted service path v ...)
- TODO: check
+ NOT-FOR-US: Acer Launch Manager
CVE-2019-25301 (Millhouse-Project 1.414 contains a persistent cross-site scripting vul ...)
- TODO: check
+ NOT-FOR-US: Millhouse-Project
CVE-2019-25300 (thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that ...)
- TODO: check
+ NOT-FOR-US: thejshen Globitek CMS
CVE-2019-25299 (RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: RimbaLinux AhadPOS
CVE-2019-25298 (html5_snmp 1.11 contains multiple SQL injection vulnerabilities that a ...)
- TODO: check
+ NOT-FOR-US: html5_snmp
CVE-2019-25294 (html5_snmp 1.11 contains a persistent cross-site scripting vulnerabili ...)
- TODO: check
+ NOT-FOR-US: html5_snmp
CVE-2019-25293 (BlueStacks App Player 2.4.44.62.57 contains an unquoted service path v ...)
- TODO: check
+ NOT-FOR-US: BlueStacks App Player
CVE-2019-25292 (Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vu ...)
- TODO: check
+ NOT-FOR-US: Alps HID Monitor Service
CVE-2019-25266 (Wondershare Application Framework Service 2.4.3.231 contains an unquot ...)
- TODO: check
+ NOT-FOR-US: Wondershare Application Framework Service
CVE-2026-25727 (time provides date and time handling in Rust. From 0.3.6 to before 0.3 ...)
- rust-time 0.3.47-1
[trixie] - rust-time <no-dsa> (Minor issue)
@@ -504,7 +504,7 @@ CVE-2020-37125 (Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution
CVE-2020-37124 (B64dec 1.1.2 contains a buffer overflow vulnerability that allows atta ...)
TODO: check
CVE-2020-37123 (Pinger 1.0 contains a remote code execution vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Pinger
CVE-2020-37121 (CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allow ...)
NOT-FOR-US: CODE::BLOCKS
CVE-2020-37120 (Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the ...)
@@ -667,33 +667,33 @@ CVE-2023-38017 (IBM Cloud Pak Systemis vulnerable to cross-site scripting. This
CVE-2023-38010 (IBM Cloud Pak System displays sensitive information in user messages t ...)
NOT-FOR-US: IBM
CVE-2019-25288 (Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnera ...)
- TODO: check
+ NOT-FOR-US: Wacom WTabletService
CVE-2019-25287 (Adaware Web Companion version 4.8.2078.3950 contains an unquoted servi ...)
- TODO: check
+ NOT-FOR-US: Adaware Web Companion
CVE-2019-25286 (GCaf\xe9 3.0 contains an unquoted service path vulnerability in the gb ...)
- TODO: check
+ NOT-FOR-US: GCafe
CVE-2019-25285 (Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted se ...)
- TODO: check
+ NOT-FOR-US: Alps Pointing-device Controller
CVE-2019-25283 (Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerab ...)
- TODO: check
+ NOT-FOR-US: Shrew Soft VPN Client
CVE-2019-25281 (NCP Secure Entry Client 9.2 contains an unquoted service path vulnerab ...)
- TODO: check
+ NOT-FOR-US: NCP Secure Entry Client
CVE-2019-25276 (Studio 5000 Logix Designer 30.01.00 contains an unquoted service path ...)
- TODO: check
+ NOT-FOR-US: Studio 5000 Logix Designer
CVE-2019-25275 (BartVPN 1.2.2 contains an unquoted service path vulnerability in the B ...)
- TODO: check
+ NOT-FOR-US: BartVPN
CVE-2019-25274 (ProShow Producer 9.0.3797 contains an unquoted service path vulnerabil ...)
- TODO: check
+ NOT-FOR-US: ProShow Producer
CVE-2019-25273 (Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Easy-Hide-IP
CVE-2019-25272 (TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulner ...)
- TODO: check
+ NOT-FOR-US: TexasSoft CyberPlanet
CVE-2019-25271 (NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerab ...)
- TODO: check
+ NOT-FOR-US: NETGATE Data Backup
CVE-2019-25269 (Amiti Antivirus 25.0.640 contains an unquoted service path vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Amiti Antivirus
CVE-2019-25267 (Wing FTP Server 6.0.7 contains an unquoted service path vulnerability ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2026-25532 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
NOT-FOR-US: ESF-IDF
CVE-2026-25508 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4a04770605d1a5fe058762d0fc20897dd3d95d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4a04770605d1a5fe058762d0fc20897dd3d95d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260206/46f2d9eb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list