[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Feb 9 15:32:58 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbdc3ab3 by Moritz Muehlenhoff at 2026-02-09T16:30:17+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -90,7 +90,7 @@ CVE-2026-1868 (GitLab has remediated a vulnerability in the Duo Workflow Service
 CVE-2026-1615 (All versions of the package jsonpath are vulnerable to Arbitrary Code  ...)
 	TODO: check
 CVE-2026-0870 (MacroHub developed by GIGABYTE has a Local Privilege Escalation vulner ...)
-	TODO: check
+	NOT-FOR-US: MacroHub
 CVE-2025-66608 (A vulnerability has been found in FAST/TOOLS provided by Yokogawa Elec ...)
 	NOT-FOR-US: Yokogawa
 CVE-2025-66607 (A vulnerability has been found in FAST/TOOLS provided by Yokogawa Elec ...)
@@ -3179,7 +3179,7 @@ CVE-2026-1701 (A security vulnerability has been detected in itsourcecode Studen
 CVE-2026-1700 (A weakness has been identified in projectworlds House Rental and Prope ...)
 	NOT-FOR-US: projectworlds House Rental and Property Listing
 CVE-2026-1699 (In the Eclipse Theia Website repository, the GitHub Actions workflow . ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Theia hosting
 CVE-2026-1691 (A vulnerability has been found in bolo-solo up to 2.6.4. This impacts  ...)
 	NOT-FOR-US: bolo-solo
 CVE-2026-1690 (A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpo ...)
@@ -4514,7 +4514,7 @@ CVE-2020-36941 (Knockpy 4.1.1 contains a CSV injection vulnerability that allows
 CVE-2020-36940 (Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerabil ...)
 	NOT-FOR-US: Easy CD & DVD Cover Creator
 CVE-2020-36939 (Cassandra Web 0.5.0 contains a directory traversal vulnerability that  ...)
-	TODO: check
+	NOT-FOR-US: Cassandra Web
 CVE-2020-36938 (WinAVR version 20100110 contains an insecure permissions vulnerability ...)
 	NOT-FOR-US: WinAVR
 CVE-2026-24883 (In GnuPG before 2.5.17, a long signature packet length causes parse_si ...)
@@ -4726,7 +4726,7 @@ CVE-2026-24429 (Shenzhen Tenda W30E V2 firmware versions up to and including V16
 CVE-2026-24428 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...)
 	NOT-FOR-US: Tenda
 CVE-2026-23864 (Multiple denial of service vulnerabilities exist in React Server Compo ...)
-	TODO: check
+	NOT-FOR-US: react-server-dom-webpack
 CVE-2026-21509 (Reliance on untrusted inputs in a security decision in Microsoft Offic ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-1446 (There is a Cross\u2011Site Scripting (XSS) issue in Esri ArcGIS Pro ve ...)
@@ -896647,7 +896647,6 @@ CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly im
 CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown  ...)
 	NOT-FOR-US: SPINE
 CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ser ...)
-	- tor <unfixed> (unimportant)
 	NOTE: It could be argued that this is a laws-of-physics vulnerability
 	NOTE: that is a fundamental design limitation of certain hardware
 	NOTE: implementations.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbdc3ab3dd6df4186ff0d7e4b2103259225bde6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbdc3ab3dd6df4186ff0d7e4b2103259225bde6e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260209/392a184f/attachment.htm>

More information about the debian-security-tracker-commits mailing list