[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon Jan 5 20:26:54 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57542580 by Salvatore Bonaccorso at 2026-01-05T21:26:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2026-21635 (An Improper Access Control could allow a malicious actor in Wi-Fi rang ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti
 CVE-2026-21634 (A malicious actor with access to the adjacent network could overflow t ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti
 CVE-2026-21633 (A malicious actor with access to the adjacent network could obtain una ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti
 CVE-2026-0597 (A flaw has been found in Campcodes Supplier Management System 1.0. Aff ...)
 	NOT-FOR-US: Campcodes
 CVE-2026-0592 (A security flaw has been discovered in code-projects Online Product Re ...)
@@ -15,9 +15,9 @@ CVE-2026-0590 (A vulnerability was determined in code-projects Online Product Re
 CVE-2026-0589 (A vulnerability was found in code-projects Online Product Reservation  ...)
 	NOT-FOR-US: code-projects
 CVE-2026-0588 (A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. A ...)
-	TODO: check
+	NOT-FOR-US: Xinhu Rainrock RockOA
 CVE-2026-0587 (A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7 ...)
-	TODO: check
+	NOT-FOR-US: Xinhu Rainrock RockOA
 CVE-2026-0586 (A vulnerability was detected in code-projects Online Product Reservati ...)
 	NOT-FOR-US: code-projects
 CVE-2026-0585 (A security vulnerability has been detected in code-projects Online Pro ...)
@@ -53,15 +53,15 @@ CVE-2025-68029 (Insertion of Sensitive Information Into Sent Data vulnerability
 CVE-2025-68014 (Insertion of Sensitive Information Into Sent Data vulnerability in Awe ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67427 (A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2 ...)
-	TODO: check
+	NOT-FOR-US: EverShop
 CVE-2025-67419 (A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior al ...)
-	TODO: check
+	NOT-FOR-US: EverShop
 CVE-2025-67397 (An issue in Passy v.1.6.3 allows a remote authenticated attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: Passy
 CVE-2025-67316 (An issue in realme Internet browser v.45.13.4.1 allows a remote attack ...)
-	TODO: check
+	NOT-FOR-US: realme Internet browser
 CVE-2025-67315 (Cross Site Request Forgery vulnerability in Employee Leave Management  ...)
-	TODO: check
+	NOT-FOR-US: Employee Leave Management System
 CVE-2025-67303 (An issue in ComfyUI-Manager prior to version 3.38 allowed remote attac ...)
 	TODO: check
 CVE-2025-66518 (Any client who can access to Apache Kyuubi Server via Kyuubi frontend  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/575425801ea3a079d56793e7947244c05a0320a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/575425801ea3a079d56793e7947244c05a0320a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260105/32e4856d/attachment.htm>
