[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 8 08:46:21 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f722c98a by Moritz Muehlenhoff at 2026-01-08T09:46:01+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,11 +23,11 @@ CVE-2026-22185 (OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load contai
 CVE-2026-22184 (zlib versions up to and including 1.3.1.2 contain a global buffer over ...)
 	TODO: check
 CVE-2026-22047 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-22046 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-22035 (Greenshot is an open source Windows screenshot utility. Versions 1.3.3 ...)
-	TODO: check
+	NOT-FOR-US: Greenshot
 CVE-2026-21883 (Bokeh is an interactive visualization library written in Python. In ve ...)
 	TODO: check
 CVE-2026-21881 (Kanboard is project management software focused on Kanban methodology. ...)
@@ -66,37 +66,37 @@ CVE-2026-21695 (Titra is open source project time tracking software. In versions
 CVE-2026-21694 (Titra is open source project time tracking software. Versions 0.99.49  ...)
 	TODO: check
 CVE-2026-21693 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21692 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21691 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21690 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21689 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21688 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21687 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21686 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21685 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21684 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21683 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21682 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21681 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-21441 (urllib3 is an HTTP client library for Python. urllib3's streaming API  ...)
 	TODO: check
 CVE-2026-21427 (The installers for multiple products provided by PIONEER CORPORATION c ...)
-	TODO: check
+	NOT-FOR-US: Pioneer
 CVE-2026-0707 (A flaw was found in Keycloak. The Keycloak Authorization header parser ...)
-	TODO: check
+	- keycloak <itp> (bug #1088287)
 CVE-2026-0700 (A vulnerability was determined in code-projects Intern Membership Mana ...)
 	NOT-FOR-US: code-projects
 CVE-2026-0699 (A vulnerability was found in code-projects Intern Membership Managemen ...)
@@ -106,25 +106,25 @@ CVE-2026-0698 (A vulnerability has been found in code-projects Intern Membership
 CVE-2026-0697 (A flaw has been found in code-projects Intern Membership Management Sy ...)
 	NOT-FOR-US: code-projects
 CVE-2025-69264 (pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hos ...)
-	TODO: check
+	NOT-FOR-US: pnpm
 CVE-2025-69263 (pnpm is a package manager. Versions 10.26.2 and below store HTTP tarba ...)
-	TODO: check
+	NOT-FOR-US: pnpm
 CVE-2025-69255 (RustFS is a distributed object storage system built in Rust. In versio ...)
-	TODO: check
+	NOT-FOR-US: RustFS
 CVE-2025-69222 (LibreChat is a ChatGPT clone with additional features. Version 0.8.1-r ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2025-69221 (LibreChat is a ChatGPT clone with additional features. Version 0.8.1-r ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2025-69220 (LibreChat is a ChatGPT clone with additional features. Version 0.8.1-r ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2025-68705 (RustFS is a distributed object storage system built in Rust. In versio ...)
-	TODO: check
+	NOT-FOR-US: RustFS
 CVE-2025-66620 (An unused webshell in MicroServer allows unlimited login attempts, wit ...)
-	TODO: check
+	NOT-FOR-US: MicroServer
 CVE-2025-64305 (MicroServer copies parts of the system firmware to an unencrypted exte ...)
-	TODO: check
+	NOT-FOR-US: MicroServer
 CVE-2025-62224 (User interface (ui) misrepresentation of critical information in Micro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-15346 (A vulnerability in the handling of verify_mode = CERT_REQUIRED in the  ...)
 	TODO: check
 CVE-2025-14275 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...)
@@ -138,47 +138,47 @@ CVE-2025-12776 (The Report Builder component of the application stores user inpu
 CVE-2025-12640 (The Folders \u2013 Unlimited Folders to Organize Media Library Folder, ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7333 (A weakness has been identified in bluelabsio records-mover up to 1.5.4 ...)
-	TODO: check
+	NOT-FOR-US: bluelabsio records-mover
 CVE-2019-25296 (The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2019-25295 (The WP Cost Estimation plugin for WordPress is vulnerable to Upload Di ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2019-25291 (INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded c ...)
-	TODO: check
+	NOT-FOR-US: INIM Electronics Smartliving
 CVE-2019-25290 (Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-sid ...)
-	TODO: check
+	NOT-FOR-US: Smartliving SmartLAN
 CVE-2019-25289 (SmartLiving SmartLAN <=6.x contains an authenticated remote command in ...)
-	TODO: check
+	NOT-FOR-US: Smartliving SmartLAN
 CVE-2019-25284 (V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-s ...)
-	TODO: check
+	NOT-FOR-US: V-SOL GPON/EPON OLT Platform
 CVE-2019-25282 (V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: V-SOL GPON/EPON OLT Platform
 CVE-2019-25280 (Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Yahei-PHP Prober
 CVE-2019-25279 (FaceSentry Access Control System 6.4.8 contains a cleartext password s ...)
-	TODO: check
+	NOT-FOR-US: FaceSentry Access Control System
 CVE-2019-25278 (FaceSentry Access Control System 6.4.8 contains a cleartext transmissi ...)
-	TODO: check
+	NOT-FOR-US: FaceSentry Access Control System
 CVE-2019-25277 (FaceSentry Access Control System 6.4.8 contains a cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: FaceSentry Access Control System
 CVE-2019-25270 (SOCA Access Control System 180612 contains a cross-site scripting vuln ...)
-	TODO: check
+	NOT-FOR-US: SOCA Access Control System
 CVE-2019-25268 (NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: NREL BEopt
 CVE-2019-25259 (Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-si ...)
-	TODO: check
+	NOT-FOR-US: Leica Geosystems
 CVE-2019-25231 (devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: devolo dLAN Cockpit
 CVE-2017-20216 (FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multi ...)
-	TODO: check
+	NOT-FOR-US: FLIR Thermal cameras
 CVE-2017-20215 (FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an auth ...)
-	TODO: check
+	NOT-FOR-US: FLIR Thermal cameras
 CVE-2017-20214 (FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard- ...)
-	TODO: check
+	NOT-FOR-US: FLIR Thermal cameras
 CVE-2017-20213 (FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contain ...)
-	TODO: check
+	NOT-FOR-US: FLIR Thermal cameras
 CVE-2017-20212 (FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an in ...)
-	TODO: check
+	NOT-FOR-US: FLIR Thermal cameras
 CVE-2025-69262 (pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Comm ...)
 	NOT-FOR-US: pnpm
 CVE-2025-3950



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f722c98af937f6eea91bb00d0837551691fe5da3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f722c98af937f6eea91bb00d0837551691fe5da3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/07d0ccab/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list