[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 8 21:48:36 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8207e82 by Salvatore Bonaccorso at 2026-01-08T22:48:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57,7 +57,7 @@ CVE-2026-22043 (RustFS is a distributed object storage system built in Rust. In
 CVE-2026-22042 (RustFS is a distributed object storage system built in Rust. Prior to  ...)
 	NOT-FOR-US: RustFS
 CVE-2026-22041 (Logging Redactor is a Python library designed to redact sensitive data ...)
-	TODO: check
+	NOT-FOR-US: Logging Redactor
 CVE-2026-22034 (Snuffleupagus is a module that raises the cost of attacks against webs ...)
 	TODO: check
 CVE-2026-22032 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -65,33 +65,33 @@ CVE-2026-22032 (Directus is a real-time API and App dashboard for managing SQL d
 CVE-2026-22028 (Preact, a lightweight web development framework, JSON serialization pr ...)
 	TODO: check
 CVE-2026-21896 (Kirby is an open-source content management system. From versions 5.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2026-21895 (The `rsa` crate is an RSA implementation written in rust. Prior to ver ...)
 	TODO: check
 CVE-2026-21894 (n8n is an open source workflow automation platform. In versions from 0 ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-21892 (Parsl is a Python parallel scripting library. A SQL Injection vulnerab ...)
 	TODO: check
 CVE-2026-21891 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
-	TODO: check
+	NOT-FOR-US: ZimaOS
 CVE-2026-21885 (Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Min ...)
 	TODO: check
 CVE-2026-21876 (The OWASP core rule set (CRS) is a set of generic attack detection rul ...)
 	TODO: check
 CVE-2026-21874 (NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1 ...)
-	TODO: check
+	NOT-FOR-US: NiceGUI
 CVE-2026-21873 (NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, ...)
-	TODO: check
+	NOT-FOR-US: NiceGUI
 CVE-2026-21872 (NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, ...)
-	TODO: check
+	NOT-FOR-US: NiceGUI
 CVE-2026-21871 (NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, ...)
-	TODO: check
+	NOT-FOR-US: NiceGUI
 CVE-2026-21860 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
 	TODO: check
 CVE-2026-21639 (A malicious actor in Wi-Fi range of the affected product could leverag ...)
-	TODO: check
+	NOT-FOR-US: airFiber AF60
 CVE-2026-21638 (A malicious actor in Wi-Fi range of the affected product could leverag ...)
-	TODO: check
+	NOT-FOR-US: UBB
 CVE-2026-0747 (Exposure of sensitive information in the TeamViewer entry dashboard co ...)
 	NOT-FOR-US: Devolutions
 CVE-2026-0719 (A flaw was found in libsoup's NTLM (NT LAN Manager) authentication mod ...)
@@ -107,9 +107,9 @@ CVE-2026-0674 (Missing Authorization vulnerability in Campaign Monitor Campaign
 CVE-2026-0671 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-8307 (Asseco InfoMedica is a comprehensive solution used to manage both admi ...)
-	TODO: check
+	NOT-FOR-US: Asseco InfoMedica
 CVE-2025-8306 (Asseco InfoMedica is a comprehensive solution used to manage both admi ...)
-	TODO: check
+	NOT-FOR-US: Asseco InfoMedica
 CVE-2025-69260 (A message out-of-bounds read vulnerability in Trend Micro Apex Central ...)
 	NOT-FOR-US: Trend Micro
 CVE-2025-69259 (A message unchecked NULL return value vulnerability in Trend Micro Ape ...)
@@ -137,7 +137,7 @@ CVE-2025-68873 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-68867 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68715 (An issue was discovered in Panda Wireless PWRU0 devices with firmware  ...)
-	TODO: check
+	NOT-FOR-US: Panda Wireless PWRU0 devices
 CVE-2025-68158 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
 	TODO: check
 CVE-2025-68151 (CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8207e82052e7164732f094a7015e1e138c7ea3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8207e82052e7164732f094a7015e1e138c7ea3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/6b16f207/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list