[Git][security-tracker-team/security-tracker][master] Associate some NFUs with itp'ed entry for pnpm
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 8 22:27:18 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99d682ca by Salvatore Bonaccorso at 2026-01-08T23:26:47+01:00
Associate some NFUs with itp'ed entry for pnpm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -424,9 +424,9 @@ CVE-2026-0698 (A vulnerability has been found in code-projects Intern Membership
CVE-2026-0697 (A flaw has been found in code-projects Intern Membership Management Sy ...)
NOT-FOR-US: code-projects
CVE-2025-69264 (pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hos ...)
- NOT-FOR-US: pnpm
+ - pnpm <itp> (bug #985669)
CVE-2025-69263 (pnpm is a package manager. Versions 10.26.2 and below store HTTP tarba ...)
- NOT-FOR-US: pnpm
+ - pnpm <itp> (bug #985669)
CVE-2025-69255 (RustFS is a distributed object storage system built in Rust. In versio ...)
NOT-FOR-US: RustFS
CVE-2025-69222 (LibreChat is a ChatGPT clone with additional features. Version 0.8.1-r ...)
@@ -499,7 +499,7 @@ CVE-2017-20213 (FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 c
CVE-2017-20212 (FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an in ...)
NOT-FOR-US: FLIR Thermal cameras
CVE-2025-69262 (pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Comm ...)
- NOT-FOR-US: pnpm
+ - pnpm <itp> (bug #985669)
CVE-2025-3950
- gitlab <unfixed>
CVE-2025-11246
@@ -89545,7 +89545,7 @@ CVE-2024-58251 (In netstat in BusyBox through 1.37.0, local users can launch of
[bullseye] - busybox <postponed> (Minor issue, DoS, revisit when fixed upstream)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15922
CVE-2024-47829 (pnpm is a package manager. Prior to version 10.0.0, the path shortenin ...)
- NOT-FOR-US: pnpm
+ - pnpm <itp> (bug #985669)
CVE-2024-10306 (A vulnerability was found in mod_proxy_cluster. The issue is that the ...)
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2025-XXXX [RUSTSEC-2025-0023]
@@ -133475,7 +133475,7 @@ CVE-2024-54008 (An authenticated Remote Code Execution (RCE) vulnerability exist
CVE-2024-54005 (A vulnerability has been identified in COMOS V10.3 (All versions < V10 ...)
NOT-FOR-US: Siemens
CVE-2024-53866 (The package manager pnpm prior to version 9.15.0 seems to mishandle ov ...)
- NOT-FOR-US: pnpm
+ - pnpm <itp> (bug #985669)
CVE-2024-53832 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
NOT-FOR-US: Siemens
CVE-2024-53481 (A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGu ...)
@@ -254419,7 +254419,7 @@ CVE-2023-38559 (A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn
CVE-2023-38357 (Session tokens in RWS WorldServer 11.7.3 and earlier have a low entrop ...)
NOT-FOR-US: RWS WorldServer
CVE-2023-37478 (pnpm is a package manager. It is possible to construct a tarball that, ...)
- NOT-FOR-US: pnpm
+ - pnpm <itp> (bug #985669)
CVE-2023-36211 (The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting ...)
NOT-FOR-US: Barebones CMS
CVE-2023-36210 (MotoCMS Version 3.4.3 Store Category Template was discovered to contai ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99d682ca71f1bda3a36a9e74796a21b52355017e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99d682ca71f1bda3a36a9e74796a21b52355017e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/a5ca0832/attachment.htm>
More information about the debian-security-tracker-commits
mailing list