[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 16 20:53:14 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c917019d by Salvatore Bonaccorso at 2026-01-16T21:51:01+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,9 +38,9 @@ CVE-2026-23523 (Dive is an open-source MCP Host Desktop Application that enables
CVE-2026-23490 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial ...)
TODO: check
CVE-2026-22876 (Path Traversal vulnerability exists in multiple Network Cameras TRIFOR ...)
- TODO: check
+ NOT-FOR-US: TOA Corporation
CVE-2026-22782 (RustFS is a distributed object storage system built in Rust. From >= 1 ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-21625 (User provided uploads to the Easy Discuss component for Joomla aren't ...)
NOT-FOR-US: Joomla
CVE-2026-21624 (Lack of input filterung leads to a persistent XSS vulnerability in the ...)
@@ -48,9 +48,9 @@ CVE-2026-21624 (Lack of input filterung leads to a persistent XSS vulnerability
CVE-2026-21623 (Lack of input filterung leads to a persistent XSS vulnerability in the ...)
NOT-FOR-US: Joomla
CVE-2026-20894 (Cross-site scripting vulnerability exists in multiple Network Cameras ...)
- TODO: check
+ NOT-FOR-US: TOA Corporation
CVE-2026-20759 (OS Command Injection vulnerability exists in multiple Network Cameras ...)
- TODO: check
+ NOT-FOR-US: TOA Corporation
CVE-2026-1004 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0949 (PEM versions prior to 9.8.1 are affected by a stored Cross-site Script ...)
@@ -60,29 +60,29 @@ CVE-2026-0913 (The User Submitted Posts \u2013 Enable Users to Submit Posts from
CVE-2026-0823
REJECTED
CVE-2026-0696 (In ConnectWise PSA versions older than 2026.1, certain session cookies ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2026-0695 (In ConnectWise PSA versions older than 2026.1, Time Entry notes stored ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2026-0629 (Authentication bypass in the password recovery feature of the local we ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-0616 (TheLibrarians web_fetch tool can be used to retrieve the Adminer inter ...)
- TODO: check
+ NOT-FOR-US: The Librarian
CVE-2026-0615 (The Librarian `supervisord` status page can be retrieved by the `web_f ...)
- TODO: check
+ NOT-FOR-US: TheLibrarian
CVE-2026-0613 (The Librarian contains an internal port scanning vulnerability, facili ...)
- TODO: check
+ NOT-FOR-US: The Librarian
CVE-2026-0612 (The Librarian contains a information leakage vulnerability through the ...)
- TODO: check
+ NOT-FOR-US: The Librarian
CVE-2025-71020 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
NOT-FOR-US: Tenda
CVE-2025-70746 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
NOT-FOR-US: Tenda
CVE-2025-69581 (An issue was discovered in Chamillo LMS 1.11.2. The Social Network /pe ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2025-68924 (In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can ...)
NOT-FOR-US: Umbraco CMS
CVE-2025-68921 (SteelSeries Nahimic 3 1.10.7 allows Directory traversal.)
- TODO: check
+ NOT-FOR-US: SteelSeries Nahimic
CVE-2025-59870 (HCL MyXalytics v6.7 is affected by improper management of a static JWT ...)
NOT-FOR-US: HCL
CVE-2025-48647 (In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, t ...)
@@ -124,59 +124,59 @@ CVE-2024-44238 (The issue was addressed with improved bounds checks. This issue
CVE-2024-44210 (This issue was addressed with improved permissions checking. This issu ...)
NOT-FOR-US: Apple
CVE-2021-47847 (Disk Sorter Server 13.6.12 contains an unquoted service path vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Disk Sorter Server
CVE-2021-47845 (Spy Emergency 25.0.650 contains an unquoted service path vulnerability ...)
- TODO: check
+ NOT-FOR-US: Spy Emergency
CVE-2021-47844 (Xmind 2020 contains a cross-site scripting vulnerability that allows a ...)
TODO: check
CVE-2021-47842 (StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability ...)
- TODO: check
+ NOT-FOR-US: StudyMD
CVE-2021-47841 (SnipCommand 0.1.0 contains a cross-site scripting vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: SnipCommand
CVE-2021-47840 (Moeditor 0.2.0 contains a persistent cross-site scripting vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Moeditor
CVE-2021-47839 (Marky 0.0.1 contains a persistent cross-site scripting vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Marky
CVE-2021-47838 (Markright 1.0 contains a persistent cross-site scripting vulnerability ...)
- TODO: check
+ NOT-FOR-US: Markright
CVE-2021-47837 (Markdownify 1.2.0 contains a persistent cross-site scripting vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Markdownify
CVE-2021-47836 (Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability ...)
- TODO: check
+ NOT-FOR-US: Markdown Explorer
CVE-2021-47835 (Freeter 1.2.1 contains a persistent cross-site scripting vulnerability ...)
- TODO: check
+ NOT-FOR-US: Freeter
CVE-2021-47834 (Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerab ...)
- TODO: check
+ NOT-FOR-US: Schlix CMS
CVE-2021-47833 (WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WifiHotSpot
CVE-2021-47832 (Sandboxie Plus 0.7.4 contains an unquoted service path vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Sandboxie Plus
CVE-2021-47831 (Sandboxie 5.49.7 contains a denial of service vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: Sandboxie
CVE-2021-47829 (DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerabil ...)
- TODO: check
+ NOT-FOR-US: DHCP Broadband
CVE-2021-47828 (BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability ...)
- TODO: check
+ NOT-FOR-US: BOOTP Turbo
CVE-2021-47827 (WebSSH for iOS 14.16.10 contains a denial of service vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WebSSH for iOS
CVE-2021-47826 (Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnera ...)
- TODO: check
+ NOT-FOR-US: Acer Backup Manager
CVE-2021-47825 (Acer Updater Service 1.2.3500.0 contains an unquoted service path vuln ...)
- TODO: check
+ NOT-FOR-US: Acer Updater Service
CVE-2021-47824 (iDailyDiary 4.30 contains a denial of service vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: iDailyDiary
CVE-2021-47823 (Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Acer ePowerSvc
CVE-2021-47822 (DiskBoss Service 12.2.18 contains an unquoted service path vulnerabili ...)
- TODO: check
+ NOT-FOR-US: DiskBoss Service
CVE-2021-47821 (RarmaRadio 2.72.8 contains a denial of service vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: RarmaRadio
CVE-2021-47820 (Ubee EVW327 contains a cross-site request forgery vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Ubee EVW327
CVE-2021-47818 (DupTerminator 1.4.5639.37199 contains a denial of service vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: DupTerminator
CVE-2021-47816 (Thecus N4800Eco NAS Server Control Panel contains a command injection ...)
- TODO: check
+ NOT-FOR-US: Thecus N4800Eco NAS Server Control Panel
CVE-2025-60021 (Remote command injection vulnerability in heap profiler builtin servic ...)
- brpc <itp> (bug #1060006)
CVE-2025-15497
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c917019d803c6c53888b3be342699f0ddf9d12be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c917019d803c6c53888b3be342699f0ddf9d12be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260116/fd983f04/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list