[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 16 21:41:23 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e527564c by Salvatore Bonaccorso at 2026-01-16T22:40:16+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102,9 +102,9 @@ CVE-2025-24089 (A permissions issue was addressed with additional restrictions.
 CVE-2025-15104 (Nu Html Checker (validator.nu) contains a restriction bypass that allo ...)
 	- vnu <itp> (bug #961815)
 CVE-2025-15032 (Missing about:blank indicator in custom-sized new windows in Dia befor ...)
-	TODO: check
+	NOT-FOR-US: Dia browser, different from src:dia
 CVE-2025-14894 (Livewire Filemanager, commonly used in Laravel applications, contains  ...)
-	TODO: check
+	NOT-FOR-US: Livewire Filemanager
 CVE-2025-14844 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14822 (Mattermost versions 10.11.x <= 10.11.8 fail to validate input size bef ...)
@@ -376,85 +376,85 @@ CVE-2025-12641 (The Awesome Support - WordPress HelpDesk & Support Plugin for Wo
 CVE-2023-7334 (Changjetong T+ versions up to and including 16.x contain a .NET deseri ...)
 	NOT-FOR-US: Changjetong T+
 CVE-2021-47815 (Nsauditor 3.2.3 contains a denial of service vulnerability in the regi ...)
-	TODO: check
+	NOT-FOR-US: Nsauditor
 CVE-2021-47814 (NBMonitor 1.6.8 contains a denial of service vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: NBMonitor
 CVE-2021-47813 (Backup Key Recovery 2.2.7 contains a denial of service vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: Backup Key Recovery
 CVE-2021-47812 (GravCMS 1.10.7 contains an unauthenticated vulnerability that allows r ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2021-47811 (Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order ...)
-	TODO: check
+	NOT-FOR-US: Grocery Crud
 CVE-2021-47810 (WibuKey Runtime 6.51 contains an unquoted service path vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WibuKey
 CVE-2021-47809 (Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulne ...)
-	TODO: check
+	NOT-FOR-US: Disk Sorter Enterprise
 CVE-2021-47808 (Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Cotonti Siena
 CVE-2021-47807 (Sync Breeze 13.6.18 contains an unquoted service path vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Sync Breeze
 CVE-2021-47806 (Dup Scout 13.5.28 contains an unquoted service path vulnerability in i ...)
-	TODO: check
+	NOT-FOR-US: Dup Scout
 CVE-2021-47805 (Disk Savvy 13.6.14 contains an unquoted service path vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Disk Savvy
 CVE-2021-47804 (Wise Care 365 5.6.7.568 contains an unquoted service path vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Wise Care
 CVE-2021-47803 (iFunbox 4.2 contains an unquoted service path vulnerability in the App ...)
-	TODO: check
+	NOT-FOR-US: iFunbox
 CVE-2021-47801 (Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Vianeos OctoPUS
 CVE-2021-47800 (b2evolution 7.2.2 contains a cross-site request forgery vulnerability  ...)
 	TODO: check
 CVE-2021-47798 (NoteBurner 2.35 contains a buffer overflow vulnerability in the licens ...)
-	TODO: check
+	NOT-FOR-US: NoteBurner
 CVE-2021-47797 (Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Leawo Prof. Media
 CVE-2021-47796 (Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credentia ...)
-	TODO: check
+	NOT-FOR-US: Denver SHC-150 Smart Wifi Camera
 CVE-2021-47795 (GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities includi ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2021-47794 (ZesleCP 3.1.9 contains an authenticated remote code execution vulnerab ...)
-	TODO: check
+	NOT-FOR-US: ZesleCP
 CVE-2021-47793 (Telegram Desktop 2.9.2 contains a denial of service vulnerability that ...)
 	TODO: check
 CVE-2021-47792 (Remote Mouse 4.002 contains an unquoted service path vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: Remote Mouse
 CVE-2021-47791 (SmartFTP Client 10.0.2909.0 contains multiple denial of service vulner ...)
-	TODO: check
+	NOT-FOR-US: SmartFTP Client
 CVE-2021-47790 (Active WebCam 11.5 contains an unquoted service path vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: Active WebCam
 CVE-2021-47789 (Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer over ...)
-	TODO: check
+	NOT-FOR-US: Yenkee Hornet Gaming Mouse driver
 CVE-2021-47788 (WebsiteBaker 2.13.0 contains an authenticated remote code execution vu ...)
-	TODO: check
+	NOT-FOR-US: WebsiteBaker
 CVE-2021-47787 (TotalAV 5.15.69 contains an unquoted service path vulnerability in mul ...)
-	TODO: check
+	NOT-FOR-US: TotalAV
 CVE-2021-47786 (Redragon Gaming Mouse driver contains a kernel-level vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: Redragon Gaming Mouse driver
 CVE-2021-47785 (Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Ether MP3 CD Burner
 CVE-2021-47783 (Phpwcms 1.9.30 contains a file upload vulnerability that allows authen ...)
-	TODO: check
+	NOT-FOR-US: Phpwcms
 CVE-2021-47782 (Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Odine Solutions GateKeeper
 CVE-2021-47780 (Macro Expert 4.7 contains an unquoted service path vulnerability that  ...)
-	TODO: check
+	NOT-FOR-US: Macro Expert
 CVE-2021-47779 (Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnera ...)
 	TODO: check
 CVE-2021-47756 (Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escala ...)
-	TODO: check
+	NOT-FOR-US: Laravel Valet
 CVE-2020-36930 (SysGauge Server 7.9.18 contains an unquoted service path vulnerability ...)
-	TODO: check
+	NOT-FOR-US: SysGauge Server
 CVE-2020-36929 (Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulner ...)
-	TODO: check
+	NOT-FOR-US: Brother BRPrint Auditor
 CVE-2020-36928 (Brother BRAgent 1.38 contains an unquoted service path vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Brother BRAgent
 CVE-2020-36927 (DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnera ...)
-	TODO: check
+	NOT-FOR-US: DiskPulse Enterprise
 CVE-2020-36926 (SmarterTrack 7922 contains an information disclosure vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: SmarterTrack
 CVE-2011-10041 (Uploadify WordPress plugin versions up to and including 1.0contain an  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-61730 [crypto/tls: handshake messages may be processed at the incorrect encryption level]
 	- golang-1.25 <unfixed>
 	- golang-1.24 <unfixed>
@@ -739,7 +739,7 @@ CVE-2021-47768 (ImportExportTools NG 10.0.4 contains a persistent HTML injection
 CVE-2021-47767 (10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted ser ...)
 	NOT-FOR-US: 10-Strike Network Inventory Explorer Pro
 CVE-2021-47766 (Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Kmaleon
 CVE-2021-47765 (AbsoluteTelnet 11.24 contains a denial of service vulnerability that a ...)
 	NOT-FOR-US: AbsoluteTelnet
 CVE-2021-47764 (AbsoluteTelnet 11.24 contains a denial of service vulnerability that a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e527564c56703e81a5a9dc9035eedaa43725555d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e527564c56703e81a5a9dc9035eedaa43725555d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260116/ae8563cf/attachment.htm>

More information about the debian-security-tracker-commits mailing list