[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 17 08:35:06 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7187cc47 by Salvatore Bonaccorso at 2026-01-17T09:33:16+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,11 +5,11 @@ CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) f
NOTE: https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97
NOTE: Fixed by: https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e (v7.5.3)
CVE-2026-23744 (MCPJam inspector is the local-first development platform for MCP serve ...)
- TODO: check
+ NOT-FOR-US: MCPJam inspector
CVE-2026-23742 (Skipper is an HTTP router and reverse proxy for service composition. T ...)
- TODO: check
+ NOT-FOR-US: Zalando Skipper
CVE-2026-23735 (GraphQL Modules is a toolset of libraries and guidelines dedicated to ...)
- TODO: check
+ NOT-FOR-US: GraphQL Modules
CVE-2026-23643 (CakePHP is a rapid development framework for PHP. The PaginatorHelper: ...)
TODO: check
CVE-2026-22865 (Gradle is a build automation tool, and its native-platform tool provid ...)
@@ -19,7 +19,7 @@ CVE-2026-22816 (Gradle is a build automation tool, and its native-platform tool
CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM interface th ...)
NOT-FOR-US: Microsoft
CVE-2026-20960 (Improper authorization in Microsoft Power Apps allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-0833 (The Team Section Block plugin for WordPress is vulnerable to Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0820 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress ...)
@@ -41,7 +41,7 @@ CVE-2025-5489
CVE-2025-5102
REJECTED
CVE-2025-56451 (Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative ...)
- TODO: check
+ NOT-FOR-US: seeyon Zhiyuan A8+ Collaborative Management Software
CVE-2025-15529 (A vulnerability was found in Open5GS up to 2.7.6. Affected by this iss ...)
TODO: check
CVE-2025-15528 (A vulnerability has been found in Open5GS up to 2.7.6. Affected by thi ...)
@@ -79,9 +79,9 @@ CVE-2024-8506
CVE-2024-8491
REJECTED
CVE-2019-25297 (Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2012-10064 (Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-23731 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, Th ...)
NOT-FOR-US: WeGIA
CVE-2026-23730 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...)
@@ -274,9 +274,9 @@ CVE-2025-15497
NOTE: Introduced with: https://github.com/OpenVPN/openvpn/commit/92adbc88b1b37095cebde2a1c5b6ae242f382678 (v2.7_alpha1)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/e0e0720ac35e4929ed0a9b47d5509907802bc718
CVE-2026-23769 (lucy-xss-filter before commit e5826c0 allows an attacker to execute ma ...)
- TODO: check
+ NOT-FOR-US: lucy-xss-filter
CVE-2026-23768 (lucy-xss-filter before commit 7c1de6d allows an attacker to induce ser ...)
- TODO: check
+ NOT-FOR-US: lucy-xss-filter
CVE-2026-23714
REJECTED
CVE-2026-23713
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7187cc4724268f6254a2838362013e62389f71fe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7187cc4724268f6254a2838362013e62389f71fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260117/5312ca58/attachment.htm>
More information about the debian-security-tracker-commits
mailing list