[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jan 18 11:00:52 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc44b3ac by Moritz Muehlenhoff at 2026-01-18T12:00:16+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -200,7 +200,7 @@ CVE-2026-20759 (OS Command Injection vulnerability exists in multiple Network Ca
 CVE-2026-1004 (The Essential Addons for Elementor plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0949 (PEM versions prior to 9.8.1 are affected by a stored Cross-site Script ...)
-	TODO: check
+	NOT-FOR-US: Postgres Enterprise Manager (PEM)
 CVE-2026-0913 (The User Submitted Posts \u2013 Enable Users to Submit Posts from the  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0823
@@ -753,7 +753,7 @@ CVE-2026-22249 (Docmost is an open-source collaborative wiki and documentation s
 CVE-2026-20076 (A vulnerability in the web-based management interface of Cisco Identit ...)
 	NOT-FOR-US: Cisco
 CVE-2026-20075 (A vulnerability in the web-based management interface of Cisco Evolved ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco Identit ...)
 	NOT-FOR-US: Cisco
 CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resource co ...)
@@ -840,7 +840,7 @@ CVE-2025-64516 (GLPI is a free asset and IT management software package. Prior t
 CVE-2025-62193 (Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to rem ...)
 	NOT-FOR-US: NOAA PMEL Live Access Server (LAS)
 CVE-2025-61973 (A local privilege escalation vulnerability exists during the installat ...)
-	TODO: check
+	NOT-FOR-US: Epic Games Store
 CVE-2025-36911 (In key-based pairing, there is a possible ID due to a logic error in t ...)
 	NOT-FOR-US: Google devices
 CVE-2025-15265 (An SSR XSS exists in async hydration when attacker\u2011controlled key ...)
@@ -1168,7 +1168,7 @@ CVE-2025-14242 (A flaw was found in vsftpd. This vulnerability allows a denial o
 CVE-2025-13175 (Y Soft SafeQ 6 renders the Workflow Connector password field in a way  ...)
 	NOT-FOR-US: Y Soft
 CVE-2025-0647 (In certain Arm CPUs, a CPP RCTX instruction executed on one Processing ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2025-71144 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.18.5-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1574,7 +1574,7 @@ CVE-2022-50933 (Cain & Abel 4.9.56 contains an unquoted service path vulnerabili
 CVE-2022-50932 (Kyocera Command Center RX ECOSYS M2035dn contains a directory traversa ...)
 	NOT-FOR-US: Kyocera Command Center RX ECOSYS
 CVE-2022-50931 (TeamSpeak 3.5.6 contains an insecure file permissions vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: TeamSpeak
 CVE-2022-50930 (Emerson PAC Machine Edition 9.80 contains an unquoted service path vul ...)
 	NOT-FOR-US: Emerson PAC Machine Edition
 CVE-2022-50929 (Connectify Hotspot 2018 contains an unquoted service path vulnerabilit ...)
@@ -1668,7 +1668,7 @@ CVE-2022-50805 (Senayan Library Management System 9.0.0 contains a SQL injection
 CVE-2022-50693 (Splashtop 8.71.12001.0 contains an unquoted service path vulnerability ...)
 	NOT-FOR-US: Splashtop
 CVE-2021-47751 (CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains  ...)
-	TODO: check
+	NOT-FOR-US: CuteEditor for PHP
 CVE-2021-47750 (YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that a ...)
 	NOT-FOR-US: YouPHPTube
 CVE-2021-47749 (YouPHPTube <= 7.8 contains a local file inclusion vulnerability that a ...)
@@ -1791,7 +1791,7 @@ CVE-2026-21268 (Dreamweaver Desktop versions 21.6 and earlier are affected by an
 CVE-2026-21267 (Dreamweaver Desktop versions 21.6 and earlier are affected by an Impro ...)
 	NOT-FOR-US: Adobe
 CVE-2026-21265 (Windows Secure Boot stores Microsoft certificates in the UEFI KEK and  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-21226 (Deserialization of untrusted data in Azure Core shared client library  ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-21224 (Stack-based buffer overflow in Azure Connected Machine Agent allows an ...)
@@ -3658,7 +3658,7 @@ CVE-2025-65518 (Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to
 CVE-2025-63611 (Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user- ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-62877 (Projects using the SUSE Virtualization (Harvester) environment mayexpo ...)
-	TODO: check
+	NOT-FOR-US: SuSE Harvester
 CVE-2025-61550 (Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValu ...)
 	NOT-FOR-US: edu Business Solutions Print Shop Pro WebDesk
 CVE-2025-61549 (Cross-Site Scripting (XSS) is present on the LoginID parameter on the  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc44b3ac1bebae7671cdb1e3599db5340375ebd6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc44b3ac1bebae7671cdb1e3599db5340375ebd6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260118/6c00e99b/attachment.htm>

More information about the debian-security-tracker-commits mailing list