[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 23 09:22:06 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ec0d573 by Salvatore Bonaccorso at 2026-01-23T10:21:40+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,9 +38,9 @@ CVE-2026-24130 (Moonraker is a Python web server providing API access to Klipper
 CVE-2026-24129 (Runtipi is a Docker-based, personal homeserver orchestrator that facil ...)
 	NOT-FOR-US: Runtipi
 CVE-2026-24124 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2026-24058 (Soft Serve is a self-hostable Git server for the command line. Version ...)
-	TODO: check
+	NOT-FOR-US: Soft Serve
 CVE-2026-23988 (Rufus is a utility that helps format and create bootable USB flash dri ...)
 	NOT-FOR-US: Rufus
 CVE-2026-21524 (Exposure of sensitive information to an unauthorized actor in Azure Da ...)
@@ -72,99 +72,99 @@ CVE-2026-20736 (Gitea does not properly verify repository context when deleting
 CVE-2026-20613 (The ArchiveReader.extractContents() function used by cctl image load a ...)
 	NOT-FOR-US: Apple
 CVE-2026-1201 (An Authorization Bypass Through User-Controlled Key vulnerability in H ...)
-	TODO: check
+	NOT-FOR-US: Hubitat Elevation home automation controllers
 CVE-2026-0927 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0798 (Gitea may send release notification emails for private repositories to ...)
 	TODO: check
 CVE-2026-0796 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0795 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0794 (ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vu ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0793 (ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remo ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0792 (ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Ov ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0791 (ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Over ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0790 (ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosur ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0789 (ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie i ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0788 (ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vuln ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0787 (ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0786 (ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0785 (ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0784 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0783 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0782 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0781 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0780 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0779 (ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Executio ...)
-	TODO: check
+	NOT-FOR-US: ALGO
 CVE-2026-0778 (Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code E ...)
-	TODO: check
+	NOT-FOR-US: Enel X
 CVE-2026-0776 (Discord Client Uncontrolled Search Path Element Local Privilege Escala ...)
-	TODO: check
+	NOT-FOR-US: Discord
 CVE-2026-0775 (npm cli Incorrect Permission Assignment Local Privilege Escalation Vul ...)
 	TODO: check
 CVE-2026-0774 (WatchYourLAN Configuration Page Argument Injection Remote Code Executi ...)
-	TODO: check
+	NOT-FOR-US: WatchYourLAN
 CVE-2026-0773 (Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Exec ...)
-	TODO: check
+	NOT-FOR-US: Upsonic
 CVE-2026-0772 (Langflow Disk Cache Deserialization of Untrusted Data Remote Code Exec ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-0771 (Langflow PythonFunction Code Injection Remote Code Execution Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-0770 (Langflow exec_globals Inclusion of Functionality from Untrusted Contro ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-0769 (Langflow eval_custom_component_code Eval Injection Remote Code Executi ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-0768 (Langflow code Code Injection Remote Code Execution Vulnerability. This ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-0767 (Open WebUI Cleartext Transmission of Credentials Information Disclosur ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-0766 (Open WebUI load_tool_module_by_id Command Injection Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-0765 (Open WebUI PIP install_frontmatter_requirements Command Injection Remo ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-0764 (GPT Academic upload Deserialization of Untrusted Data Remote Code Exec ...)
-	TODO: check
+	NOT-FOR-US: GPT Academic
 CVE-2026-0763 (GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrust ...)
-	TODO: check
+	NOT-FOR-US: GPT Academic
 CVE-2026-0762 (GPT Academic stream_daas Deserialization of Untrusted Data Remote Code ...)
-	TODO: check
+	NOT-FOR-US: GPT Academic
 CVE-2026-0761 (Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection R ...)
-	TODO: check
+	NOT-FOR-US: Foundation Agents MetaGPT
 CVE-2026-0760 (Foundation Agents MetaGPT deserialize_message Deserialization of Untru ...)
-	TODO: check
+	NOT-FOR-US: Foundation Agents MetaGPT
 CVE-2026-0759 (Katana Network Development Starter Kit executeCommand Command Injectio ...)
-	TODO: check
+	NOT-FOR-US: Katana Network
 CVE-2026-0758 (mcp-server-siri-shortcuts shortcutName Command Injection Privilege Esc ...)
-	TODO: check
+	NOT-FOR-US: mcp-server-siri-shortcuts
 CVE-2026-0757 (MCP Manager for Claude Desktop execute-command Command Injection Sandb ...)
-	TODO: check
+	NOT-FOR-US: MCP Manager for Claude Desktop
 CVE-2026-0756 (github-kanban-mcp-server execAsync Command Injection Remote Code Execu ...)
-	TODO: check
+	NOT-FOR-US: github-kanban-mcp-server
 CVE-2026-0755 (gemini-mcp-tool execAsync Command Injection Remote Code Execution Vuln ...)
-	TODO: check
+	NOT-FOR-US: gemini-mcp-tool
 CVE-2026-0710 (A flaw was found in SIPp. A remote attacker could exploit this by send ...)
 	TODO: check
 CVE-2025-9290 (An authentication weakness was identified in Omada Controllers, Gatewa ...)
-	TODO: check
+	NOT-FOR-US: Omada
 CVE-2025-9289 (A Cross-Site Scripting (XSS) vulnerability was identified in a paramet ...)
-	TODO: check
+	NOT-FOR-US: Omada
 CVE-2025-67847 (A flaw was found in Moodle. An attacker with access to the restore int ...)
 	TODO: check
 CVE-2025-67652 (An attacker with access to the project file could use the exposed  cre ...)
@@ -182,13 +182,13 @@ CVE-2025-22234 (The fix applied in CVE-2025-22228 inadvertently broke the timing
 CVE-2025-15522 (The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks &  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-15351 (Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data  ...)
-	TODO: check
+	NOT-FOR-US: Anritsu
 CVE-2025-15350 (Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data  ...)
-	TODO: check
+	NOT-FOR-US: Anritsu
 CVE-2025-15349 (Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Anritsu
 CVE-2025-15348 (Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data R ...)
-	TODO: check
+	NOT-FOR-US: Anritsu
 CVE-2025-15063 (Ollama MCP Server execAsync Command Injection Remote Code Execution Vu ...)
 	TODO: check
 CVE-2025-15062 (Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ec0d573764b6974105246151416911655507026

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ec0d573764b6974105246151416911655507026
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/a1026a6f/attachment.htm>

More information about the debian-security-tracker-commits mailing list