[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 27 21:38:38 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58898787 by Salvatore Bonaccorso at 2026-01-27T22:38:15+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81,51 +81,51 @@ CVE-2026-24804 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerabi
 CVE-2026-24803 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
 	NOT-FOR-US: coolsnowwolf lede
 CVE-2026-24802 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: briandilley jsonrpc4j
 CVE-2026-24801 (Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/co ...)
-	TODO: check
+	NOT-FOR-US: Ralim IronOS
 CVE-2026-24800 (Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Clas ...)
-	TODO: check
+	NOT-FOR-US: tildearrow furnace
 CVE-2026-24799 (Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Clas ...)
-	TODO: check
+	NOT-FOR-US: davisking dlib
 CVE-2026-24798 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: GaijinEntertainment DagorEngine
 CVE-2026-24797 (Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libj ...)
-	TODO: check
+	NOT-FOR-US: neka-nat cupoch
 CVE-2026-24796 (Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader  ...)
-	TODO: check
+	NOT-FOR-US: CloverHackyColor CloverBootloader
 CVE-2026-24795 (Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader ...)
-	TODO: check
+	NOT-FOR-US: CloverHackyColor CloverBootloader
 CVE-2026-24794 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: CardboardPowered cardboard
 CVE-2026-24793 (Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Clas ...)
-	TODO: check
+	NOT-FOR-US: zerothcore azerothcore-wotlk
 CVE-2026-24771 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-24688 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
 	TODO: check
 CVE-2026-24473 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-24472 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-24398 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-24348 (Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pr ...)
-	TODO: check
+	NOT-FOR-US: EZCast Pro II
 CVE-2026-24347 (Improper input validation in Admin UI of EZCast Pro II version 1.17478 ...)
-	TODO: check
+	NOT-FOR-US: EZCast Pro II
 CVE-2026-24346 (Use of well-known default credentials in Admin UI of EZCast Pro II ver ...)
-	TODO: check
+	NOT-FOR-US: EZCast Pro II
 CVE-2026-24345 (Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.1747 ...)
-	TODO: check
+	NOT-FOR-US: EZCast Pro II
 CVE-2026-24344 (MultipleBuffer Overflows in Admin UI of EZCast Pro II version 1.17478. ...)
-	TODO: check
+	NOT-FOR-US: EZCast Pro II
 CVE-2026-24116 (Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and  ...)
 	TODO: check
 CVE-2026-23892 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
 	TODO: check
 CVE-2026-23881 (Kyverno is a policy engine designed for cloud native platform engineer ...)
-	TODO: check
+	NOT-FOR-US: Kyverno
 CVE-2026-23593 (A vulnerability in the web-based management interface of HPE Aruba Net ...)
 	NOT-FOR-US: HPE
 CVE-2026-23592 (Insecure file operations in HPE Aruba Networking Fabric Composer\xe2\u ...)
@@ -433,7 +433,7 @@ CVE-2026-23888 (pnpm is a package manager. Prior to version 10.28.1, a path trav
 CVE-2026-23683 (SAP Fiori App Intercompany Balance Reconciliation does not perform nec ...)
 	NOT-FOR-US: SAP
 CVE-2026-22709 (vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Node vm2
 CVE-2026-22696 (dcap-qvl implements the quote verification logic for DCAP (Data Center ...)
 	TODO: check
 CVE-2026-21408 (beat-access for Windows version 3.0.3 and prior contains an issue with ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58898787a847a2bb6e3915d3defb4bb994f0e062

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58898787a847a2bb6e3915d3defb4bb994f0e062
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/6534e15e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list