[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 27 22:10:21 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
677181e4 by Salvatore Bonaccorso at 2026-01-27T23:09:57+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -181,7 +181,7 @@ CVE-2026-22258 (Suricata is a network IDS, IPS and NSM engine. Prior to versions
NOTE: https://github.com/OISF/suricata/commit/39d8c302af3422a096b75474a4f295a754ec6a74 (suricata-8.0.3)
NOTE: https://github.com/OISF/suricata/commit/f82a388d0283725cb76782cf64e8341cab370830 (suricata-7.0.14)
CVE-2026-22039 (Kyverno is a policy engine designed for cloud native platform engineer ...)
- TODO: check
+ NOT-FOR-US: Kyverno
CVE-2026-21721 (The dashboard permissions API does not verify the target dashboard sco ...)
TODO: check
CVE-2026-21720 (Every uncached /avatar/:hash request spawns a goroutine that refreshes ...)
@@ -195,45 +195,45 @@ CVE-2026-1485 (A flaw was found in Glib's content type parsing logic. This buffe
CVE-2026-1484 (A flaw was found in the GLib Base64 encoding routine when processing v ...)
TODO: check
CVE-2026-1483 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1482 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1481 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1480 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1479 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1478 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1477 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1476 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1475 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1474 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1473 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1472 (An out-of-band SQL injection vulnerability (OOB SQLi) has been detecte ...)
- TODO: check
+ NOT-FOR-US: Performance Evaluation (EDD)
CVE-2026-1470 (n8n contains a critical Remote Code Execution (RCE) vulnerability in i ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-1467 (A flaw was found in libsoup, an HTTP client library. This vulnerabilit ...)
TODO: check
CVE-2026-1465 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: anyrtcIO-Community anyRTC-RTMP-OpenSource
CVE-2026-1464 (Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManag ...)
- TODO: check
+ NOT-FOR-US: MuntashirAkon AppManager
CVE-2026-1315 (By sending crafted files to the firmware update endpointof Tapo C220 v ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-1213 (All versions of askbot before and including 0.12.2 allow an attacker a ...)
- TODO: check
+ NOT-FOR-US: askbot
CVE-2026-0919 (The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handl ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-0918 (The Tapo C220 v1 and C520WS v2 cameras\u2019 HTTP service does not saf ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-0746 (The AI Engine plugin for WordPress is vulnerable to Server-Side Reques ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0705 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -259,11 +259,11 @@ CVE-2025-55102 (A denial-of-service vulnerability exists in the NetX IPv6 compon
CVE-2025-55095 (The function _ux_host_class_storage_media_mount()is responsible for mo ...)
TODO: check
CVE-2025-41728 (A low privileged remote attacker may be able to disclose confidential ...)
- TODO: check
+ NOT-FOR-US: Beckhoff Automation
CVE-2025-41727 (A local low privileged attacker can bypass the authentication of the D ...)
- TODO: check
+ NOT-FOR-US: Beckhoff Automation
CVE-2025-41726 (A low privileged remote attacker can execute arbitrary code by sending ...)
- TODO: check
+ NOT-FOR-US: Beckhoff Automation
CVE-2025-33234 (NVIDIA runx contains a vulnerability where an attacker could cause a c ...)
TODO: check
CVE-2025-28164 (Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local a ...)
@@ -273,59 +273,59 @@ CVE-2025-28162 (Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a l
CVE-2025-14911 (User-controlled chunkSize metadata from MongoDB lacks appropriate vali ...)
TODO: check
CVE-2025-12810 (Improper Authentication vulnerability in Delinea Inc. Secret Server On ...)
- TODO: check
+ NOT-FOR-US: Delinea
CVE-2025-12387 (A vulnerability in the Pix-Link LV-WR21Q router's language module allo ...)
- TODO: check
+ NOT-FOR-US: Pix-Link
CVE-2025-12386 (Pix-Link LV-WR21Q does not enforce any form of authentication for endp ...)
- TODO: check
+ NOT-FOR-US: Pix-Link
CVE-2021-47902 (Testa Online Test Management System 3.4.7 contains a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: Testa Online Test Management System
CVE-2021-47901 (Dirsearch 0.4.1 contains a CSV injection vulnerability when using the ...)
- TODO: check
+ NOT-FOR-US: Dirsearch
CVE-2021-47900 (Gila CMS versions prior to 2.0.0 contain a remote code execution vulne ...)
- TODO: check
+ NOT-FOR-US: Gila CMS
CVE-2020-36983 (Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulner ...)
- TODO: check
+ NOT-FOR-US: Quick and Easy FTP Service
CVE-2020-36982 (Motorola Device Manager 2.5.4 contains an unquoted service path vulner ...)
- TODO: check
+ NOT-FOR-US: Motorola Device Manager
CVE-2020-36981 (Motorola Device Manager 2.4.5 contains an unquoted service path vulner ...)
- TODO: check
+ NOT-FOR-US: Motorola Device Manager
CVE-2020-36980 (SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerabili ...)
- TODO: check
+ NOT-FOR-US: SAntivirus IC
CVE-2020-36979 (Atheros Coex Service Application 8.0.0.255 contains an unquoted servic ...)
- TODO: check
+ NOT-FOR-US: Atheros Coex Service Application
CVE-2020-36978 (Froxlor Server Management Panel 0.10.16 contains a persistent cross-si ...)
- TODO: check
+ NOT-FOR-US: Froxlor Server Management Panel
CVE-2020-36977 (Wondershare Driver Install Service contains an unquoted service path v ...)
- TODO: check
+ NOT-FOR-US: Wondershare Driver Install Service
CVE-2020-36976 (Acer Global Registration Service 1.0.0.3 contains an unquoted service ...)
- TODO: check
+ NOT-FOR-US: Acer Global Registration Service
CVE-2020-36975 (EPSON Status Monitor 3 version 8.0 contains an unquoted service path v ...)
- TODO: check
+ NOT-FOR-US: EPSON
CVE-2020-36974 (Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path v ...)
- TODO: check
+ NOT-FOR-US: Realtek Andrea RT Filters
CVE-2020-36951 (Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: Phpscript-sgh
CVE-2020-36950 (Laravel Nova 3.7.0 contains a denial of service vulnerability that all ...)
TODO: check
CVE-2020-36949 (TapinRadio 2.13.7 contains a denial of service vulnerability in the ap ...)
- TODO: check
+ NOT-FOR-US: TapinRadio
CVE-2020-36948 (VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs ...)
- TODO: check
+ NOT-FOR-US: VestaCP
CVE-2020-36947 (LibreNMS 1.46 contains an authenticated SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2020-36946 (SyncBreeze 10.0.28 contains a denial of service vulnerability in the l ...)
- TODO: check
+ NOT-FOR-US: SyncBreeze
CVE-2020-36942 (Victor CMS 1.0 contains a file upload vulnerability that allows authen ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2020-36941 (Knockpy 4.1.1 contains a CSV injection vulnerability that allows attac ...)
- TODO: check
+ NOT-FOR-US: Knockpy
CVE-2020-36940 (Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Easy CD & DVD Cover Creator
CVE-2020-36939 (Cassandra Web 0.5.0 contains a directory traversal vulnerability that ...)
TODO: check
CVE-2020-36938 (WinAVR version 20100110 contains an insecure permissions vulnerability ...)
- TODO: check
+ NOT-FOR-US: WinAVR
CVE-2026-24883 (In GnuPG before 2.5.17, a long signature packet length causes parse_si ...)
- gnupg2 <unfixed>
NOTE: https://dev.gnupg.org/T8049
@@ -473,7 +473,7 @@ CVE-2026-22709 (vm2 is an open source vm/sandbox for Node.js. In vm2 prior to ve
CVE-2026-22696 (dcap-qvl implements the quote verification logic for DCAP (Data Center ...)
TODO: check
CVE-2026-21408 (beat-access for Windows version 3.0.3 and prior contains an issue with ...)
- TODO: check
+ NOT-FOR-US: beat-access for Windows
CVE-2026-1449 (A flaw has been found in Hisense TransTech Smart Bus Management System ...)
NOT-FOR-US: Hisense TransTech Smart Bus Management System
CVE-2026-1448 (A vulnerability was detected in D-Link DIR-615 up to 4.10. This impact ...)
@@ -487,7 +487,7 @@ CVE-2026-1443 (A flaw has been found in code-projects Online Music Site 1.0. Aff
CVE-2026-1361 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
NOT-FOR-US: Delta Electronics
CVE-2025-59473 (SQL Injection vulnerability in the Structure for Admin authenticated u ...)
- TODO: check
+ NOT-FOR-US: Structure for Admin
CVE-2025-59472 (A denial of service vulnerability exists in Next.js versions with Part ...)
NOT-FOR-US: Next.js
CVE-2025-59471 (A denial of service vulnerability exists in self-hosted Next.js applic ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/677181e47d458812a6707fbb4ea01b9085c825e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/677181e47d458812a6707fbb4ea01b9085c825e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/d176817e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list