[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 28 09:34:28 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e57741b5 by Salvatore Bonaccorso at 2026-01-28T10:32:58+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2026-24859
 CVE-2026-24852 (iccDEV provides a set of libraries and tools that allow for the intera ...)
 	NOT-FOR-US: iccDEV
 CVE-2026-24850 (The ML-DSA crate is a Rust implementation of the Module-Lattice-Based  ...)
-	TODO: check
+	NOT-FOR-US: Rust signatures crate
 CVE-2026-24842 (node-tar,a Tar for Node.js, contains a vulnerability in versions prior ...)
 	- node-tar <unfixed>
 	NOTE: https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v
@@ -43,17 +43,17 @@ CVE-2026-24836 (DNN (formerly DotNetNuke) is an open-source web content manageme
 CVE-2026-24833 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
 	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2026-24785 (Clatter is a no_std compatible, pure Rust implementation of the Noise  ...)
-	TODO: check
+	NOT-FOR-US: Clatter
 CVE-2026-24784 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
-	TODO: check
+	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2026-24783 (soroban-fixed-point-math is a fixed-point math library for Soroban sma ...)
-	TODO: check
+	NOT-FOR-US: soroban-fixed-point-math
 CVE-2026-24779 (vLLM is an inference and serving engine for large language models (LLM ...)
 	TODO: check
 CVE-2026-24778 (Ghost is an open source content management system. In Ghost versions 5 ...)
 	TODO: check
 CVE-2026-24770 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
-	TODO: check
+	NOT-FOR-US: RAGFlow
 CVE-2026-24765 (PHPUnit is a testing framework for PHP. A vulnerability has been disco ...)
 	TODO: check
 CVE-2026-24748 (Kargo manages and automates the promotion of software artifacts. Prior ...)
@@ -61,29 +61,29 @@ CVE-2026-24748 (Kargo manages and automates the promotion of software artifacts.
 CVE-2026-24747 (PyTorch is a Python package that provides tensor computation. Prior to ...)
 	TODO: check
 CVE-2026-24741 (ConvertXis a self-hosted online file converter. In versions prior to 0 ...)
-	TODO: check
+	NOT-FOR-US: ConvertXis
 CVE-2026-24740 (Dozzle is a realtime log viewer for docker containers. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Dozzle
 CVE-2026-24738 (gmrtd is a Go library for reading Machine Readable Travel Documents (M ...)
-	TODO: check
+	NOT-FOR-US: gmrtd
 CVE-2026-24736 (Squidex is an open source headless content management system and conte ...)
-	TODO: check
+	NOT-FOR-US: Squidex
 CVE-2026-24134 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
-	TODO: check
+	NOT-FOR-US: StudioCMS
 CVE-2026-23830 (SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-21569 (This High severity XXE (XML External Entity Injection) vulnerability w ...)
 	NOT-FOR-US: Atlassian
 CVE-2026-1514 (Official Document Management System developed by 2100 Technology has a ...)
-	TODO: check
+	NOT-FOR-US: 2100 Technology
 CVE-2026-1513 (billboard.js before 3.18.0 allows an attacker to execute malicious Jav ...)
-	TODO: check
+	NOT-FOR-US: billboard.js
 CVE-2026-1506 (A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an  ...)
 	NOT-FOR-US: D-Link
 CVE-2026-1505 (A vulnerability was found in D-Link DIR-615 4.10. This issue affects s ...)
 	NOT-FOR-US: D-Link
 CVE-2026-1466 (Jirafeau normally prevents browser preview for text files due to the p ...)
-	TODO: check
+	NOT-FOR-US: Jirafeau
 CVE-2026-1389 (The Document Embedder \u2013 Embed PDFs, Word, Excel, and Other Files  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1310 (The Simple calendar for Elementor plugin for WordPress is vulnerable t ...)
@@ -111,7 +111,7 @@ CVE-2025-8072 (The Target Video Easy Publish plugin for WordPress is vulnerable
 CVE-2025-67645 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2025-55292 (Meshtastic is an open source mesh networking solution. In the current  ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic
 CVE-2025-54373 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2025-40554 (SolarWinds Web Help Desk was found to be susceptible to an authenticat ...)
@@ -129,7 +129,7 @@ CVE-2025-40536 (SolarWinds Web Help Desk was found to be susceptible to a securi
 CVE-2025-21589 (An Authentication Bypass Using an Alternate Path or Channel vulnerabil ...)
 	NOT-FOR-US: Juniper
 CVE-2025-14988 (A security issue has been identified in ibaPDA that could allow unauth ...)
-	TODO: check
+	NOT-FOR-US: ibaPDA
 CVE-2025-14610 (The TableMaster for Elementor plugin for WordPress is vulnerable to Se ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14039 (The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Si ...)
@@ -477,7 +477,7 @@ CVE-2020-36974 (Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service
 CVE-2020-36951 (Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerab ...)
 	NOT-FOR-US: Phpscript-sgh
 CVE-2020-36950 (Laravel Nova 3.7.0 contains a denial of service vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: Laravel Nova
 CVE-2020-36949 (TapinRadio 2.13.7 contains a denial of service vulnerability in the ap ...)
 	NOT-FOR-US: TapinRadio
 CVE-2020-36948 (VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e57741b542cc26dc00afd77d9b7508b416a32f92

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e57741b542cc26dc00afd77d9b7508b416a32f92
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260128/52f86417/attachment.htm>

More information about the debian-security-tracker-commits mailing list