[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 28 20:58:41 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2711e4b0 by Salvatore Bonaccorso at 2026-01-28T21:58:10+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,25 +57,25 @@ CVE-2026-0749 (Improper Neutralization of Input During Web Page Generation ('Cro
CVE-2026-0702 (The VidShop \u2013 Shoppable Videos for WooCommerce plugin for WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0483 (Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2025-7740 (Default credentials vulnerability exists in SuprOS product. If exploit ...)
NOT-FOR-US: Hitachi Energy
CVE-2025-71002 (A floating-point exception (FPE) in the flow.column_stack component of ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-71001 (A segmentation violation in the flow.column_stack component of OneFlow ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-71000 (An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allow ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-70999 (A GPU device-ID validation flaw in the flow.cuda.get_device_capability ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-70336 (A Stored cross-site scripting (XSS) vulnerability in 'Create New Live ...)
- TODO: check
+ NOT-FOR-US: PodcastGenerator
CVE-2025-69602 (A session fixation vulnerability exists in 66biolinks v62.0.0 by Altum ...)
- TODO: check
+ NOT-FOR-US: 66biolinks
CVE-2025-69601 (A directory traversal (Zip Slip) vulnerability exists in the \u201cSta ...)
- TODO: check
+ NOT-FOR-US: 66biolinks
CVE-2025-69517 (An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remo ...)
- TODO: check
+ NOT-FOR-US: Amidaware Inc Tactical RMM
CVE-2025-69289 (Discourse is an open source discussion platform. A privilege escalatio ...)
NOT-FOR-US: Discourse
CVE-2025-69218 (Discourse is an open source discussion platform. In versions prior to ...)
@@ -99,51 +99,51 @@ CVE-2025-67723 (Discourse is an open source discussion platform. Versions prior
CVE-2025-66488 (Discourse is an open source discussion platform. A vulnerability prese ...)
NOT-FOR-US: Discourse
CVE-2025-65891 (A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65890 (A device-ID validation flaw in OneFlow v0.9.0 allows attackers to caus ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65889 (A type validation flaw in the flow.dstack() component of OneFlow v0.9. ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65888 (A dimension validation flaw in the flow.empty() component of OneFlow 0 ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65887 (A division-by-zero vulnerability in the flow.floor_divide() component ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-65886 (A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to c ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-61140 (The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Pro ...)
TODO: check
CVE-2025-59901 (Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vuln ...)
- TODO: check
+ NOT-FOR-US: Disk Pulse Enterprise
CVE-2025-59900 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59899 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59898 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59897 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59896 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59895 (Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4 ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59894 (Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterpr ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server
CVE-2025-59893 (Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterpr ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server and Disk Pulse Enterprise
CVE-2025-59892 (Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterpr ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server and Disk Pulse Enterprise
CVE-2025-59891 (Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterpr ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise Server and Disk Pulse Enterprise
CVE-2025-57796 (Explorance Blue versions prior to 8.14.12 use reversible symmetric enc ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57795 (Explorance Blue versions prior to 8.14.13 contain an authenticated rem ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57794 (Explorance Blue versions prior to 8.14.9 contain an authenticated unre ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57793 (Explorance Blue versions prior to 8.14.9 contain a SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57792 (Explorance Blue versions prior to 8.14.9 contain a SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-57283 (The Node.js package browserstack-local 1.5.8 contains a command inject ...)
TODO: check
CVE-2025-46691 (Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contain ...)
@@ -153,7 +153,7 @@ CVE-2025-46316 (An out-of-bounds read was addressed with improved input validati
CVE-2025-46306 (The issue was addressed with improved bounds checks. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2025-41351 (Vulnerability that allows a Padding Oracle Attack to be performed on t ...)
- TODO: check
+ NOT-FOR-US: Funambol
CVE-2025-33237 (NVIDIA HD Audio Driver for Windows contains a vulnerability where an a ...)
TODO: check
CVE-2025-33220 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
@@ -211,39 +211,39 @@ CVE-2020-36993 (LimeSurvey 4.3.10 contains a stored cross-site scripting vulnera
CVE-2020-36992 (Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in ...)
TODO: check
CVE-2020-36991 (ShareMouse 5.0.43 contains an unquoted service path vulnerability that ...)
- TODO: check
+ NOT-FOR-US: ShareMouse
CVE-2020-36990 (Input Director 1.4.3 contains an unquoted service path vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Input Director
CVE-2020-36989 (ForensiT AppX Management Service 2.2.0.4 contains an unquoted service ...)
- TODO: check
+ NOT-FOR-US: ForensiT AppX Management Service
CVE-2020-36988 (PDW File Browser version 1.3 contains stored and reflected cross-site ...)
- TODO: check
+ NOT-FOR-US: PDW File Browser
CVE-2020-36987 (Program Access Controller 1.2.0.0 contains an unquoted service path vu ...)
- TODO: check
+ NOT-FOR-US: Program Access Controller
CVE-2020-36986 (Prey 1.9.6 contains an unquoted service path vulnerability that allows ...)
TODO: check
CVE-2020-36985 (IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in ...)
- TODO: check
+ NOT-FOR-US: IP Watcher
CVE-2020-36984 (EPSON 1.124 contains an unquoted service path vulnerability in the SEN ...)
- TODO: check
+ NOT-FOR-US: EPSON
CVE-2020-36973 (PDW File Browser 1.3 contains a remote code execution vulnerability th ...)
- TODO: check
+ NOT-FOR-US: PDW File Browser
CVE-2020-36972 (SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'i ...)
- TODO: check
+ NOT-FOR-US: SmartBlog
CVE-2020-36971 (Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer over ...)
- TODO: check
+ NOT-FOR-US: Nidesoft 3GP Video Converter
CVE-2020-36970 (PMB 5.6 contains a local file disclosure vulnerability in getgif.php t ...)
- TODO: check
+ NOT-FOR-US: PMB
CVE-2020-36969 (M/Monit 3.7.4 contains a privilege escalation vulnerability that allow ...)
TODO: check
CVE-2020-36968 (M/Monit 3.7.4 contains an authentication vulnerability that allows aut ...)
TODO: check
CVE-2020-36967 (Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: Zortam Mp3 Media Studio
CVE-2020-36965 (docPrint Pro 8.0 contains a local buffer overflow vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: docPrint Pro
CVE-2020-36964 (YATinyWinFTP contains a denial of service vulnerability that allows at ...)
- TODO: check
+ NOT-FOR-US: YATinyWinFTP
CVE-2020-36963 (Intelbras Router RF 301K firmware version 1.1.2 contains an authentica ...)
NOT-FOR-US: Intelbras
CVE-2020-36962 (Tendenci 12.3.1 contains a CSV formula injection vulnerability in the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2711e4b0b8f3ea395cee1aad2d1ce042e2d91474
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2711e4b0b8f3ea395cee1aad2d1ce042e2d91474
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260128/3c2e48db/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list