[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 29 21:06:22 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2472837a by Salvatore Bonaccorso at 2026-01-29T22:05:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,17 +2,17 @@ CVE-2026-25068 (alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to c
- alsa-lib <unfixed>
NOTE: Fixed by: https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40
CVE-2026-24780 (AutoGPT is a platform that allows users to create, deploy, and manage ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2026-24687 (Umbraco Forms is a form builder that integrates with the Umbraco conte ...)
NOT-FOR-US: Umbraco CMS
CVE-2026-24414 (The Icinga PowerShell Framework provides configuration and check possi ...)
- TODO: check
+ NOT-FOR-US: Icinga PowerShell Framework
CVE-2026-24413 (Icinga 2 is an open source monitoring system. Starting in version 2.3. ...)
- icinga2 <not-affected> (Only affects Icinga 2 on Windows)
CVE-2026-24054 (Kata Containers is an open source project focusing on a standard imple ...)
- TODO: check
+ NOT-FOR-US: Kata Containers
CVE-2026-23896 (immich is a high performance self-hosted photo and video management so ...)
- TODO: check
+ NOT-FOR-US: immich
CVE-2026-23571 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
NOT-FOR-US: TeamViewer
CVE-2026-23570 (A missing validation of a user-controlled value in the TeamViewer DEX ...)
@@ -32,23 +32,23 @@ CVE-2026-23564 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Co
CVE-2026-23563 (Improper Link Resolution Before File Access (invoked by 1E\u2011Explor ...)
NOT-FOR-US: TeamViewer
CVE-2026-22806 (vCluster Platform provides a Kubernetes platform for managing virtual ...)
- TODO: check
+ NOT-FOR-US: vCluster Platform
CVE-2026-22764 (Dell OpenManage Network Integration, versions prior to 3.9, contains a ...)
NOT-FOR-US: Dell / EMC
CVE-2026-1616 (The $uri$args concatenation in nginx configuration file present in Ope ...)
- TODO: check
+ NOT-FOR-US: Open Security Issue Management (OSIM)
CVE-2026-1610 (A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affecte ...)
NOT-FOR-US: Tenda
CVE-2026-1601 (A weakness has been identified in Totolink A7000R 4.1cu.4154. The impa ...)
NOT-FOR-US: TOTOLINK
CVE-2026-1600 (A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant ...)
- TODO: check
+ NOT-FOR-US: Bdtask Bhojon All-In-One Restaurant Management System
CVE-2026-1599 (A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant ...)
- TODO: check
+ NOT-FOR-US: Bdtask Bhojon All-In-One Restaurant Management System
CVE-2026-1598 (A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Manag ...)
- TODO: check
+ NOT-FOR-US: Bdtask Bhojon All-In-One Restaurant Management System
CVE-2026-1597 (A vulnerability has been found in Bdtask SalesERP up to 20260116. This ...)
- TODO: check
+ NOT-FOR-US: Bdtask SalesERP
CVE-2026-1596 (A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability af ...)
NOT-FOR-US: D-Link
CVE-2026-1595 (A vulnerability was detected in itsourcecode Society Management System ...)
@@ -62,47 +62,47 @@ CVE-2026-1590 (A vulnerability was identified in itsourcecode School Management
CVE-2026-1589 (A vulnerability was determined in itsourcecode School Management Syste ...)
NOT-FOR-US: itsourcecode System
CVE-2026-1588 (A vulnerability was found in jishenghua jshERP up to 3.6. The impacted ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2026-1587 (A vulnerability has been found in Open5GS up to 2.7.6. The affected el ...)
- open5gs <itp> (bug #1094791)
CVE-2026-1586 (A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ...)
- open5gs <itp> (bug #1094791)
CVE-2026-1469 (Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vuln ...)
- TODO: check
+ NOT-FOR-US: NOVAs PlanManager
CVE-2026-1457 (An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API ...)
NOT-FOR-US: TP-Link
CVE-2026-1453 (A missing authentication for critical function vulnerability in KiloVi ...)
- TODO: check
+ NOT-FOR-US: KiloView Encoder Series
CVE-2026-1188 (In the Eclipse OMR port library component since release 0.2.0, an API ...)
NOT-FOR-US: Eclipse
CVE-2026-0936 (An Insertion of Sensitive Information into Log File vulnerability in B ...)
NOT-FOR-US: ABB group
CVE-2025-7714 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Content Management System (CMS)
CVE-2025-7713 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Content Management System (CMS)
CVE-2025-7016 (Improper Access Control vulnerability in Ak\u0131n Software Computer I ...)
- TODO: check
+ NOT-FOR-US: QR Menu
CVE-2025-7015 (Session Fixation vulnerability in Ak\u0131n Software Computer Import E ...)
- TODO: check
+ NOT-FOR-US: QR Menu
CVE-2025-7014 (Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu ...)
- TODO: check
+ NOT-FOR-US: QR Menu
CVE-2025-7013 (Authorization Bypass Through User-Controlled Key vulnerability in QR M ...)
- TODO: check
+ NOT-FOR-US: QR Menu
CVE-2025-71011 (An input validation vulnerability in the flow.Tensor.new_empty/flow.Te ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-71009 (An input validation vulnerability in the flow.scatter/flow.scatter_add ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-71008 (A segmentation violation in the oneflow._oneflow_internal.autograd.Fun ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-69929 (An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a re ...)
- TODO: check
+ NOT-FOR-US: N3uron Web User Interface
CVE-2025-69749 (Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: otale tale
CVE-2025-69604 (An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local ...)
- TODO: check
+ NOT-FOR-US: Shirt Pocket's SuperDuper
CVE-2025-69516 (A Server-Side Template Injection (SSTI) vulnerability in the /reportin ...)
- TODO: check
+ NOT-FOR-US: Amidaware Tactical RMM
CVE-2025-63658 (A stack overflow in the mk_http_index_lookup function (mk_server/mk_ht ...)
- monkey <removed>
CVE-2025-63657 (An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_m ...)
@@ -122,73 +122,73 @@ CVE-2025-63650 (An out-of-bounds read in the mk_ptr_to_buf in mk_core function (
CVE-2025-63649 (An out-of-bounds read in the http_parser_transfer_encoding_chunked fun ...)
- monkey <removed>
CVE-2025-62514 (Parsec is a cloud-based application for cryptographically secure file ...)
- TODO: check
+ NOT-FOR-US: Parsec
CVE-2025-45160 (A HTML injection vulnerability exists in the file upload functionality ...)
TODO: check
CVE-2025-15550 (birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vul ...)
- TODO: check
+ NOT-FOR-US: birkir prime
CVE-2025-15549 (FluentCMS 2026 contains a stored cross-site scripting vulnerability th ...)
- TODO: check
+ NOT-FOR-US: FluentCMS
CVE-2025-15548 (Some VX800v v1.0 web interface endpoints transmit sensitive informatio ...)
- TODO: check
+ NOT-FOR-US: VX800v
CVE-2025-15545 (The backup restore function does not properly validate unexpected or u ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-15543 (Improper link resolution in USB HTTP access path in VX800v v1.0 allows ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-15542 (Improper handling of exceptional conditions in VX800v v1.0 in SIP proc ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-15541 (Improper link resolution in the VX800v v1.0 SFTP service allows authen ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-13905 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...)
NOT-FOR-US: Schneider Electric
CVE-2025-13399 (A weakness in the web interface\u2019s application layer encryption in ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2020-37021 (10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vuln ...)
- TODO: check
+ NOT-FOR-US: 10-Strike Bandwidth Monitor
CVE-2020-37020 (SonarQube 8.3.1 contains an unquoted service path vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: SonarQube
CVE-2020-37018 (GOautodial 4.0 contains a persistent cross-site scripting vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: GOautodial
CVE-2020-37017 (CodeMeter 6.60 contains an unquoted service path vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: CodeMeter
CVE-2020-37016 (BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that ...)
- TODO: check
+ NOT-FOR-US: BarcodeOCR
CVE-2020-37015 (Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory travers ...)
- TODO: check
+ NOT-FOR-US: Ruijie Networks Switch eWeb S29_RGOS
CVE-2020-37013 (Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Audio Playback Recorder
CVE-2020-37012 (Tea LaTex 1.0 contains a remote code execution vulnerability that allo ...)
TODO: check
CVE-2020-37011 (Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ...)
TODO: check
CVE-2020-37010 (BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the A ...)
- TODO: check
+ NOT-FOR-US: BearShare Lite
CVE-2020-37009 (MedDream PACS Server 6.8.3.751 contains an authenticated remote code e ...)
- TODO: check
+ NOT-FOR-US: MedDream PACS Server
CVE-2020-37008 (EasyPMS 1.0.0 contains an authentication bypass vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: EasyPMS
CVE-2020-37007 (Liman 0.7 contains a cross-site request forgery vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: Liman
CVE-2020-37006 (berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_rec ...)
- TODO: check
+ NOT-FOR-US: berliCRM
CVE-2020-37005 (TimeClock Software 1.01 contains an authenticated time-based SQL injec ...)
- TODO: check
+ NOT-FOR-US: TimeClock Software
CVE-2020-37004 (Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection ...)
- TODO: check
+ NOT-FOR-US: Ultimate Project Manager CRM PRO
CVE-2020-37002 (Ajenti 2.1.36 contains an authentication bypass vulnerability that all ...)
- ajenti <itp> (bug #792019)
CVE-2020-37001 (Frigate Professional 3.36.0.9 contains a local buffer overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Frigate Professional
CVE-2020-37000 (Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: Free MP3 CD Ripper
CVE-2020-36999 (Elaniin CMS 1.0 contains an authentication bypass vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Elaniin CMS
CVE-2020-36997 (BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: BacklinkSpeed
CVE-2020-36995 (Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Mocha Telnet Lite for iOS
CVE-2020-36994 (QlikView 12.50.20000.0 contains a denial of service vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: QlikView
CVE-2026-24682
- freerdp3 3.22.0+dfsg-1
- freerdp2 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2472837aecd1e9bddc61322567aaca62ac25e018
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2472837aecd1e9bddc61322567aaca62ac25e018
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260129/00aa1949/attachment.htm>
More information about the debian-security-tracker-commits
mailing list