[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 30 16:18:57 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
059f4170 by Salvatore Bonaccorso at 2026-01-30T17:18:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36,15 +36,15 @@ CVE-2026-25046 (Kimi Agent SDK is a set of libraries that expose the Kimi Code (
 CVE-2026-25040 (Budibase is a low code platform for creating internal tools, workflows ...)
 	NOT-FOR-US: Budibase
 CVE-2026-24905 (Inspektor Gadget is a set of tools and framework for data collection a ...)
-	TODO: check
+	NOT-FOR-US: Inspektor Gadget
 CVE-2026-24904 (TrustTunnel is an open-source VPN protocol with a rule bypass issue in ...)
 	NOT-FOR-US: TrustTunnel
 CVE-2026-24902 (TrustTunnel is an open-source VPN protocol with a server-side request  ...)
 	NOT-FOR-US: TrustTunnel
 CVE-2026-24846 (malcontent discovers supply-chain compromises through. context, differ ...)
-	TODO: check
+	NOT-FOR-US: chainguard-dev malcontent (different from src:malcontent)
 CVE-2026-24845 (malcontent discovers supply-chain compromises through. context, differ ...)
-	TODO: check
+	NOT-FOR-US: chainguard-dev malcontent (different from src:malcontent)
 CVE-2026-24729 (An unrestricted upload of file with dangerous type vulnerability in th ...)
 	NOT-FOR-US: Interinfo DreamMaker
 CVE-2026-24728 (A missing authentication for critical function vulnerability in the /s ...)
@@ -52,7 +52,7 @@ CVE-2026-24728 (A missing authentication for critical function vulnerability in
 CVE-2026-24714 (Some end of service NETGEAR products provide "TelnetEnable" functional ...)
 	NOT-FOR-US: Netgear
 CVE-2026-1680 (Improper access control in the WCF endpoint in Edgemo (now owned by Da ...)
-	TODO: check
+	NOT-FOR-US: Edgemo Local Admin Service
 CVE-2026-1665 (A command injection vulnerability exists in nvm (Node Version Manager) ...)
 	TODO: check
 CVE-2026-1638 (A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.0 ...)
@@ -70,13 +70,13 @@ CVE-2026-1340 (A code injection in Ivanti Endpoint Manager Mobile allowing attac
 CVE-2026-1281 (A code injection in Ivanti Endpoint Manager Mobile allowing attackers  ...)
 	NOT-FOR-US: Ivanti
 CVE-2026-0963 (An input neutralization vulnerability in the File Operations API Endpo ...)
-	TODO: check
+	NOT-FOR-US: Crafty Controller
 CVE-2026-0805 (An input neutralization vulnerability in the Backup Configuration comp ...)
-	TODO: check
+	NOT-FOR-US: Crafty Controller
 CVE-2025-15322 (Tanium addressed an improper access controls vulnerability in Tanium S ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15288 (Tanium addressed an improper access controls vulnerability in Interact ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-12899 (A flaw in Zephyr\u2019s network stack allows an IPv4 packet containing ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-25210 (In libexpat before 2.7.4, the doContent function does not properly det ...)
@@ -244,7 +244,7 @@ CVE-2020-37015 (Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory t
 CVE-2020-37013 (Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnera ...)
 	NOT-FOR-US: Audio Playback Recorder
 CVE-2020-37012 (Tea LaTex 1.0 contains a remote code execution vulnerability that allo ...)
-	TODO: check
+	NOT-FOR-US: Tea LaTex
 CVE-2020-37011 (Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ...)
 	- gnome-font-viewer <undetermined>
 	NOTE: https://www.exploit-db.com/exploits/48803



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/059f417017bb66855a8c7f57f615bc0f4dc20127

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/059f417017bb66855a8c7f57f615bc0f4dc20127
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260130/2358042a/attachment.htm>

More information about the debian-security-tracker-commits mailing list