[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 2 20:59:01 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ee60729 by Salvatore Bonaccorso at 2026-03-02T21:58:15+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -176,9 +176,9 @@ CVE-2026-20416 (In pcie, there is a possible out of bounds write due to a missin
 CVE-2026-1628 (Mattermost Desktop App versions <=5.13.3 fail to attach listeners rest ...)
 	NOT-FOR-US: Mattermost Desktop App
 CVE-2026-0995 (An issue has been identified in Arm C1-Pro before r1p2-50eac0, where,  ...)
-	TODO: check
+	NOT-FOR-US: Arm C1-Pro
 CVE-2026-0689 (In ExtremeCloud IQ \u2013 Site Engine (XIQ\u2011SE) before 26.2.10, a  ...)
-	TODO: check
+	NOT-FOR-US: ExtremeCloud IQ
 CVE-2026-0655 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: TPLink
 CVE-2026-0654 (Improper input handling in the administration web interface on TP-Link ...)
@@ -242,69 +242,69 @@ CVE-2026-0005 (In onServiceDisconnected of KeyguardServiceDelegate.java, there i
 CVE-2025-70252 (An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.0 ...)
 	NOT-FOR-US: Tenda
 CVE-2025-66880 (Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pa ...)
-	TODO: check
+	NOT-FOR-US: Wethink Technology Inc 720yun pano-sdk
 CVE-2025-65465 (A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError ...)
-	TODO: check
+	NOT-FOR-US: Skrol29 TbsZip
 CVE-2025-64427 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
-	TODO: check
+	NOT-FOR-US: ZimaOS
 CVE-2025-59603 (Memory Corruption when processing invalid user address with nonstandar ...)
 	NOT-FOR-US: Qualcomm
 CVE-2025-59600 (Memory Corruption when adding user-supplied data without checking avai ...)
 	NOT-FOR-US: Qualcomm
 CVE-2025-58406 (The CGM CLININET application respond without essential security HTTP h ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET application
 CVE-2025-58405 (The CGM CLININET application does not implement any mechanisms that pr ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET application
 CVE-2025-58402 (The CGM CLININET application uses direct, sequential object identifier ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET application
 CVE-2025-58107 (In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configur ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-52998 (Chamilo is a learning management system. Prior to version 1.11.30, in  ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-52564 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-52563 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-52482 (Chamilo is a learning management system. Prior to version 1.11.30, a S ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-52476 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-52475 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-52470 (Chamilo is a learning management system. Prior to version 1.11.30, a s ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-52469 (Chamilo is a learning management system. Prior to version 1.11.30, a l ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-52468 (Chamilo is a learning management system. Prior to version 1.11.30, an  ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50199 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50198 (Chamilo is a learning management system. Prior to version 1.11.30, Cha ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50197 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50196 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50195 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50194 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50193 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50192 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50191 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50190 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50189 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50188 (Chamilo is a learning management system. Prior to version 1.11.30, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50187 (Chamilo is a learning management system. Prior to version 1.11.28, par ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-50186 (Chamilo is a learning management system. Prior to version 1.11.30, a s ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-48654 (In onStart of CompanionDeviceManagerService.java, there is a possible  ...)
 	NOT-FOR-US: Android
 CVE-2025-48653 (In loadDataAndPostValue of multiple files, there is a possible way to  ...)
@@ -384,23 +384,23 @@ CVE-2025-47371 (Transient DOS when an LTE RLC packet with invalid TB is received
 CVE-2025-32313 (In UsageEvents of UsageEvents.java, there is a possible out of bounds  ...)
 	NOT-FOR-US: Android
 CVE-2025-30062 (In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" functio ...)
-	TODO: check
+	NOT-FOR-US: CheckUnitCodeAndKey.pl service in CGM CLININET system
 CVE-2025-30044 (In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", " ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET application
 CVE-2025-30042 (The CGM CLININET system provides smart card authentication; however, a ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET system
 CVE-2025-30035 (The vulnerability enables an attacker to fully bypass authentication i ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-14532 (DobryCMS's upload file functionality allows an unauthenticated remote  ...)
-	TODO: check
+	NOT-FOR-US: DobryCMS
 CVE-2025-12462 (A Blind SQL injection vulnerability has been identified in DobryCMS. A ...)
-	TODO: check
+	NOT-FOR-US: DobryCMS
 CVE-2025-10350 (SQL Injection vulnerability in "imageserver" module when processing C- ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2024-50337 (Chamilo is a learning management system. Prior to version 1.11.28, the ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2024-47886 (Chamilo is a learning management system. Chamillo is affected by a pos ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2024-43766 (In multiple functions of btm_ble_sec.cc, there is a possible unencrypt ...)
 	NOT-FOR-US: Android
 CVE-2024-31328 (In broadcastIntentLockedTraced of BroadcastController.java, there is a ...)
@@ -449,7 +449,7 @@ CVE-2026-3000 (IDExpert Windows Logon Agent developed by Changing has a Remote C
 CVE-2026-2999 (IDExpert Windows Logon Agent developed by Changing has a Remote Code E ...)
 	NOT-FOR-US: IDExpert Windows Logon Agent
 CVE-2025-15597 (A vulnerability has been found in Dataease SQLBot up to 1.4.0. This af ...)
-	TODO: check
+	NOT-FOR-US: Dataease SQLBot
 CVE-2026-3395 (A flaw has been found in MaxSite CMS up to 109.1. This impacts the fun ...)
 	NOT-FOR-US: MaxSite CMS
 CVE-2026-3394 (A vulnerability was detected in jarikomppa soloud up to 20200207. This ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ee60729fd88cf7acb1c9a97f54c776c66704ad4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ee60729fd88cf7acb1c9a97f54c776c66704ad4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260302/45673184/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list