[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Mar 5 08:38:09 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89499fb3 by Moritz Muehlenhoff at 2026-03-05T09:37:06+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -680,7 +680,6 @@ CVE-2025-40931 (Apache::Session::Generate::MD5 versions through 1.94 for Perl cr
 CVE-2024-57854 (Net::NSCA::Client versions through 0.009002 for Perl uses a poor rando ...)
 	NOT-FOR-US: Net::NSCA::Client Perl module
 	NOTE: Net::NSCAng::Client embedded in nsca-ng is different code
-	TODO: double check assessment
 CVE-2025-40926 (Plack::Middleware::Session::Simple versions through 0.04 for Perl gene ...)
 	NOT-FOR-US: Plack::Middleware::Session::Simple Perl module
 CVE-2026-3545 (Insufficient data validation in Navigation in Google Chrome prior to 1 ...)
@@ -944,13 +943,13 @@ CVE-2025-70218 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via
 CVE-2025-69969 (A lack of authentication and authorization mechanisms in the Bluetooth ...)
 	TODO: check
 CVE-2025-66944 (SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before  ...)
-	TODO: check
+	NOT-FOR-US: databaseir
 CVE-2025-66678 (An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware  ...)
-	TODO: check
+	NOT-FOR-US: Nil Hardware Editor
 CVE-2025-66168 (Apache ActiveMQ does not properly validate the remaining length field  ...)
 	TODO: check
 CVE-2025-62879 (A vulnerability has been identified within the Rancher Backup Operator ...)
-	TODO: check
+	NOT-FOR-US: Rancher backup operator
 CVE-2025-59787 (2N Access Commander application version 3.4.2 and prior returns HTTP 5 ...)
 	TODO: check
 CVE-2025-59786 (2N Access Commander version 3.4.2 and prior improperly invalidates ses ...)
@@ -987,15 +986,15 @@ CVE-2019-25504 (NCrypted Jobgator contains an SQL injection vulnerability that a
 CVE-2019-25503 (PHPads 2.0 contains an SQL injection vulnerability that allows unauthe ...)
 	TODO: check
 CVE-2019-25502 (Simple Job Script contains a cross-site scripting vulnerability that a ...)
-	TODO: check
+	NOT-FOR-US: Simple Job Script
 CVE-2019-25501 (Simple Job Script contains an SQL injection vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: Simple Job Script
 CVE-2019-25500 (Simple Job Script contains an SQL injection vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: Simple Job Script
 CVE-2019-25499 (Simple Job Script contains an SQL injection vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: Simple Job Script
 CVE-2019-25498 (Simple Job Script contains an SQL injection vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: Simple Job Script
 CVE-2026-23238 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 6.18.13-1
 	NOTE: https://git.kernel.org/linus/ab7ad7abb3660c58ffffdf07ff3bb976e7e0afa0 (6.19-rc8)
@@ -1278,7 +1277,7 @@ CVE-2025-59059 (Remote Code Execution Vulnerability in NashornScriptEngineCreato
 CVE-2025-57622 (An issue in Step-Video-T2V allows a remote attacker to execute arbitra ...)
 	NOT-FOR-US: Step-Video-T2V
 CVE-2025-52365 (A command injection vulnerability in the szc script of the ccurtsinger ...)
-	TODO: check
+	NOT-FOR-US: ccurtsinger/stabilizer
 CVE-2025-36364 (IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored ...)
 	NOT-FOR-US: IBM
 CVE-2025-36363 (IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout ...)
@@ -1298,23 +1297,23 @@ CVE-2025-13616 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns
 CVE-2025-13490 (IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0  ...)
 	NOT-FOR-US: IBM
 CVE-2024-55027 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to st ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2024-55026 (An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2024-55025 (Incorrect access control in the VNC component of Weintek cMT-3072XH2 e ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2024-55024 (An authentication bypass vulnerability in the authorization mechanism  ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2024-55023 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to co ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2024-55022 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to co ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2024-55021 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to co ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2024-55020 (A command injection vulnerability in the DHCP activation feature of We ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2024-55019 (Incorrect access control in the component download_wb.cgi of Weintek c ...)
-	TODO: check
+	NOT-FOR-US: Weintek
 CVE-2026-25674 (An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4. ...)
 	- python-django 3:4.2.29-1 (bug #1129595)
 	[trixie] - python-django <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89499fb380f46cbc6024bcfde919a9853290677e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89499fb380f46cbc6024bcfde919a9853290677e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260305/bea55ca1/attachment.htm>

More information about the debian-security-tracker-commits mailing list