[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 5 09:34:36 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
644dd008 by Salvatore Bonaccorso at 2026-03-05T10:34:12+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2026-2835 (An HTTP Request Smuggling vulnerability (CWE-444) has been found
CVE-2026-2833 (An HTTP request smuggling vulnerability (CWE-444) was found in Pingora ...)
NOT-FOR-US: Pingora
CVE-2026-2743 (Arbitrary File Write via Path Traversal upload to Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: SeppMail User Web Interface
CVE-2026-2418 (The Login with Salesforce WordPress plugin through 1.0.2 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2365 (The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cros ...)
@@ -452,13 +452,13 @@ CVE-2026-27098 (Deserialization of Untrusted Data vulnerability in axiomthemes A
CVE-2026-27097 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-26034 (UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) conta ...)
- TODO: check
+ NOT-FOR-US: UPS Multi-UPS Management Console (MUMC) (Dell)
CVE-2026-26033 (UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) conta ...)
- TODO: check
+ NOT-FOR-US: UPS Multi-UPS Management Console (MUMC) (Dell)
CVE-2026-26002 (Open OnDemand is an open-source high-performance computing portal. The ...)
- TODO: check
+ NOT-FOR-US: Open OnDemand
CVE-2026-25750 (Langchain Helm Charts are Helm charts for deploying Langchain applicat ...)
- TODO: check
+ NOT-FOR-US: Langchain Helm Charts
CVE-2026-25702 (A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ...)
TODO: check
CVE-2026-24963 (Incorrect Privilege Assignment vulnerability in ameliabooking Amelia a ...)
@@ -476,7 +476,7 @@ CVE-2026-23799 (Missing Authorization vulnerability in Themeum Tutor LMS tutor a
CVE-2026-23798 (Deserialization of Untrusted Data vulnerability in blubrry PowerPress ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-23767 (ESC/POS, a printer control language designed by Seiko Epson Corporatio ...)
- TODO: check
+ NOT-FOR-US: Epson
CVE-2026-23546 (Insertion of Sensitive Information Into Sent Data vulnerability in Rad ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-22501 (Deserialization of Untrusted Data vulnerability in axiomthemes Mountho ...)
@@ -612,7 +612,7 @@ CVE-2026-22385 (Improper Control of Filename for Include/Require Statement in PH
CVE-2026-22052 (ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible t ...)
NOT-FOR-US: NetApp
CVE-2026-22040 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2026-21786 (HCL Sametime for iOS is impacted by a sensitive information disclosure ...)
NOT-FOR-US: HCL
CVE-2026-1678 (dns_unpack_name() caches the buffer tailroom once and reuses it while ...)
@@ -646,7 +646,7 @@ CVE-2025-68553 (Unrestricted Upload of File with Dangerous Type vulnerability in
CVE-2025-68515 (Insertion of Sensitive Information Into Sent Data vulnerability in Rol ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-68467 (Dark Reader is an accessibility browser extension that makes web pages ...)
- TODO: check
+ NOT-FOR-US: Dark Reader
CVE-2025-66319 (Permission control vulnerability in the resource scheduling module.Imp ...)
NOT-FOR-US: Huawei
CVE-2025-66024 (The XWiki blog application allows users of the XWiki platform to creat ...)
@@ -658,7 +658,7 @@ CVE-2025-53335 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-46108 (D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the functio ...)
NOT-FOR-US: D-Link
CVE-2025-41257 (Suprema\u2019s BioStar 2 in version 2.9.11.6 allows users to set new p ...)
- TODO: check
+ NOT-FOR-US: Suprema BioStar
CVE-2026-2219 [dpkg-deb: Persistent hang on malformed .deb archives (DoS)]
- dpkg 1.23.6 (bug #1129722)
[trixie] - dpkg <no-dsa> (Minor issue; can be fixed in point release)
@@ -780,9 +780,9 @@ CVE-2026-27441 (SEPPmail Secure Email Gateway before version 15.0.1 insufficient
CVE-2026-26949 (Dell Device Management Agent (DDMA), versions prior to 26.02, contain ...)
NOT-FOR-US: Dell / EMC
CVE-2026-26673 (An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.050 ...)
- TODO: check
+ NOT-FOR-US: DJI
CVE-2026-26514 (An Argument Injection vulnerability exists in bird-lg-go before commit ...)
- TODO: check
+ NOT-FOR-US: bird-lg-go
CVE-2026-26478 (A shell command injection vulnerability in Mobvoi Tichome Mini smart s ...)
NOT-FOR-US: Mobvoi Tichome Mini smart speaker
CVE-2026-25907 (Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictiv ...)
@@ -928,7 +928,7 @@ CVE-2026-1236 (The Envira Gallery for WordPress plugin for WordPress is vulnerab
CVE-2026-0847 (A vulnerability in NLTK versions up to and including 3.9.2 allows arbi ...)
TODO: check
CVE-2025-70342 (erase-install prior to v40.4 commit 2c31239 writes swiftDialog credent ...)
- TODO: check
+ NOT-FOR-US: erase-install
CVE-2025-70341 (Insecure permissions in App-Auto-Patch v3.4.2 create a race condition ...)
NOT-FOR-US: App-Auto-Patch
CVE-2025-70226 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
@@ -952,15 +952,15 @@ CVE-2025-66168 (Apache ActiveMQ does not properly validate the remaining length
CVE-2025-62879 (A vulnerability has been identified within the Rancher Backup Operator ...)
NOT-FOR-US: Rancher backup operator
CVE-2025-59787 (2N Access Commander application version 3.4.2 and prior returns HTTP 5 ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander application
CVE-2025-59786 (2N Access Commander version 3.4.2 and prior improperly invalidates ses ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2025-59785 (Improper validation of API end-point in 2N Access Commander version 3. ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2025-59784 (2N Access Commander version 3.4.1 and prior is vulnerable to log pollu ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2025-59783 (API endpoint for user synchronization in 2N Access Commander version 3 ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2025-40896 (The server certificate was not verified when an Arc agent connected to ...)
TODO: check
CVE-2025-40895 (A Stored HTML Injection vulnerability was discovered in the CMC's Sens ...)
@@ -968,7 +968,7 @@ CVE-2025-40895 (A Stored HTML Injection vulnerability was discovered in the CMC'
CVE-2025-40894 (A Stored HTML Injection vulnerability was discovered in the Alerted No ...)
TODO: check
CVE-2025-15558 (Docker CLI for Windows searches for plugin binaries in C:\ProgramData\ ...)
- TODO: check
+ NOT-FOR-US: Docker CLI for Windows
CVE-2025-12801 (A vulnerability was recently discovered in the rpc.mountd daemon in th ...)
- nfs-utils <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2413081
@@ -977,15 +977,15 @@ CVE-2025-12801 (A vulnerability was recently discovered in the rpc.mountd daemon
CVE-2023-7337 (The JS Help Desk \u2013 AI-Powered Support & Ticketing System plugin f ...)
NOT-FOR-US: WordPress plugin
CVE-2019-25507 (Ashop Shopping Cart Software contains an SQL injection vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Ashop Shopping Cart Software
CVE-2019-25506 (FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: FreeSMS
CVE-2019-25505 (Tradebox 5.4 contains an SQL injection vulnerability that allows authe ...)
- TODO: check
+ NOT-FOR-US: Tradebox
CVE-2019-25504 (NCrypted Jobgator contains an SQL injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: NCrypted Jobgator
CVE-2019-25503 (PHPads 2.0 contains an SQL injection vulnerability that allows unauthe ...)
- TODO: check
+ NOT-FOR-US: PHPads
CVE-2019-25502 (Simple Job Script contains a cross-site scripting vulnerability that a ...)
NOT-FOR-US: Simple Job Script
CVE-2019-25501 (Simple Job Script contains an SQL injection vulnerability that allows ...)
@@ -1286,7 +1286,7 @@ CVE-2025-36363 (IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account l
CVE-2025-15599 (DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross- ...)
TODO: check
CVE-2025-15598 (A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts ...)
- TODO: check
+ NOT-FOR-US: Dataease SQLBot
CVE-2025-14923 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 I ...)
NOT-FOR-US: IBM
CVE-2025-14604 (IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM ...)
@@ -288166,7 +288166,7 @@ CVE-2023-31046 (A Path Traversal vulnerability exists in PaperCut NG before 22.1
CVE-2023-31045 (A stored Cross-site scripting (XSS) issue in Text Editors and Formats ...)
- backdrop <itp> (bug #914257)
CVE-2023-31044 (An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impac ...)
- TODO: check
+ NOT-FOR-US: Nokia Impact
CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...)
NOT-FOR-US: EnterpriseDB
CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask variab ...)
@@ -429517,13 +429517,13 @@ CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&ti
CVE-2021-35487 (Nokia Broadcast Message Center through 11.1.0 allows an authenticated ...)
NOT-FOR-US: Nokia Broadcast Message Center
CVE-2021-35486 (A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT thro ...)
- TODO: check
+ NOT-FOR-US: Nokia IMPACT
CVE-2021-35485 (The Applications component of Nokia IMPACT version through 19.11.2.10- ...)
- TODO: check
+ NOT-FOR-US: Nokia IMPACT
CVE-2021-35484 (Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authentica ...)
- TODO: check
+ NOT-FOR-US: Nokia IMPACT
CVE-2021-35483 (The Applications component of Nokia IMPACT version through 19.11.2.10- ...)
- TODO: check
+ NOT-FOR-US: Nokia IMPACT
CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4. ...)
NOT-FOR-US: Barco MirrorOp Windows Sender
CVE-2021-35481
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644dd00833db495b58f0410bc65391bd0e3d2622
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644dd00833db495b58f0410bc65391bd0e3d2622
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260305/bc2c492b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list