[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Mar 16 10:29:19 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12eaf13b by Moritz Muehlenhoff at 2026-03-16T11:28:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -65,9 +65,9 @@ CVE-2026-4193 (A security vulnerability has been detected in D-Link DIR-823G 1.0
CVE-2026-4192 (A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. A ...)
NOT-FOR-US: hypermodel-labs mcp-server-auto-commonAvinashBole quip-mcp-server
CVE-2026-4191 (A flaw has been found in JawherKl node-api-postgres up to 2.5. Affecte ...)
- TODO: check
+ NOT-FOR-US: node-api-postgres
CVE-2026-4190 (A vulnerability was detected in JawherKl node-api-postgres up to 2.5. ...)
- TODO: check
+ NOT-FOR-US: node-api-postgres
CVE-2026-4189 (A weakness has been identified in phpipam up to 1.7.4. The impacted el ...)
- phpipam <itp> (bug #731713)
CVE-2026-4188 (A security flaw has been discovered in D-Link DIR-619L 2.06B01. The af ...)
@@ -93,11 +93,11 @@ CVE-2026-4175 (A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. T
CVE-2026-4174 (A vulnerability has been found in Radare2 5.9.9. This issue affects th ...)
TODO: check
CVE-2026-4173 (A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnera ...)
- TODO: check
+ NOT-FOR-US: CodePhiliaX Chat2DB
CVE-2026-4172 (A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This aff ...)
NOT-FOR-US: TRENDnet
CVE-2026-4171 (A security vulnerability has been detected in CodeGenieApp serverless- ...)
- TODO: check
+ NOT-FOR-US: CodeGenieApp serverless-express
CVE-2026-32778 (libexpat before 2.7.5 allows a NULL pointer dereference in the functio ...)
TODO: check
CVE-2026-32777 (libexpat before 2.7.5 allows an infinite loop while parsing DTD conten ...)
@@ -107,17 +107,17 @@ CVE-2026-32776 (libexpat before 2.7.5 allows a NULL pointer dereference with emp
CVE-2026-32775 (libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_ ...)
TODO: check
CVE-2026-31386 (OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies c ...)
- TODO: check
+ NOT-FOR-US: OpenLiteSpeed and LSWS Enterprise
CVE-2026-28522 (arduino-TuyaOpen before version 1.2.1 contains a null pointer derefere ...)
- TODO: check
+ NOT-FOR-US: arduino-TuyaOpen
CVE-2026-28521 (arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory ...)
- TODO: check
+ NOT-FOR-US: arduino-TuyaOpen
CVE-2026-28520 (arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer ov ...)
- TODO: check
+ NOT-FOR-US: arduino-TuyaOpen
CVE-2026-28519 (arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer ove ...)
- TODO: check
+ NOT-FOR-US: arduino-TuyaOpen
CVE-2026-25083 (GROWI OpenAI thread/message API endpoints do not perform authorization ...)
- TODO: check
+ NOT-FOR-US: GROWI OpenAI
CVE-2026-21005 (Path traversal in Smart Switch prior to version 3.7.69.15 allows adjac ...)
NOT-FOR-US: Samsung Mobile
CVE-2026-21004 (Improper authentication in Smart Switch prior to version 3.7.69.15 all ...)
@@ -169,69 +169,69 @@ CVE-2025-14287 (A command injection vulnerability exists in mlflow/mlflow versio
CVE-2025-12736 (in OpenHarmony v5.0.3 and prior versions allow a local attacker case s ...)
NOT-FOR-US: OpenHarmony
CVE-2017-20224 (Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrar ...)
- TODO: check
+ NOT-FOR-US: Telesquare SKT LTE Router SDT-CS3B1
CVE-2017-20223 (Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an ...)
- TODO: check
+ NOT-FOR-US: Telesquare SKT LTE Router SDT-CS3B1
CVE-2017-20222 (Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an ...)
- TODO: check
+ NOT-FOR-US: Telesquare SKT LTE Router SDT-CS3B1
CVE-2017-20221 (Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-sit ...)
- TODO: check
+ NOT-FOR-US: Telesquare SKT LTE Router SDT-CS3B1
CVE-2017-20220 (Serviio PRO 1.8 contains an improper access control vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Serviio PRO
CVE-2017-20219 (Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross ...)
- TODO: check
+ NOT-FOR-US: Serviio PRO
CVE-2017-20218 (Serviio PRO 1.8 contains an unquoted search path vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Serviio PRO
CVE-2017-20217 (Serviio PRO 1.8 contains an information disclosure vulnerability due t ...)
- TODO: check
+ NOT-FOR-US: Serviio PRO
CVE-2016-20036 (Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2016-20035 (Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vul ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2016-20034 (Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2016-20033 (Wowza Streaming Engine 4.5.0 contains a local privilege escalation vul ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2016-20032 (ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scr ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20031 (ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnera ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20030 (ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20029 (ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerabili ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20028 (ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnera ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20027 (ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20026 (ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20025 (ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissio ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2016-20024 (ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulner ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2015-20121 (Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20120 (Next Click Ventures RealtyScript 4.0.2 contains multiple time-based bl ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20119 (Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20118 (Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20117 (Next Click Ventures RealtyScript 4.0.2 contains a cross-site request f ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20116 (Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20115 (Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20114 (Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2015-20113 (Next Click Ventures RealtyScript 4.0.2 contains cross-site request for ...)
- TODO: check
+ NOT-FOR-US: Next Click Ventures RealtyScript
CVE-2013-20006 (Qool CMS contains multiple persistent cross-site scripting vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Qool CMS
CVE-2013-20005 (Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Qool CMS
CVE-2026-4179 (Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-4170 (A weakness has been identified in Topsec TopACM 3.0. Affected by this ...)
@@ -330,7 +330,7 @@ CVE-2026-32640 (SimpleEval is a library for adding evaluatable expressions into
CVE-2026-32635 (Angular is a development platform for building mobile and desktop web ...)
TODO: check
CVE-2026-32630 (file-type detects the file type of a file, stream, or data. From 20.0. ...)
- TODO: check
+ NOT-FOR-US: Node file-type
CVE-2026-32628 (AnythingLLM is an application that turns pieces of content into contex ...)
NOT-FOR-US: AnythingLLM
CVE-2026-32627 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12eaf13b70b0ae4ef73c82ef602615c6e1b0c267
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12eaf13b70b0ae4ef73c82ef602615c6e1b0c267
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260316/ced4262e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list