[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 21 07:34:36 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
972ee211 by Salvatore Bonaccorso at 2026-03-21T08:34:10+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -158,9 +158,9 @@ CVE-2026-32303 (Cryptomator encrypts data being stored on cloud infrastructure.
CVE-2026-31836 (Checkmate is an open-source, self-hosted tool designed to track and mo ...)
NOT-FOR-US: Checkmate
CVE-2026-31382 (The error_description parameter is vulnerable to Reflected XSS. An att ...)
- TODO: check
+ NOT-FOR-US: Gainsight
CVE-2026-31381 (An attacker can extract user email addresses (PII) exposed in base64 e ...)
- TODO: check
+ NOT-FOR-US: Gainsight
CVE-2026-30580 (File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious u ...)
NOT-FOR-US: File Thingie
CVE-2026-30579 (File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A mali ...)
@@ -198,9 +198,9 @@ CVE-2026-22172 (OpenClaw versions prior to 2026.3.12 contain an authorization by
CVE-2026-0677 (Deserialization of Untrusted Data vulnerability in TotalSuite TotalCon ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67260 (The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indica ...)
- TODO: check
+ NOT-FOR-US: Terrapack
CVE-2025-63260 (SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the ...)
- TODO: check
+ NOT-FOR-US: SyncFusion
CVE-2025-62846 (An SQL injection vulnerability has been reported to affect QHora. If a ...)
NOT-FOR-US: QNAP
CVE-2025-62845 (An improper neutralization of escape, meta, or control sequences vulne ...)
@@ -220,7 +220,7 @@ CVE-2025-15608 (This vulnerability in AX53 v1 results from insufficient input sa
CVE-2025-15607 (A command injection vulnerability on AX53 v1 occurs in mscd debug func ...)
NOT-FOR-US: TPLink
CVE-2024-44722 (SysAK v2.0 and before is vulnerable to command execution via aaa;cat / ...)
- TODO: check
+ NOT-FOR-US: SysAK
CVE-2024-32537 (Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash V ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-31119 (Improper neutralization of input during web page generation ('cross-si ...)
@@ -401,7 +401,7 @@ CVE-2026-33013 (Micronaut Framework is a JVM-based full stack Java framework des
CVE-2026-33012 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
NOT-FOR-US: Micronaut Framework
CVE-2026-33011 (Nest is a framework for building scalable Node.js server-side applicat ...)
- TODO: check
+ NOT-FOR-US: Nest
CVE-2026-32985 (Xerte Online Toolkits versions 3.14 and earlier contain an unauthentic ...)
NOT-FOR-US: Xerte Online Toolkits
CVE-2026-32954 (ERP is a free and open source Enterprise Resource Planning tool. In ve ...)
@@ -442,7 +442,7 @@ CVE-2026-32891 (Anchorr is a Discord bot for requesting movies and TV shows and
CVE-2026-32890 (Anchorr is a Discord bot for requesting movies and TV shows and receiv ...)
NOT-FOR-US: Anchorr
CVE-2026-32889 (tinytag is a Python library for reading audio file metadata. Version 2 ...)
- TODO: check
+ NOT-FOR-US: tinytag Python library
CVE-2026-32888 (Open Source Point of Sale is a web based point-of-sale application wri ...)
NOT-FOR-US: Open Source Point of Sale
CVE-2026-32881 (ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 t ...)
@@ -493,7 +493,7 @@ CVE-2026-32765
CVE-2026-32764
REJECTED
CVE-2026-32763 (Kysely is a type-safe TypeScript SQL query builder. Versions up to and ...)
- TODO: check
+ NOT-FOR-US: Kysely
CVE-2026-32761 (File Browser is a file managing interface for uploading, deleting, pre ...)
NOT-FOR-US: File Browser
CVE-2026-32760 (File Browser is a file managing interface for uploading, deleting, pre ...)
@@ -623,7 +623,7 @@ CVE-2026-31869 (Discourse is an open-source discussion platform. Prior to versio
CVE-2026-31805 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
NOT-FOR-US: Discourse
CVE-2026-30924 (qui is a web interface for managing qBittorrent instances. Versions 1. ...)
- TODO: check
+ NOT-FOR-US: autobrr qui
CVE-2026-30891 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
NOT-FOR-US: Discourse
CVE-2026-30889 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
@@ -920,13 +920,13 @@ CVE-2026-1005 (Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an at
CVE-2026-0819 (A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 Signed ...)
TODO: check
CVE-2025-71260 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a d ...)
- TODO: check
+ NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-71259 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a b ...)
- TODO: check
+ NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-71258 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a b ...)
- TODO: check
+ NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-71257 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an ...)
- TODO: check
+ NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-69720 (ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in progs/infoc ...)
TODO: check
CVE-2025-68836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -934,13 +934,13 @@ CVE-2025-68836 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-67618 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67115 (A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Ser ...)
- TODO: check
+ NOT-FOR-US: Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware
CVE-2025-67114 (Use of a deterministic credential generation algorithm in /ftl/bin/cal ...)
- TODO: check
+ NOT-FOR-US: Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware
CVE-2025-67113 (OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell ...)
- TODO: check
+ NOT-FOR-US: Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware
CVE-2025-67112 (Use of a hard-coded AES-256-CBC key in the configuration backup/restor ...)
- TODO: check
+ NOT-FOR-US: Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware
CVE-2025-62043 (Improper neutralization of input during web page generation ('cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-60237 (Deserialization of Untrusted Data vulnerability in Themeton Finag allo ...)
@@ -954,7 +954,7 @@ CVE-2025-50001 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-32223 (Authorization Bypass Through User-Controlled Key vulnerability in Them ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-14716 (Improper Authentication vulnerability in Secomea GateManager (webserve ...)
- TODO: check
+ NOT-FOR-US: Secomea GateManager
CVE-2026-4342 (A security issue was discovered in ingress-nginx where a combination o ...)
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect v ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972ee211ed11327a21502d236a6730c5ce0a05fe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972ee211ed11327a21502d236a6730c5ce0a05fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/8c5d5b60/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list