[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 8 10:03:49 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ee34313 by Moritz Muehlenhoff at 2026-05-08T11:03:40+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66,11 +66,11 @@ CVE-2026-7263
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733
 	NOTE: https://github.com/php/php-src/commit/d43c523c48960e9ca0bf9c747e9bad8e5121edff
 CVE-2026-8149 (A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on  ...)
-	TODO: check
+	NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle
 CVE-2026-8148 (NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local atta ...)
 	NOT-FOR-US: NAVER MYBOX Explorer for Windows
 CVE-2026-8142 (VINCE versions 3.0.38 and earlier do not properly verify the From addr ...)
-	TODO: check
+	NOT-FOR-US: VINCE portal of CERT
 CVE-2026-8138 (A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affec ...)
 	NOT-FOR-US: Tenda
 CVE-2026-8137 (A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B2023011 ...)
@@ -283,13 +283,13 @@ CVE-2026-26164 (Improper neutralization of special elements in output used by a
 CVE-2026-26129 (Improper neutralization of special elements in M365 Copilot allows an  ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-69691 (Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via p ...)
-	TODO: check
+	NOT-FOR-US: Netgate pfSene
 CVE-2025-69690 (Netgate pfSense CE 2.7.2 allows code execution by using the module ins ...)
-	TODO: check
+	NOT-FOR-US: Netgate pfSene
 CVE-2025-69599 (RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain  ...)
-	TODO: check
+	NOT-FOR-US: RayVentory Scan Engine
 CVE-2025-67888 (An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209.  ...)
-	TODO: check
+	NOT-FOR-US: Control Web Panel (CWP)
 CVE-2025-67887 (1C-Bitrix through 25.100.500 allows Remote Code Execution because an a ...)
 	NOT-FOR-US: 1C-Bitrix
 CVE-2025-67886 (Bitrix24 through 25.100.300 allows Remote Code Execution because an ac ...)
@@ -297,23 +297,23 @@ CVE-2025-67886 (Bitrix24 through 25.100.300 allows Remote Code Execution because
 CVE-2025-55449 (AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_B ...)
 	NOT-FOR-US: AstrBotDevs AstrBot
 CVE-2024-53326 (LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserializa ...)
-	TODO: check
+	NOT-FOR-US: LINQPad
 CVE-2024-51092 (LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2024-46508 (yeti-platform yeti before 2.1.12 allows attackers to generate valid JW ...)
-	TODO: check
+	NOT-FOR-US: yeti-platform yeti
 CVE-2024-46507 (A SSTI (server side template injection) vulnerability in the custom te ...)
-	TODO: check
+	NOT-FOR-US: yeti-platform yeti
 CVE-2024-45257 (A Command Injection issue in the payload build page in BYOB (Build You ...)
-	TODO: check
+	NOT-FOR-US: BYOB (Build Your Own Botnet)
 CVE-2024-33724 (SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2024-33722 (SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated  ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2024-33288 (Prison Management System Using PHP v1.0 was discovered to contain a SQ ...)
-	TODO: check
+	NOT-FOR-US: Prison Management System
 CVE-2024-30167 (/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow re ...)
-	TODO: check
+	NOT-FOR-US: Atlona AT-OME-MS42 Matrix Switcher
 CVE-2024-27686 (Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a r ...)
 	NOT-FOR-US: MikroTik
 CVE-2023-47268 (In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ...)
@@ -506,15 +506,15 @@ CVE-2025-67202 (Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Si
 CVE-2025-66105 (Missing Authorization vulnerability in Magepeople inc. Bus Ticket Book ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-65122 (Regex Denial of Service in youtube-regex npm package through version 1 ...)
-	TODO: check
+	NOT-FOR-US: Node youtube-regex
 CVE-2025-63706 (NPM package next-npm-version1.0.1 is vulnerable to Command injection.)
-	TODO: check
+	NOT-FOR-US: Node next-npm-version
 CVE-2025-63705 (NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection v ...)
-	TODO: check
+	NOT-FOR-US: Node node-ts-ocr
 CVE-2025-63704 (NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollu ...)
-	TODO: check
+	NOT-FOR-US: Node query-parser-string
 CVE-2025-63703 (npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in i ...)
-	TODO: check
+	NOT-FOR-US: Node parse-ini
 CVE-2025-62127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-4397 (Medtronic MyCareLink Patient Monitor uses per-product credentials that ...)
@@ -526,9 +526,9 @@ CVE-2025-2514 (Improper restriction of excessive authentication attempts vulnera
 CVE-2025-1978 (Remote Code Execution Vulnerability in Hitachi Storage Navigator and t ...)
 	NOT-FOR-US: Hitachi
 CVE-2025-14341 (Improperly controlled modification of Dynamically-Determined object at ...)
-	TODO: check
+	NOT-FOR-US: DivvyDrive
 CVE-2024-43384 (A low privileged remote attacker can gainthe root password due to impr ...)
-	TODO: check
+	NOT-FOR-US: PHOENIX FL MGUARD 2102
 CVE-2026-4430 (Out-of-bounds write vulnerability in The Document Foundation LibreOffi ...)
 	{DSA-6251-1}
 	- libreoffice 4:26.2.3.2-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee34313c1f39921d1c67c9eb6d630ca232b2c45

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee34313c1f39921d1c67c9eb6d630ca232b2c45
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/b7a7ef14/attachment.htm>

More information about the debian-security-tracker-commits mailing list