[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 23 20:26:26 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b83c908 by Salvatore Bonaccorso at 2026-05-23T21:26:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,67 +1,67 @@
 CVE-2026-9306 (A security vulnerability has been detected in QuantumNous new-api up t ...)
-	TODO: check
+	NOT-FOR-US: QuantumNous new-api
 CVE-2026-9305 (A weakness has been identified in QuantumNous new-api up to 0.12.1. Th ...)
-	TODO: check
+	NOT-FOR-US: QuantumNous new-api
 CVE-2026-9304 (A security flaw has been discovered in calcom cal.diy up to 4.9.4. The ...)
-	TODO: check
+	NOT-FOR-US: calcom cal.diy
 CVE-2026-9303 (A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted ...)
-	TODO: check
+	NOT-FOR-US: calcom cal.diy
 CVE-2026-9302 (A vulnerability was determined in 546669204 vps-inventory-monitoring u ...)
-	TODO: check
+	NOT-FOR-US: vps-inventory-monitoring
 CVE-2026-9301 (A vulnerability was found in omec-project amf up to 2.1.1. This vulner ...)
-	TODO: check
+	NOT-FOR-US: omec-project amf
 CVE-2026-9300 (A vulnerability has been found in omec-project amf up to 2.1.1. This a ...)
-	TODO: check
+	NOT-FOR-US: omec-project amf
 CVE-2026-9299 (A flaw has been found in omec-project amf up to 2.1.1. Affected by thi ...)
-	TODO: check
+	NOT-FOR-US: omec-project amf
 CVE-2026-9298 (A vulnerability was detected in omec-project amf up to 2.1.1. Affected ...)
-	TODO: check
+	NOT-FOR-US: omec-project amf
 CVE-2026-9297 (A security vulnerability has been detected in Edimax BR-6428NS 1.10. A ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-9296 (A weakness has been identified in Edimax BR-6428NS 1.10. This impacts  ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-9295 (A security flaw has been discovered in Edimax BR-6428NS 1.10. This aff ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-9294 (A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted  ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2018-25358 (D-Link DIR601 2.02NA contains a credential disclosure vulnerability th ...)
 	NOT-FOR-US: D-Link
 CVE-2018-25357 (Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability ...)
 	TODO: check
 CVE-2018-25356 (SIPp 3.6 and earlier contains a local buffer overflow vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: SIPp
 CVE-2018-25355 (Audiograbber 1.83 contains a local buffer overflow vulnerability that  ...)
-	TODO: check
+	NOT-FOR-US: Audiograbber
 CVE-2018-25354 (Joomla Component jomres 9.11.2 contains a cross-site request forgery v ...)
-	TODO: check
+	NOT-FOR-US: Joomla Component jomres
 CVE-2018-25353 (Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file  ...)
-	TODO: check
+	NOT-FOR-US: Redaxo CMS Mediapool Addon
 CVE-2018-25352 (WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below co ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2018-25351 (Joomla! Component EkRishta 2.10 contains an error-based SQL injection  ...)
-	TODO: check
+	NOT-FOR-US: Joomla! Component EkRishta
 CVE-2018-25350 (userSpice 4.3.24 contains a username enumeration vulnerability that al ...)
-	TODO: check
+	NOT-FOR-US: userSpice
 CVE-2018-25349 (userSpice 4.3.24 contains a cross-site scripting vulnerability that al ...)
-	TODO: check
+	NOT-FOR-US: userSpice
 CVE-2018-25348 (Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Joomla! Component Ek Rishta
 CVE-2018-25347 (WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2018-25346 (WordPress Form Maker Plugin 1.12.24 and below contains SQL injection v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2018-25345 (10-Strike Network Scanner 3.0 contains a local buffer overflow vulnera ...)
-	TODO: check
+	NOT-FOR-US: 10-Strike Network Scanner
 CVE-2018-25344 (10-Strike Network Inventory Explorer 8.54 contains a stack-based buffe ...)
-	TODO: check
+	NOT-FOR-US: 10-Strike Network Inventory Explorer
 CVE-2018-25343 (Smartshop 1 contains a cross-site request forgery vulnerability that a ...)
-	TODO: check
+	NOT-FOR-US: Smartshop
 CVE-2018-25342 (Smartshop 1 contains a time-based blind SQL injection vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: Smartshop
 CVE-2018-25341 (Smartshop 1 contains a SQL injection vulnerability that allows unauthe ...)
-	TODO: check
+	NOT-FOR-US: Smartshop
 CVE-2018-25340 (Smartshop 1 contains a SQL injection vulnerability that allows unauthe ...)
-	TODO: check
+	NOT-FOR-US: Smartshop
 CVE-2026-43503 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 7.0.9-1
 	NOTE: https://git.kernel.org/linus/48f6a5356a33dd78e7144ae1faef95ffc990aae0
@@ -321,15 +321,15 @@ CVE-2026-25680 (Parsing arbitrary HTML can consume excessive CPU time, possibly
 	NOTE: https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
 	NOTE: https://github.com/golang/go/issues/79573
 CVE-2026-25608 (STER uses unencrypted TCP traffic to transmit data over the network. I ...)
-	TODO: check
+	NOT-FOR-US: STER
 CVE-2026-25607 (Use of a weak password encoding algorithm in STER software allows the  ...)
-	TODO: check
+	NOT-FOR-US: STER
 CVE-2026-25606 (A SQL injection vulnerability has been identified in STER. Improper ne ...)
-	TODO: check
+	NOT-FOR-US: STER
 CVE-2025-46371 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Brok ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-45145 (Directory traversal in Follett Software's Destiny Library Manager 22_0 ...)
-	TODO: check
+	NOT-FOR-US: Destiny Library Manager
 CVE-2025-32751 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Sto ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-32749 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of  ...)
@@ -1855,7 +1855,7 @@ CVE-2026-24160 (NVIDIA TRT-LLM for any platform contains a vulnerability where a
 CVE-2026-24142 (NVIDIA TRT-LLM for any platform contains a deserialization vulnerabili ...)
 	NOT-FOR-US: NVIDIA
 CVE-2025-70950 (An issue in gohttp commit 34ea51 allows attackers to execute a directo ...)
-	TODO: check
+	NOT-FOR-US: gohttp
 CVE-2025-61081 (In BYD Atto3, an attacker can obtain an authentication key through Bru ...)
 	NOT-FOR-US: BYD Atto3
 CVE-2025-57798 (Joplin is an open source note-taking and to-do application that organi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b83c9088c92feb5b51f841d5da7efa207fc61f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b83c9088c92feb5b51f841d5da7efa207fc61f0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260523/c7cb198a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list