[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 26 06:46:58 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e4d2247 by Salvatore Bonaccorso at 2026-05-26T07:46:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -173,45 +173,45 @@ CVE-2018-25380 (Joomla Component eXtroForms 2.1.5 contains an SQL injection vuln
 CVE-2018-25379 (Collectric CMU 1.0 contains a boolean-based blind SQL injection vulner ...)
 	NOT-FOR-US: Collectric CMU
 CVE-2018-25378 (Notebook Pro 2.0 contains a denial of service vulnerability that allow ...)
-	TODO: check
+	NOT-FOR-US: Notebook Pro
 CVE-2018-25377 (Flash Slideshow Maker Professional 5.20 contains a buffer overflow vul ...)
-	TODO: check
+	NOT-FOR-US: Flash Slideshow Maker Professional
 CVE-2018-25376 (Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Socusoft 3GP Photo Slideshow
 CVE-2018-25375 (SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerab ...)
-	TODO: check
+	NOT-FOR-US: SocuSoft iPod Photo Slideshow
 CVE-2018-25374 (Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory tra ...)
-	TODO: check
+	NOT-FOR-US: Softneta MedDream PACS Server Premium
 CVE-2018-25373 (SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based  ...)
-	TODO: check
+	NOT-FOR-US: SocuSoft DVD Photo Slideshow Professional
 CVE-2018-25372 (MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: MedDream PACS Server Premium
 CVE-2018-25371 (mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: mooSocial Store Plugin
 CVE-2018-25370 (Admidio 3.3.5 contains a cross-site request forgery vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: Admidio
 CVE-2018-25369 (Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input  ...)
-	TODO: check
+	NOT-FOR-US: Visual Ping
 CVE-2018-25368 (Nord VPN 6.14.31 contains a denial of service vulnerability that allow ...)
-	TODO: check
+	NOT-FOR-US: Nord VPN
 CVE-2018-25367 (NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allo ...)
-	TODO: check
+	NOT-FOR-US: NASA openVSP
 CVE-2018-25366 (CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows lo ...)
-	TODO: check
+	NOT-FOR-US: CuteFTP
 CVE-2018-25365 (PCViewer vt1000 contains a directory traversal vulnerability that allo ...)
-	TODO: check
+	NOT-FOR-US: PCViewer vt1000
 CVE-2018-25364 (Twitter-Clone 1 contains a SQL injection vulnerability that allows una ...)
-	TODO: check
+	NOT-FOR-US: Twitter-Clone
 CVE-2018-25363 (Twitter-Clone 1 contains a cross-site request forgery vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: Twitter-Clone
 CVE-2018-25362 (Twitter-Clone 1 contains a SQL injection vulnerability in follow.php t ...)
-	TODO: check
+	NOT-FOR-US: Twitter-Clone
 CVE-2018-25361 (Soroush IM Desktop App 0.17.0 contains an authentication bypass vulner ...)
-	TODO: check
+	NOT-FOR-US: Soroush IM Desktop App
 CVE-2018-25360 (AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow v ...)
-	TODO: check
+	NOT-FOR-US: AgataSoft Auto PingMaster
 CVE-2018-25359 (Splinterware System Scheduler Pro 5.12 contains an insecure file permi ...)
-	TODO: check
+	NOT-FOR-US: Splinterware System Scheduler Pro
 CVE-2026-46745 (Apache Airflow FAB Auth Manager contains an LDAP filter injection vuln ...)
 	NOT-FOR-US: Airflow provider
 CVE-2026-45361 (Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH  ...)
@@ -6686,11 +6686,11 @@ CVE-2025-40833 (The affected devices contain a null pointer dereference vulnerab
 CVE-2025-36515 (Uncontrolled search path for some AI Playground software before versio ...)
 	NOT-FOR-US: Intel
 CVE-2025-36510 (Improper buffer restrictions for some Display Virtualization for Windo ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-35991 (Improper initialization in the UEFI firmware for some Intel platforms  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-35990 (Improper input validation for some Intel Endpoint Management Assistant ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-35979 (Exposure of sensitive information caused by shared microarchitectural  ...)
 	- intel-microcode <unfixed> (bug #1137032)
 	[trixie] - intel-microcode <postponed> (As usual fixed top-down, expose first in unstable, then likely point release)
@@ -6699,7 +6699,7 @@ CVE-2025-35979 (Exposure of sensitive information caused by shared microarchitec
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260512
 CVE-2025-35969 (Uncontrolled search path for some Intel(R) Server Firmware Update Util ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-27723 (Use after free for some Linux kernel driver for the Intel(R) Ethernet  ...)
 	TODO: check
 CVE-2025-12659 (The affected applications contains a memory corruption vulnerability w ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4d22479e0c8cfbc77589865446a6885b88ea92

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4d22479e0c8cfbc77589865446a6885b88ea92
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260526/624f601a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list