[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 31 16:37:03 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc065a29 by Salvatore Bonaccorso at 2026-05-31T17:36:39+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,43 +97,43 @@ CVE-2018-25425 (Yot CMS 3.3.1 contains an SQL injection vulnerability that allow
CVE-2018-25424 (Gate Pass Management System 2.1 contains an SQL injection vulnerabilit ...)
NOT-FOR-US: Gate Pass Management System
CVE-2018-25423 (Arm Whois 3.11 contains a buffer overflow vulnerability that allows lo ...)
- TODO: check
+ NOT-FOR-US: Arm Whois
CVE-2018-25422 (MOGG web simulator Script contains an SQL injection vulnerability that ...)
- TODO: check
+ NOT-FOR-US: MOGG web simulator Script
CVE-2018-25421 (Open STA Manager 2.3 contains a path traversal vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: Open STA Manager
CVE-2018-25420 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: AiOPMSD Final
CVE-2018-25419 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: AiOPMSD Final
CVE-2018-25418 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: AiOPMSD Final
CVE-2018-25417 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: AiOPMSD Final
CVE-2018-25416 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: AiOPMSD Final
CVE-2018-25415 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: AiOPMSD Final
CVE-2018-25414 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: AiOPMSD Final
CVE-2018-25413 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: AiOPMSD Final
CVE-2018-25412 (Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Delta Sql
CVE-2018-25411 (MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: MGB OpenSource Guestbook
CVE-2018-25410 (SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows auth ...)
- TODO: check
+ NOT-FOR-US: SIM-PKH
CVE-2018-25409 (SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: SIM-PKH
CVE-2018-25408 (The Open ISES Project 3.30A contains a path traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Open ISES Project
CVE-2018-25407 (eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities t ...)
- TODO: check
+ NOT-FOR-US: eNdonesia Portal
CVE-2018-25406 (eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities t ...)
- TODO: check
+ NOT-FOR-US: eNdonesia Portal
CVE-2018-25405 (eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities t ...)
- TODO: check
+ NOT-FOR-US: eNdonesia Portal
CVE-2026-46242 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 7.0.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -528,13 +528,13 @@ CVE-2026-10108 (xiaomusic v0.5.7 contains an unauthenticated path traversal vuln
CVE-2026-10107 (MoviePilot v2 contains a server-side request forgery vulnerability in ...)
NOT-FOR-US: MoviePilot
CVE-2026-10105 (agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse ve ...)
- TODO: check
+ NOT-FOR-US: agno-agi agno
CVE-2026-10101 (ACM/MCE assisted-service writes raw referenced pull-secret contents in ...)
TODO: check
CVE-2026-10099 (XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the ...)
NOT-FOR-US: XX-Net
CVE-2026-10078 (A flaw was found in the Quay config-tool's GitLab OAuth validator. Thi ...)
- TODO: check
+ NOT-FOR-US: Quay
CVE-2026-10075 (DreamMaker developed by Interinfo has a Path Traversal vulnerability, ...)
NOT-FOR-US: Interinfo
CVE-2026-10074 (DreamMaker developed by Interinfo has an Arbitrary File Read vulnerabi ...)
@@ -572,97 +572,97 @@ CVE-2026-10058 (ITS Intelligent SCADA System developed by ITP Technology has a S
CVE-2026-10057 (ITS Intelligent SCADA System developed by ITP Technology has a Stored ...)
NOT-FOR-US: ITS Intelligent SCADA System
CVE-2026-10056 (CORS misconfiguration in the REST API of Network Optix Nx Witness VMS ...)
- TODO: check
+ NOT-FOR-US: Network Optix Nx Witness VMS
CVE-2026-10052 (A flaw was found in the Quay config-tool's LDAP and SMTP validation fu ...)
- TODO: check
+ NOT-FOR-US: Quay
CVE-2026-10042 (manga-image-translator contains a remote code execution vulnerability ...)
- TODO: check
+ NOT-FOR-US: manga-image-translator
CVE-2026-10039 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-41281 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41280 (Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41279 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41278 (Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Water ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41277 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41276 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41275 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41274 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41273 (Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41272 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41271 (Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in t ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41270 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41269 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41268 (Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in t ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41267 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41266 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-41265 (Nozomi Networks Labs identified a CWE-78: Improper Neutralization of S ...)
- TODO: check
+ NOT-FOR-US: Waterfall
CVE-2025-12714 (The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11262 (The Link Whisper Free plugin for WordPress is vulnerable to Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2018-25404 (The Open ISES Project 3.30A contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Open ISES Project
CVE-2018-25403 (The Open ISES Project 3.30A contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Open ISES Project
CVE-2018-25402 (The Open ISES Project 3.30A contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Open ISES Project
CVE-2018-25401 (The Open ISES Project 3.30A contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Open ISES Project
CVE-2018-25400 (The Open ISES Project 3.30A contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Open ISES Project
CVE-2018-25399 (The Open ISES Project 3.30A contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Open ISES Project
CVE-2018-25398 (The Open ISES Project 3.30A contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Open ISES Project
CVE-2018-25397 (PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that ...)
- TODO: check
+ NOT-FOR-US: PHP-SHOP
CVE-2018-25396 (Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnera ...)
- TODO: check
+ NOT-FOR-US: Heatmiser Wifi Thermostat
CVE-2018-25395 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Kados R10 GreenBee
CVE-2018-25394 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Kados R10 GreenBee
CVE-2018-25393 (Navigate CMS 2.8.5 contains a path traversal vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Navigate CMS
CVE-2018-25392 (MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: MaxOn ERP Software
CVE-2018-25391 (HaPe PKH 1.1 fails to enforce authorization on its record deletion end ...)
- TODO: check
+ NOT-FOR-US: HaPe PKH
CVE-2018-25390 (HaPe PKH 1.1 contains an SQL injection vulnerability that allows unaut ...)
- TODO: check
+ NOT-FOR-US: HaPe PKH
CVE-2018-25389 (HaPe PKH 1.1 contains an SQL injection vulnerability that allows unaut ...)
- TODO: check
+ NOT-FOR-US: HaPe PKH
CVE-2018-25388 (HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: HaPe PKH
CVE-2018-25387 (HaPe PKH 1.1 contains a cross-site request forgery vulnerability that ...)
- TODO: check
+ NOT-FOR-US: HaPe PKH
CVE-2018-25386 (HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/ ...)
- TODO: check
+ NOT-FOR-US: HaPe PKH
CVE-2018-25385 (E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: E-Registrasi Pencak Silat
CVE-2018-25384 (Wikidforum 2.20 contains a cross-site scripting vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: Wikidforum
CVE-2018-25383 (Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerab ...)
- TODO: check
+ NOT-FOR-US: Free MP3 CD Ripper
CVE-2018-25382 (Zechat 1.5 contains an SQL injection vulnerability that allows unauthe ...)
- TODO: check
+ NOT-FOR-US: Zechat
CVE-2026-48840 (Exim 4.88 before 4.99.4, in some proxy configurations, mishandles cert ...)
{DSA-6309-1}
- exim4 4.99.3-2
@@ -1286,7 +1286,7 @@ CVE-2026-32847 (DeepCode through commit c991dc2 contains a path traversal vulner
CVE-2026-2128 (The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10044 (Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary fil ...)
- TODO: check
+ NOT-FOR-US: Usagi-org ai-goofish-monitor
CVE-2026-10028 (A flaw was found in glib-networking. A remote attacker can exploit thi ...)
- glib-networking <unfixed> (bug #1138235)
[trixie] - glib-networking <postponed> (Minor issue, revisit when fixed upstream)
@@ -1748,9 +1748,9 @@ CVE-2026-24444 (SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and
CVE-2025-48977 (Relative Path Traversal vulnerability in Apache Ignite REST API. Auth ...)
TODO: check
CVE-2024-47097 (Cross Site Scripting vulnerability in Follet School Solutions Destiny ...)
- TODO: check
+ NOT-FOR-US: Follet School Solutions Destiny
CVE-2024-47096 (Cross Site Scripting vulnerability in Follet School Solutions Destiny ...)
- TODO: check
+ NOT-FOR-US: Follet School Solutions Destiny
CVE-2026-46240 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 7.0.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
@@ -3207,11 +3207,11 @@ CVE-2025-70103 (Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted
NOTE: https://github.com/libjxl/libjxl/pull/4380
NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/49fb89f23473e57fa1dac416adce7c7679e5d051
CVE-2025-69600 (Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversa ...)
- TODO: check
+ NOT-FOR-US: Raynet rvia
CVE-2025-68712 (SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a loc ...)
- TODO: check
+ NOT-FOR-US: SpSoft AppLock (com.sp.protector.free)
CVE-2025-67903 (Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic sign ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender Client
CVE-2025-66593 (An origin validation error vulnerability in Synology Assistant before ...)
NOT-FOR-US: Synology
CVE-2025-66592 (An origin validation error vulnerability in Synology Active Backup for ...)
@@ -3219,9 +3219,9 @@ CVE-2025-66592 (An origin validation error vulnerability in Synology Active Back
CVE-2025-52747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-41670 (A local user with low privileges may be able to influence the behavior ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2025-41669 (The Web-based Management allows a remote low privileged Engineer user ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2025-3633 (IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos T ...)
NOT-FOR-US: IBM
CVE-2025-30028 (A vulnerability in Active Backup for Business allows unauthorized remo ...)
@@ -5435,7 +5435,7 @@ CVE-2026-25900 (Lack of output escaping leads to a XSS vector in the feed module
CVE-2026-25713 (MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerabilit ...)
NOT-FOR-US: MediaArea MediaInfoLib
CVE-2026-25112 (A high-severity vulnerability in the deployment of Genetec RabbitMQ th ...)
- TODO: check
+ NOT-FOR-US: Genetec
CVE-2026-25104 (MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerab ...)
NOT-FOR-US: MediaArea MediaInfoLib
CVE-2026-24638 (Missing Authorization vulnerability in Webful Creations RepairBuddy al ...)
@@ -5674,7 +5674,7 @@ CVE-2026-24545 (Missing Authorization vulnerability in Nikki Blight QR Redirecto
CVE-2026-24527 (Missing Authorization vulnerability in Patterns in the cloud Autoship ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-71310 (The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't ...)
- TODO: check
+ NOT-FOR-US: GDPR cookies module for Backdrop CMS
CVE-2025-62745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48099
@@ -167729,7 +167729,7 @@ CVE-2025-22372 (Insufficiently Protected Credentials vulnerability in SicommNet
CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: SicommNet BASEC
CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language form el ...)
- TODO: check
+ NOT-FOR-US: HylaFAX Enterprise Web Interface and AvantFAX
CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation for Clou ...)
NOT-FOR-US: IBM
CVE-2024-49709 (Internet Starter, one of SoftCOM iKSORIS system modules,allows for set ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc065a2904439c42b9630187360074c9861339d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc065a2904439c42b9630187360074c9861339d4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260531/a95aa286/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list