Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61f2ed24 by Salvatore Bonaccorso at 2026-01-30T10:19:50+01:00
Process some new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2026-25211 (Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor
the pgve ...)
- TODO: check
+ NOT-FOR-US: Llama Stack (aka llama-stack)
CVE-2026-25126 (PolarLearn is a free and open-source learning program. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: PolarLearn
CVE-2026-25117 (pwn.college DOJO is an education platform for learning
cybersecurity. ...)
- TODO: check
+ NOT-FOR-US: pwn.college DOJO
CVE-2026-25116 (Runtipi is a personal homeserver orchestrator. Starting in
version 4.5 ...)
- TODO: check
+ NOT-FOR-US: Runtipi
CVE-2026-25097
REJECTED
CVE-2026-25096
@@ -27,25 +27,25 @@ CVE-2026-25063 (gradle-completion provides Bash and Zsh
completion support for G
CVE-2026-25061 (tcpflow is a TCP/IP packet demultiplexer. In versions up to
and includ ...)
TODO: check
CVE-2026-25047 (deepHas provides a test for the existence of a nested object
key and o ...)
- TODO: check
+ NOT-FOR-US: deepHas
CVE-2026-25046 (Kimi Agent SDK is a set of libraries that expose the Kimi Code
(Kimi C ...)
- TODO: check
+ NOT-FOR-US: Kimi Agent SDK
CVE-2026-25040 (Budibase is a low code platform for creating internal tools,
workflows ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-24905 (Inspektor Gadget is a set of tools and framework for data
collection a ...)
TODO: check
CVE-2026-24904 (TrustTunnel is an open-source VPN protocol with a rule bypass
issue in ...)
- TODO: check
+ NOT-FOR-US: TrustTunnel
CVE-2026-24902 (TrustTunnel is an open-source VPN protocol with a server-side
request ...)
- TODO: check
+ NOT-FOR-US: TrustTunnel
CVE-2026-24846 (malcontent discovers supply-chain compromises through.
context, differ ...)
TODO: check
CVE-2026-24845 (malcontent discovers supply-chain compromises through.
context, differ ...)
TODO: check
CVE-2026-24729 (An unrestricted upload of file with dangerous type
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Interinfo DreamMaker
CVE-2026-24728 (A missing authentication for critical function vulnerability
in the /s ...)
- TODO: check
+ NOT-FOR-US: Interinfo DreamMaker
CVE-2026-24714 (Some end of service NETGEAR products provide "TelnetEnable"
functional ...)
NOT-FOR-US: Netgear
CVE-2026-1680 (Improper access control in the WCF endpoint in Edgemo (now
owned by Da ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f2ed2427b75466e0fcb51f4a35a935f67b2fd7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f2ed2427b75466e0fcb51f4a35a935f67b2fd7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
