Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e759dd6 by Salvatore Bonaccorso at 2026-02-21T11:16:15+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,25 +49,25 @@ CVE-2026-2044 (GIMP PGM File Parsing Uninitialized Memory
Remote Code Execution
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/112a5e038f0646eae5ae314988ec074433d2b365
CVE-2026-2043 (Nagios Host esensors_websensor_configwizard_func Command
Injection Rem ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2026-2042 (Nagios Host monitoringwizard Command Injection Remote Code
Execution V ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2026-2041 (Nagios Host zabbixagent_configwizard_func Command Injection
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2026-2040 (PDF-XChange Editor TrackerUpdate Uncontrolled Search Path
Element Loca ...)
NOT-FOR-US: PDF-XChange
CVE-2026-2039 (GFI Archiver MArc.Store Missing Authorization Authentication
Bypass Vu ...)
- TODO: check
+ NOT-FOR-US: GFI Archiver
CVE-2026-2038 (GFI Archiver MArc.Core Missing Authorization Authentication
Bypass Vul ...)
- TODO: check
+ NOT-FOR-US: GFI Archiver
CVE-2026-2037 (GFI Archiver MArc.Core Deserialization of Untrusted Data Remote
Code E ...)
- TODO: check
+ NOT-FOR-US: GFI Archiver
CVE-2026-2036 (GFI Archiver MArc.Store Deserialization of Untrusted Data
Remote Code ...)
- TODO: check
+ NOT-FOR-US: GFI Archiver
CVE-2026-2035 (Deciso OPNsense diag_backup.php filename Command Injection
Remote Code ...)
- TODO: check
+ NOT-FOR-US: Deciso OPNsense
CVE-2026-2034 (Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote
Code Ex ...)
- TODO: check
+ NOT-FOR-US: Sante DICOM Viewer Pro
CVE-2026-2033 (MLflow Tracking Server Artifact Handler Directory Traversal
Remote Cod ...)
NOT-FOR-US: mlflow
CVE-2026-27534
@@ -219,39 +219,39 @@ CVE-2026-0797 (GIMP ICO File Parsing Heap-based Buffer
Overflow Remote Code Exec
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-050/
TODO: check, unclear fix, reference to gimp commit seems incorrect
CVE-2026-0777 (Xmind Attachment Insufficient UI Warning Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Xmind
CVE-2025-62326 (HCL Digital Experience is susceptible to stored cross-site
scripting ( ...)
NOT-FOR-US: HCL
CVE-2019-25454 (phpMoAdmin 1.1.5 contains a stored cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: phpMoAdmin
CVE-2019-25453 (phpMoAdmin 1.1.5 contains a reflected cross-site scripting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: phpMoAdmin
CVE-2019-25451 (phpMoAdmin 1.1.5 contains a cross-site request forgery
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: phpMoAdmin
CVE-2019-25449 (OrientDB 3.0.17 contains a reflected cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OrientDB
CVE-2019-25448 (OrientDB 3.0.17 contains a stored cross-site scripting
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: OrientDB
CVE-2019-25447 (OrientDB 3.0.17 GA Community Edition contains cross-site
request forge ...)
- TODO: check
+ NOT-FOR-US: OrientDB
CVE-2019-25441 (thesystem 1.0 contains a command injection vulnerability that
allows u ...)
- TODO: check
+ NOT-FOR-US: thesystem
CVE-2019-25438 (LabCollector 5.423 contains multiple SQL injection
vulnerabilities tha ...)
- TODO: check
+ NOT-FOR-US: LabCollector
CVE-2019-25437 (Foscam Video Management System 1.1.6.6 contains a buffer
overflow vuln ...)
- TODO: check
+ NOT-FOR-US: Foscam Video Management System
CVE-2019-25436 (Sricam DeviceViewer 3.12.0.1 contains a password change
security bypas ...)
- TODO: check
+ NOT-FOR-US: Sricam DeviceViewer
CVE-2019-25435 (Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Sricam DeviceViewer
CVE-2019-25434 (SpotAuditor 5.3.1.0 contains a denial of service vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: SpotAuditor
CVE-2019-25432 (Part-DB 0.4 contains an authentication bypass vulnerability
that allow ...)
- TODO: check
+ NOT-FOR-US: Part-DB
CVE-2019-25431 (delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: delpino73 Blue-Smiley-Organizer
CVE-2018-25158 (Chamilo LMS 1.11.8 contains an arbitrary file upload
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2026-2854 (A flaw has been found in D-Link DWR-M960 1.01.07. This impacts
the fun ...)
NOT-FOR-US: D-Link
CVE-2026-2853 (A vulnerability was detected in D-Link DWR-M960 1.01.07. This
affects ...)
@@ -441,11 +441,11 @@ CVE-2026-21620 (Relative Path Traversal, Improper
Isolation or Compartmentalizat
CVE-2026-20761 (A vulnerability exists in EnOcean SmartServer IoT version
4.60.009 and ...)
NOT-FOR-US: EnOcean SmartServer IoT
CVE-2026-1842 (HyperCloud versions 2.3.5 through 2.6.8 improperly allowed
refresh tok ...)
- TODO: check
+ NOT-FOR-US: SoftIron HyperCloud
CVE-2025-70833 (An Authentication Bypass vulnerability in Smanga 3.2.7 allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Smanga
CVE-2025-70831 (A Remote Code Execution (RCE) vulnerability was found in
Smanga 3.2.7 ...)
- TODO: check
+ NOT-FOR-US: Smanga
CVE-2025-69410 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-69409 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -751,7 +751,7 @@ CVE-2025-67624 (Missing Authorization vulnerability in Arya
Dhiratara Optimize M
CVE-2025-67547 (Missing Authorization vulnerability in uixthemes Konte konte
allows Ex ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67438 (A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in
Server be ...)
- TODO: check
+ NOT-FOR-US: Sync-in Server
CVE-2025-60183 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-60087 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -771,15 +771,15 @@ CVE-2025-52744 (Improper Control of Generation of Code
('Code Injection') vulner
CVE-2025-52603 (HCL Connections is vulnerable to information disclosure. In a
very sp ...)
NOT-FOR-US: HCL
CVE-2025-15583 (A weakness has been identified in detronetdip E-commerce
1.0.0. This a ...)
- TODO: check
+ NOT-FOR-US: detronetdip E-commerce
CVE-2025-15582 (A security flaw has been discovered in detronetdip E-commerce
1.0.0. T ...)
- TODO: check
+ NOT-FOR-US: detronetdip E-commerce
CVE-2025-14547 (An integer underflow vulnerability is present in Silicon
Lab\u2019s im ...)
NOT-FOR-US: Silicon Labs
CVE-2025-14055 (An integer underflow vulnerability in Silicon Labs Secure NCP
host imp ...)
NOT-FOR-US: Silicon Labs
CVE-2025-10970 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Kolay Software Inc. Talentics
CVE-2024-56208 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-54222 (Missing Authorization vulnerability in Seraphinite Solutions
Seraphini ...)
@@ -797,9 +797,9 @@ CVE-2024-43228 (Missing Authorization vulnerability in
SecuPress SecuPress Free
CVE-2024-34438 (Missing Authorization vulnerability in Anssi Laitila Shared
Files shar ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2019-25445 (Fiverr Clone Script 1.2.2 contains a cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Fiverr Clone Script
CVE-2019-25444 (Fiverr Clone Script 1.2.2 contains an SQL injection
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Fiverr Clone Script
CVE-2026-2825 (A vulnerability has been found in rachelos WeRSS we-mp-rss up
to 1.4.8 ...)
NOT-FOR-US: rachelos WeRSS we-mp-rss
CVE-2026-2824 (A flaw has been found in Comfast CF-E7 2.6.0.9. This affects
the funct ...)
@@ -1018,7 +1018,7 @@ CVE-2025-8054 (Improper Limitation of a Pathname to a
Restricted Directory ('Pat
CVE-2025-67305 (In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance
contain ...)
NOT-FOR-US: RUCKUS
CVE-2025-59819 (This vulnerability allows authenticated attackers to read an
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-30416 (Sensitive data disclosure and manipulation due to missing
authorizatio ...)
NOT-FOR-US: Acronis
CVE-2025-30412 (Sensitive data disclosure and manipulation due to improper
authenticat ...)
@@ -1477,83 +1477,83 @@ CVE-2025-69674 (Buffer Overflow vulnerability in CDATA
FD614GS3-R850 V3.2.7_P161
CVE-2025-67304 (In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance
contain ...)
NOT-FOR-US: Ruckus
CVE-2025-55853 (SoftVision webPDF before 10.0.2 is vulnerable to Server-Side
Request F ...)
- TODO: check
+ NOT-FOR-US: SoftVision webPDF
CVE-2025-41023 (An authentication bypass vulnerability has been found in
Thesamur's Au ...)
- TODO: check
+ NOT-FOR-US: Thesamur
CVE-2025-40697 (Reflected Cross-Site Scripting (XSS) vulnerability in
'/index.php' in ...)
- TODO: check
+ NOT-FOR-US: Lewe WebMeasure
CVE-2025-15563 (Any unauthenticated user can reset the WorkTime on-prem
database confi ...)
- TODO: check
+ NOT-FOR-US: NesterSoft WorkTime
CVE-2025-15562 (The server API endpoint/report/internet/urls reflects received
data in ...)
- TODO: check
+ NOT-FOR-US: NesterSoft WorkTime
CVE-2025-15561 (An attacker can exploit the update behavior of the WorkTime
monitoring ...)
- TODO: check
+ NOT-FOR-US: NesterSoft WorkTime
CVE-2025-15560 (An authenticated attacker with minimal permissions can exploit
a SQL i ...)
- TODO: check
+ NOT-FOR-US: NesterSoft WorkTime
CVE-2025-15559 (An unauthenticated attacker can inject OS commands when
calling a serv ...)
- TODO: check
+ NOT-FOR-US: NesterSoft WorkTime
CVE-2025-13590 (A malicious actor with administrative privileges can upload an
arbitra ...)
NOT-FOR-US: WSO2
CVE-2025-12107 (Due to the use of a vulnerable third-party Velocity template
engine, a ...)
NOT-FOR-US: WSO2
CVE-2019-25430 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25429 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25428 (Comodo Dome Firewall 2.7.0 contains multiple reflected
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25427 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25426 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25425 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25424 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25423 (Comodo Dome Firewall 2.7.0 contains multiple reflected
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25422 (Comodo Dome Firewall 2.7.0 contains cross-site scripting
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25421 (Comodo Dome Firewall 2.7.0 contains multiple cross-site
scripting vuln ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25420 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25419 (Comodo Dome Firewall 2.7.0 contains a stored cross-site
scripting vuln ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25418 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25417 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25416 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25415 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25414 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25413 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25412 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25411 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25410 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25409 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25408 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25407 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25406 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25405 (Comodo Dome Firewall 2.7.0 contains a stored cross-site
scripting vuln ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25404 (Comodo Dome Firewall 2.7.0 contains a stored cross-site
scripting vuln ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25403 (Comodo Dome Firewall 2.7.0 contains a stored cross-site
scripting vuln ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2019-25402 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Comodo Dome Firewall
CVE-2026-XXXX [RUSTSEC-2026-0013]
- rust-pyo3 <unfixed>
[trixie] - rust-pyo3 <no-dsa> (Minor issue)
@@ -424988,7 +424988,7 @@ CVE-2021-35404
CVE-2021-35403
RESERVED
CVE-2021-35402 (PROLiNK PRC2402M 20190909 before 2021-06-13 allows
live_api.cgi?page=s ...)
- TODO: check
+ NOT-FOR-US: PROLiNK
CVE-2021-35401
RESERVED
CVE-2021-35400
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e759dd6c17b6eb2fbefc9799149c331eea8f547
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e759dd6c17b6eb2fbefc9799149c331eea8f547
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
