Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc065a29 by Salvatore Bonaccorso at 2026-05-31T17:36:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,43 +97,43 @@ CVE-2018-25425 (Yot CMS 3.3.1 contains an SQL injection 
vulnerability that allow
 CVE-2018-25424 (Gate Pass Management System 2.1 contains an SQL injection 
vulnerabilit ...)
        NOT-FOR-US: Gate Pass Management System
 CVE-2018-25423 (Arm Whois 3.11 contains a buffer overflow vulnerability that 
allows lo ...)
-       TODO: check
+       NOT-FOR-US: Arm Whois
 CVE-2018-25422 (MOGG web simulator Script contains an SQL injection 
vulnerability that ...)
-       TODO: check
+       NOT-FOR-US: MOGG web simulator Script
 CVE-2018-25421 (Open STA Manager 2.3 contains a path traversal vulnerability 
that allo ...)
-       TODO: check
+       NOT-FOR-US: Open STA Manager
 CVE-2018-25420 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: AiOPMSD Final
 CVE-2018-25419 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: AiOPMSD Final
 CVE-2018-25418 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: AiOPMSD Final
 CVE-2018-25417 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: AiOPMSD Final
 CVE-2018-25416 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: AiOPMSD Final
 CVE-2018-25415 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: AiOPMSD Final
 CVE-2018-25414 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: AiOPMSD Final
 CVE-2018-25413 (AiOPMSD Final 1.0.0 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: AiOPMSD Final
 CVE-2018-25412 (Delta Sql 1.8.2 contains an arbitrary file upload 
vulnerability that a ...)
-       TODO: check
+       NOT-FOR-US: Delta Sql
 CVE-2018-25411 (MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: MGB OpenSource Guestbook
 CVE-2018-25410 (SIM-PKH 2.4.1 contains an SQL injection vulnerability that 
allows auth ...)
-       TODO: check
+       NOT-FOR-US: SIM-PKH
 CVE-2018-25409 (SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability 
that all ...)
-       TODO: check
+       NOT-FOR-US: SIM-PKH
 CVE-2018-25408 (The Open ISES Project 3.30A contains a path traversal 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Open ISES Project
 CVE-2018-25407 (eNdonesia Portal 8.7 contains multiple SQL injection 
vulnerabilities t ...)
-       TODO: check
+       NOT-FOR-US: eNdonesia Portal
 CVE-2018-25406 (eNdonesia Portal 8.7 contains multiple SQL injection 
vulnerabilities t ...)
-       TODO: check
+       NOT-FOR-US: eNdonesia Portal
 CVE-2018-25405 (eNdonesia Portal 8.7 contains multiple SQL injection 
vulnerabilities t ...)
-       TODO: check
+       NOT-FOR-US: eNdonesia Portal
 CVE-2026-46242 (In the Linux kernel, the following vulnerability has been 
resolved:  e ...)
        - linux 7.0.10-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -528,13 +528,13 @@ CVE-2026-10108 (xiaomusic v0.5.7 contains an 
unauthenticated path traversal vuln
 CVE-2026-10107 (MoviePilot v2 contains a server-side request forgery 
vulnerability in  ...)
        NOT-FOR-US: MoviePilot
 CVE-2026-10105 (agno 2.6.5 contains a SQL injection vulnerability in the 
ClickHouse ve ...)
-       TODO: check
+       NOT-FOR-US: agno-agi agno
 CVE-2026-10101 (ACM/MCE assisted-service writes raw referenced pull-secret 
contents in ...)
        TODO: check
 CVE-2026-10099 (XX-Net V5.16.6 contains a WebSocket frame parsing 
vulnerability in the ...)
        NOT-FOR-US: XX-Net
 CVE-2026-10078 (A flaw was found in the Quay config-tool's GitLab OAuth 
validator. Thi ...)
-       TODO: check
+       NOT-FOR-US: Quay
 CVE-2026-10075 (DreamMaker developed by Interinfo has a Path Traversal 
vulnerability,  ...)
        NOT-FOR-US: Interinfo
 CVE-2026-10074 (DreamMaker developed by Interinfo has an Arbitrary File Read 
vulnerabi ...)
@@ -572,97 +572,97 @@ CVE-2026-10058 (ITS Intelligent SCADA System developed by 
ITP Technology has a S
 CVE-2026-10057 (ITS Intelligent SCADA System developed by ITP Technology has a 
Stored  ...)
        NOT-FOR-US: ITS Intelligent SCADA System
 CVE-2026-10056 (CORS misconfiguration in the REST API of Network Optix Nx 
Witness VMS  ...)
-       TODO: check
+       NOT-FOR-US: Network Optix Nx Witness VMS
 CVE-2026-10052 (A flaw was found in the Quay config-tool's LDAP and SMTP 
validation fu ...)
-       TODO: check
+       NOT-FOR-US: Quay
 CVE-2026-10042 (manga-image-translator contains a remote code execution 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: manga-image-translator
 CVE-2026-10039 (The Frontend Admin by DynamiApps plugin for WordPress is 
vulnerable to ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-41281 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41280 (Nozomi Networks Labs identified a CWE-23: Relative Path 
Traversal (Zip ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41279 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41278 (Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read 
in Water ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41277 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41276 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41275 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41274 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41273 (Nozomi Networks Labs identified a CWE-288: Authentication 
Bypass Using ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41272 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41271 (Nozomi Networks Labs identified a CWE-23: Relative Path 
Traversal in t ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41270 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41269 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41268 (Nozomi Networks Labs identified a CWE-23: Relative Path 
Traversal in t ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41267 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41266 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-41265 (Nozomi Networks Labs identified a CWE-78: Improper 
Neutralization of S ...)
-       TODO: check
+       NOT-FOR-US: Waterfall
 CVE-2025-12714 (The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings 
plugin  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-11262 (The Link Whisper Free plugin for WordPress is vulnerable to 
Stored Cro ...)
        NOT-FOR-US: WordPress plugin
 CVE-2018-25404 (The Open ISES Project 3.30A contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Open ISES Project
 CVE-2018-25403 (The Open ISES Project 3.30A contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Open ISES Project
 CVE-2018-25402 (The Open ISES Project 3.30A contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Open ISES Project
 CVE-2018-25401 (The Open ISES Project 3.30A contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Open ISES Project
 CVE-2018-25400 (The Open ISES Project 3.30A contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Open ISES Project
 CVE-2018-25399 (The Open ISES Project 3.30A contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Open ISES Project
 CVE-2018-25398 (The Open ISES Project 3.30A contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Open ISES Project
 CVE-2018-25397 (PHP-SHOP 1.0 contains a cross-site request forgery 
vulnerability that  ...)
-       TODO: check
+       NOT-FOR-US: PHP-SHOP
 CVE-2018-25396 (Heatmiser Wifi Thermostat 1.7 contains a credential disclosure 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Heatmiser Wifi Thermostat
 CVE-2018-25395 (Kados R10 GreenBee contains an SQL injection vulnerability 
that allows ...)
-       TODO: check
+       NOT-FOR-US: Kados R10 GreenBee
 CVE-2018-25394 (Kados R10 GreenBee contains an SQL injection vulnerability 
that allows ...)
-       TODO: check
+       NOT-FOR-US: Kados R10 GreenBee
 CVE-2018-25393 (Navigate CMS 2.8.5 contains a path traversal vulnerability 
that allows ...)
-       TODO: check
+       NOT-FOR-US: Navigate CMS
 CVE-2018-25392 (MaxOn ERP Software 8.x-9.x contains an SQL injection 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: MaxOn ERP Software
 CVE-2018-25391 (HaPe PKH 1.1 fails to enforce authorization on its record 
deletion end ...)
-       TODO: check
+       NOT-FOR-US: HaPe PKH
 CVE-2018-25390 (HaPe PKH 1.1 contains an SQL injection vulnerability that 
allows unaut ...)
-       TODO: check
+       NOT-FOR-US: HaPe PKH
 CVE-2018-25389 (HaPe PKH 1.1 contains an SQL injection vulnerability that 
allows unaut ...)
-       TODO: check
+       NOT-FOR-US: HaPe PKH
 CVE-2018-25388 (HaPe PKH 1.1 contains an arbitrary file upload vulnerability 
that allo ...)
-       TODO: check
+       NOT-FOR-US: HaPe PKH
 CVE-2018-25387 (HaPe PKH 1.1 contains a cross-site request forgery 
vulnerability that  ...)
-       TODO: check
+       NOT-FOR-US: HaPe PKH
 CVE-2018-25386 (HaPe PKH 1.1 contains multiple SQL injection vulnerabilities 
in admin/ ...)
-       TODO: check
+       NOT-FOR-US: HaPe PKH
 CVE-2018-25385 (E-Registrasi Pencak Silat 18.10 contains an SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: E-Registrasi Pencak Silat
 CVE-2018-25384 (Wikidforum 2.20 contains a cross-site scripting vulnerability 
that all ...)
-       TODO: check
+       NOT-FOR-US: Wikidforum
 CVE-2018-25383 (Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Free MP3 CD Ripper
 CVE-2018-25382 (Zechat 1.5 contains an SQL injection vulnerability that allows 
unauthe ...)
-       TODO: check
+       NOT-FOR-US: Zechat
 CVE-2026-48840 (Exim 4.88 before 4.99.4, in some proxy configurations, 
mishandles cert ...)
        {DSA-6309-1}
        - exim4 4.99.3-2
@@ -1286,7 +1286,7 @@ CVE-2026-32847 (DeepCode through commit c991dc2 contains 
a path traversal vulner
 CVE-2026-2128 (The Breeze plugin for WordPress is vulnerable to Exposure of 
Sensitive ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-10044 (Usagi-org ai-goofish-monitor contains an unauthenticated 
arbitrary fil ...)
-       TODO: check
+       NOT-FOR-US: Usagi-org ai-goofish-monitor
 CVE-2026-10028 (A flaw was found in glib-networking. A remote attacker can 
exploit thi ...)
        - glib-networking <unfixed> (bug #1138235)
        [trixie] - glib-networking <postponed> (Minor issue, revisit when fixed 
upstream)
@@ -1748,9 +1748,9 @@ CVE-2026-24444 (SDMC NE6037 cable modem routers running 
firmware 7.1.6.0.25 and
 CVE-2025-48977 (Relative Path Traversal vulnerability in Apache Ignite REST 
API.  Auth ...)
        TODO: check
 CVE-2024-47097 (Cross Site Scripting vulnerability in Follet School Solutions 
Destiny  ...)
-       TODO: check
+       NOT-FOR-US: Follet School Solutions Destiny
 CVE-2024-47096 (Cross Site Scripting vulnerability in Follet School Solutions 
Destiny  ...)
-       TODO: check
+       NOT-FOR-US: Follet School Solutions Destiny
 CVE-2026-46240 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 7.0.9-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
@@ -3207,11 +3207,11 @@ CVE-2025-70103 (Heap buffer overflow vulnerability in 
libjxl 0.12.0 via crafted
        NOTE: https://github.com/libjxl/libjxl/pull/4380
        NOTE: Fixed by: 
https://github.com/libjxl/libjxl/commit/49fb89f23473e57fa1dac416adce7c7679e5d051
 CVE-2025-69600 (Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows 
adversa ...)
-       TODO: check
+       NOT-FOR-US: Raynet rvia
 CVE-2025-68712 (SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android 
allows a loc ...)
-       TODO: check
+       NOT-FOR-US: SpSoft AppLock (com.sp.protector.free)
 CVE-2025-67903 (Northern.tech Mender Client 5 before 5.0.4 allows a 
Cryptographic sign ...)
-       TODO: check
+       NOT-FOR-US: Northern.tech Mender Client
 CVE-2025-66593 (An origin validation error vulnerability in Synology Assistant 
before  ...)
        NOT-FOR-US: Synology
 CVE-2025-66592 (An origin validation error vulnerability in Synology Active 
Backup for ...)
@@ -3219,9 +3219,9 @@ CVE-2025-66592 (An origin validation error vulnerability 
in Synology Active Back
 CVE-2025-52747 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-41670 (A local user with low privileges may be able to influence the 
behavior ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-41669 (The Web-based Management allows a remote low privileged 
Engineer user  ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2025-3633 (IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM 
Cognos T ...)
        NOT-FOR-US: IBM
 CVE-2025-30028 (A vulnerability in Active Backup for Business allows 
unauthorized remo ...)
@@ -5435,7 +5435,7 @@ CVE-2026-25900 (Lack of output escaping leads to a XSS 
vector in the feed module
 CVE-2026-25713 (MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow 
vulnerabilit ...)
        NOT-FOR-US: MediaArea MediaInfoLib
 CVE-2026-25112 (A high-severity vulnerability in the deployment of Genetec 
RabbitMQ th ...)
-       TODO: check
+       NOT-FOR-US: Genetec
 CVE-2026-25104 (MediaArea MediaInfoLib LXF parsing heap-based buffer overflow 
vulnerab ...)
        NOT-FOR-US: MediaArea MediaInfoLib
 CVE-2026-24638 (Missing Authorization vulnerability in Webful Creations 
RepairBuddy al ...)
@@ -5674,7 +5674,7 @@ CVE-2026-24545 (Missing Authorization vulnerability in 
Nikki Blight QR Redirecto
 CVE-2026-24527 (Missing Authorization vulnerability in Patterns in the cloud 
Autoship  ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-71310 (The GDPR cookies module for Backdrop CMS (before   1.x-1.3.5) 
doesn't  ...)
-       TODO: check
+       NOT-FOR-US: GDPR cookies module for Backdrop CMS
 CVE-2025-62745 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48099
@@ -167729,7 +167729,7 @@ CVE-2025-22372 (Insufficiently Protected Credentials 
vulnerability in SicommNet
 CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: SicommNet BASEC
 CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language 
form el ...)
-       TODO: check
+       NOT-FOR-US: HylaFAX Enterprise Web Interface and AvantFAX
 CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation 
for Clou ...)
        NOT-FOR-US: IBM
 CVE-2024-49709 (Internet Starter, one of SoftCOM iKSORIS system modules,allows 
for set ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc065a2904439c42b9630187360074c9861339d4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc065a2904439c42b9630187360074c9861339d4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to