Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc70e990 by Salvatore Bonaccorso at 2026-02-23T21:46:25+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2026-27511 (Shenzhen Tenda F3 Wireless Routerfirmware
V12.01.01.55_multi con
CVE-2026-26464 (Stored Cross-Site Scripting (XSS) was found in the
/admin/edit_user.ph ...)
NOT-FOR-US: Society Management System Portal
CVE-2026-26365 (Akamai Ghost on Akamai CDN edge servers before 2026-02-06
mishandles p ...)
- TODO: check
+ NOT-FOR-US: Akamai
CVE-2026-25747 (Deserialization of Untrusted Data vulnerability in Apache
Camel LevelD ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23552 (Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy
Apache C ...)
@@ -43,19 +43,19 @@ CVE-2026-21420 (Dell Repository Manager (DRM), versions
prior to 3.4.8, contains
CVE-2025-70329 (TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command
injecti ...)
NOT-FOR-US: TOTOLINK
CVE-2025-70058 (An issue pertaining to CWE-295: Improper Certificate
Validation was di ...)
- TODO: check
+ NOT-FOR-US: YMFE YApi
CVE-2025-70045 (An issue pertaining to CWE-295: Improper Certificate
Validation was di ...)
- TODO: check
+ NOT-FOR-US: jxcore jxm
CVE-2025-70044 (An issue pertaining to CWE-295: Improper Certificate
Validation was di ...)
- TODO: check
+ NOT-FOR-US: uTools-quickcommand
CVE-2025-70043 (An issue pertaining to CWE-295: Improper Certificate
Validation was di ...)
- TODO: check
+ NOT-FOR-US: Ayms node-To
CVE-2025-69700 (Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow
vulnerabi ...)
NOT-FOR-US: Tenda
CVE-2025-63946 (A privilege escalation (PE) vulnerability in the Tencent PC
Manager ap ...)
- TODO: check
+ NOT-FOR-US: Tencent PC Manager app
CVE-2025-63945 (A privilege escalation (PE) vulnerability in the Tencent iOA
app thru ...)
- TODO: check
+ NOT-FOR-US: Tencent iOA app
CVE-2025-61147 (strukturag libde265 commit d9fea9d wa discovered to contain a
segmenta ...)
TODO: check
CVE-2025-61146 (saitoha libsixel until v1.8.7 was discovered to contain a
memory leak ...)
@@ -78,7 +78,7 @@ CVE-2025-61143 (libtiff up to v4.7.1 was discovered to
contain a NULL pointer de
CVE-2025-59873 (An information exposure vulnerability exists in Vulnerability
in HCL ...)
NOT-FOR-US: HCL
CVE-2025-41002 (SQL injection vulnerability in Infoticketing. This
vulnerability allow ...)
- TODO: check
+ NOT-FOR-US: Infoticketing
CVE-2025-40986 (Reflected Cross-Site Scripting (XSS) vulnerability in
PideTuCita. This ...)
TODO: check
CVE-2025-40701 (Reflected Cross-Site Scripting vulnerability in SOTESHOP,
version 8.3. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc70e990124a8ce14ce0df7a0474efc2729113c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc70e990124a8ce14ce0df7a0474efc2729113c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
