Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0d855940 by Salvatore Bonaccorso at 2026-02-24T21:00:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -419,7 +419,7 @@ CVE-2026-25897 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/5e28bb254210580ac12234cc9ba4ae57c193129c
(6.9.13-39)
CVE-2026-25802 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
- TODO: check
+ NOT-FOR-US: New API (QuantumNous/new-api)
CVE-2026-25799 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6
@@ -451,9 +451,9 @@ CVE-2026-25794 (ImageMagick is free and open-source
software used for editing an
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed
(7.1.2-14)
CVE-2026-25649 (Versions of the Traccar open-source GPS tracking system up to
and incl ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2026-25648 (Versions of the Traccar open-source GPS tracking system
starting with ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2026-25638 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw
@@ -463,7 +463,7 @@ CVE-2026-25637 (ImageMagick is free and open-source
software used for editing an
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137
(7.1.2-14)
CVE-2026-25591 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
- TODO: check
+ NOT-FOR-US: New API (QuantumNous/new-api)
CVE-2026-25576 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j
@@ -471,9 +471,9 @@ CVE-2026-25576 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/95db8ba0f445a798e823a86acdebe97de73de449
(6.9.13-39)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/44b3140f3414ebc02c5fa8b80551f7d33950a87a
(6.9.13-39)
CVE-2026-25545 (Astro is a web framework. Prior to version 9.5.4, Server-Side
Rendered ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-25501 (free5GC SMF provides Session Management Function for free5GC,
an open- ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-24485 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
@@ -495,47 +495,47 @@ CVE-2026-24481 (ImageMagick is free and open-source
software used for editing an
CVE-2026-24314 (Under certain conditions SAP S/4HANA (Manage Payment Media)
allows an ...)
NOT-FOR-US: SAP
CVE-2026-23694 (Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin
versions pr ...)
- TODO: check
+ NOT-FOR-US: Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin
CVE-2026-23693 (ElementsKit Lite (elementskit-lite) WordPress plugin versions
prior to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-23521 (Versions of the Traccar open-source GPS tracking system up to
and incl ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2026-21864 (Valkey-Bloom is a Rust based Valkey module which brings a
Bloom Filter ...)
- TODO: check
+ NOT-FOR-US: Valkey-Bloom
CVE-2026-21863 (Valkey is a distributed key-value database. Prior to versions
9.0.2, 8 ...)
TODO: check
CVE-2026-21665 (The Print Service component of Fiserv Originate Loans
Peripherals (for ...)
- TODO: check
+ NOT-FOR-US: Fiserv Originate Loans Peripherals
CVE-2026-1459 (A post-authentication command injection vulnerability in the
TR-369 ce ...)
NOT-FOR-US: Zyxel
CVE-2026-1229 (The CombinedMult function in the CIRCL ecc/p384 package
(secp384r1 cur ...)
- TODO: check
+ NOT-FOR-US: Cloudflare CIRCL ecc/p384 package
CVE-2025-9120 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: OpenText
CVE-2025-71056 (Improper session management in GCOM EPON 1GE ONU version
C00R371V00B01 ...)
- TODO: check
+ NOT-FOR-US: GCOM EPON 1GE ONU
CVE-2025-70328 (TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command
injecti ...)
NOT-FOR-US: TOTOLINK
CVE-2025-70327 (TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument
injection ...)
NOT-FOR-US: TOTOLINK
CVE-2025-69253 (free5GC is an open-source project for 5th generation (5G)
mobile core ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2025-69252 (free5gc UDM provides Unified Data Management (UDM) for
free5GC, an ope ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2025-69251 (free5gc UDM provides Unified Data Management (UDM) for
free5GC, an ope ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2025-69250 (free5gc UDM provides Unified Data Management (UDM) for
free5GC, an ope ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2025-69248 (free5GC is an open-source project for 5th generation (5G)
mobile core ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2025-69247 (free5GC go-upf is the User Plane Function (UPF) implementation
for 5G ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2025-69232 (free5GC is an open-source project for 5th generation (5G)
mobile core ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2025-69208 (free5GC UDR is the user data repository (UDR) for free5GC, an
an open- ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2025-68930 (Versions of the Traccar open-source GPS tracking system up to
and incl ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2025-67733 (Valkey is a distributed key-value database. Prior to versions
9.0.2, 8 ...)
TODO: check
CVE-2025-40541 (An Insecure Direct Object Reference (IDOR) vulnerability
exists in Ser ...)
@@ -547,7 +547,7 @@ CVE-2025-40539 (A type confusion vulnerability exists in
Serv-U which when explo
CVE-2025-40538 (A broken access control vulnerability exists in Serv-U which
when expl ...)
NOT-FOR-US: SolarWinds
CVE-2025-15589 (A vulnerability was determined in MuYuCMS 2.7. Affected is the
functio ...)
- TODO: check
+ NOT-FOR-US: MuYuCMS
CVE-2025-15386 (The Responsive Lightbox & Gallery WordPress plugin before
2.6.1 is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13943 (A post-authentication command injection vulnerability in the
log file ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d85594043885e3051f78aa148237767eed0e217
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d85594043885e3051f78aa148237767eed0e217
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
