Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a80c32a9 by Salvatore Bonaccorso at 2026-06-01T22:27:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2026-48865 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2026-48839 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48559 (Lightweight Music Server (LMS) though 3.76.0 contains a stored 
cross-s ...)
-       TODO: check
+       NOT-FOR-US: Lightweight Music Server (LMS)
 CVE-2026-48210 (An improper default configuration in OTRS 2026.3.1 causes 
ticket artic ...)
        TODO: check
 CVE-2026-48209 (An improper neutralization of user-controllable input in OTRS 
or ((OTR ...)
@@ -89,7 +89,7 @@ CVE-2026-45543 (Nextcloud is an open source content 
collaboration platform. From
 CVE-2026-45505 (Improper Input Validation, Improper Control of Generation of 
Code ('Co ...)
        TODO: check
 CVE-2026-45302 (parse-nested-form-data is a tiny node module for parsing 
FormData by n ...)
-       TODO: check
+       NOT-FOR-US: parse-nested-form-data
 CVE-2026-45286 (Nextcloud is an open source content collaboration platform. 
From versi ...)
        NOT-FOR-US: Nextcloud Calendar
 CVE-2026-45285 (Nextcloud is an open source content collaboration platform. 
From versi ...)
@@ -117,7 +117,7 @@ CVE-2026-45266 (Nextcloud is an open source content 
collaboration platform. Prio
 CVE-2026-45264 (Nextcloud is an open source content collaboration platform. 
From versi ...)
        NOT-FOR-US: Nextcloud Groupfolder
 CVE-2026-45159 (Nextcloud is an open source content collaboration platform. 
From versi ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud end_to_end_encryption
 CVE-2026-45157 (Nextcloud is an open source content collaboration platform. In 
Nextclo ...)
        - nextcloud-server <itp> (bug #941708)
 CVE-2026-45156 (Nextcloud is an open source content collaboration platform. 
From versi ...)
@@ -125,25 +125,25 @@ CVE-2026-45156 (Nextcloud is an open source content 
collaboration platform. From
 CVE-2026-45155 (Nextcloud is an open source content collaboration platform. In 
Nextclo ...)
        NOT-FOR-US: Nextcloud Circles
 CVE-2026-45154 (Nextcloud is an open source content collaboration platform. 
From versi ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud collectives
 CVE-2026-45153 (Nextcloud is an open source content collaboration platform. 
From versi ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud for Android
 CVE-2026-45132 (CloudPirates Open Source Helm Charts is a collection of Helm 
charts. P ...)
-       TODO: check
+       NOT-FOR-US: CloudPirates Open Source Helm Charts
 CVE-2026-45131 (CloudPirates Open Source Helm Charts is a collection of Helm 
charts. P ...)
-       TODO: check
+       NOT-FOR-US: CloudPirates Open Source Helm Charts
 CVE-2026-44740 (Billy is an interface filesystem abstraction for Go. Prior to 
versions ...)
        TODO: check
 CVE-2026-44211 (Cline is an autonomous coding agent as an SDK, IDE extension, 
or CLI a ...)
-       TODO: check
+       NOT-FOR-US: Cline
 CVE-2026-43958 (A flaw was found in rrdcached, a component of rrdtool. A local 
attacke ...)
        TODO: check
 CVE-2026-43625 (CodexBar prior to 0.32.0 contains a session cookie leakage 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: CodexBar
 CVE-2026-43624 (F5-TTS through version 1.1.20 contains a path traversal 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: F5-TTS
 CVE-2026-43623 (microtar through 0.1.0 contains a stack-based buffer overflow 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: microtar
 CVE-2026-42683 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42682 (Missing Authorization vulnerability in Tomdever wpForo Forum 
allows Ex ...)
@@ -175,7 +175,7 @@ CVE-2026-42588 (Improper Input Validation, Improper Control 
of Generation of Cod
 CVE-2026-42253 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        TODO: check
 CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an 
unauthorized atta ...)
-       TODO: check
+       NOT-FOR-US: KS-SOMED
 CVE-2026-41013 (Input validation bypass in SMB volume mount handling in 
CloudFoundry F ...)
        TODO: check
 CVE-2026-40990 (OOM error is possible while attempting to add infinite amount 
of funct ...)
@@ -183,59 +183,59 @@ CVE-2026-40990 (OOM error is possible while attempting to 
add infinite amount of
 CVE-2026-40989 (Under infinite recursion in the routing layer, 
request-handling can ca ...)
        TODO: check
 CVE-2026-40549 (SOPlanning is vulnerable to Cross\u2011Site Request Forgery 
(CSRF) in  ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2026-40548 (SOPlanning does not verify uploaded file extension. An 
authenticated a ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2026-40547 (SOPlanning is vulnerable to Path Traversal in backup 
endpoints.  Authe ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2026-40546 (SOPlanning is vulnerable to SQL Injection across multiple 
endpoints an ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2026-40545 (SOPlanning is vulnerable to Reflected XSS via the taches 
parameter. An ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2026-40544 (SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) 
via /pro ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2026-40543 (SOPlanning does not enforce authorization for backup 
functionalities.A ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2026-38950 (An issue in ESA AnomalyMatch before 1.3.1 allow attackers to 
execute a ...)
-       TODO: check
+       NOT-FOR-US: ESA AnomalyMatch
 CVE-2026-37235 (FlexRIC v2.0.0 trusts the xapp_id field from E42 message 
payloads with ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37233 (FlexRIC v2.0.0 contains an authorization bypass in the iApp's 
xApp iso ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37232 (An issue was discovered in OpenAirInterface5G 2.4.0 
(nr-softmodem) in  ...)
-       TODO: check
+       NOT-FOR-US: OpenAirInterface5G
 CVE-2026-37231 (FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment 
but stor ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37230 (FlexRIC v2.0.0 crashes when the near-RT RIC receives a 
RIC_INDICATION  ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37229 (FlexRIC v2.0.0 contains a reachable assertion in 
e2ap_create_pdu() tri ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37228 (FlexRIC v2.0.0 contains a reachable assertion in 
e2ap_recv_sctp_msg()  ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37227 (FlexRIC v2.0.0 contains reachable assert(0) calls in stub 
message hand ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37226 (FlexRIC v2.0.0 crashes when the iApp receives an 
E42_RIC_SUBSCRIPTION_ ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37225 (FlexRIC v2.0.0 crashes when the iApp receives an 
E42_RIC_SUBSCRIPTION_ ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37224 (FlexRIC v2.0.0 crashes when receiving a duplicate 
E2_SETUP_REQUEST fro ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37223 (FlexRIC v2.0.0 contains a reachable assertion in the iApp 
message disp ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37222 (FlexRIC v2.0.0 uses hardcoded assertions to validate 
Information Eleme ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37221 (FlexRIC v2.0.0 crashes when receiving a 
RIC_SUBSCRIPTION_RESPONSE with ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-37220 (FlexRIC v2.0.0 crashes when an SCTP association is closed 
before an E2 ...)
-       TODO: check
+       NOT-FOR-US: FlexRIC
 CVE-2026-34193 (Kernel software installed and running inside a Guest/Host VM 
may post  ...)
        NOT-FOR-US: Imagination Technologies
 CVE-2026-32325 (Privilege chaining issue exists in ServerView Agents for 
Windows V11.6 ...)
-       TODO: check
+       NOT-FOR-US: ServerView Agents for Windows
 CVE-2026-30963 (Capsule is a multi-tenancy and policy-based framework for 
Kubernetes.  ...)
-       TODO: check
+       NOT-FOR-US: Capsule
 CVE-2026-27788 (Incorrect permission assignment for critical resource issue 
exists in  ...)
-       TODO: check
+       NOT-FOR-US: ServerView Agents for Windows
 CVE-2026-25600 (The PDBM application relies on a static, hard\u2011coded 
secret embedd ...)
        TODO: check
 CVE-2026-25599 (Missing authentication and clear\u2011text transmission of 
data from t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a80c32a9dbf9ec652a7b4ec0f7826184134ed1e4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a80c32a9dbf9ec652a7b4ec0f7826184134ed1e4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to