Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
effd7b74 by Salvatore Bonaccorso at 2026-06-02T08:07:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,7 +97,7 @@ CVE-2026-49157 (Incorrect Default Permissions vulnerability 
in Apache ActiveMQ.
        - activemq <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/21
 CVE-2026-49121 (AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an 
unauthent ...)
-       TODO: check
+       NOT-FOR-US: AI Tensor Engine for ROCm (AITER)
 CVE-2026-48879 (Incorrect Privilege Assignment vulnerability in Sergey AIWU 
allows Pri ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48866 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
@@ -255,7 +255,7 @@ CVE-2026-42253 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an 
unauthorized atta ...)
        NOT-FOR-US: KS-SOMED
 CVE-2026-41013 (Input validation bypass in SMB volume mount handling in 
CloudFoundry F ...)
-       TODO: check
+       NOT-FOR-US: CloudFoundry
 CVE-2026-40990 (OOM error is possible while attempting to add infinite amount 
of funct ...)
        TODO: check
 CVE-2026-40989 (Under infinite recursion in the routing layer, 
request-handling can ca ...)
@@ -317,11 +317,11 @@ CVE-2026-27788 (Incorrect permission assignment for 
critical resource issue exis
 CVE-2026-25600 (The PDBM application relies on a static, hard\u2011coded 
secret embedd ...)
        NOT-FOR-US: Trac PDBM
 CVE-2026-25599 (Missing authentication and clear\u2011text transmission of 
data from t ...)
-       TODO: check
+       NOT-FOR-US: Orca Energy
 CVE-2026-23638 (Kiteworks is a private data network (PDN). Prior to version 
9.3.0, an  ...)
-       TODO: check
+       NOT-FOR-US: Kiteworks
 CVE-2026-22872 (Capsule is a multi-tenancy and policy-based framework for 
Kubernetes.  ...)
-       TODO: check
+       NOT-FOR-US: Capsule
 CVE-2026-20456 (In wlan STA driver, there is a possible system crash due to a 
missing  ...)
        NOT-FOR-US: MediaTek
 CVE-2026-20455 (In geniezone, there is a possible out of bounds write due to a 
missing ...)
@@ -337,15 +337,15 @@ CVE-2026-10533 (A flaw was found in OpenShift Container 
Platform. Completed pods
 CVE-2026-10532 (Deserialization of untrusted data vulnerability in QOS.CH Sarl 
logback ...)
        TODO: check
 CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes 
outbound HTTP r ...)
-       TODO: check
+       NOT-FOR-US: Clair
 CVE-2026-10283 (A vulnerability was detected in Bottelet DaybydayCRM up to 
2.2.1. Affe ...)
-       TODO: check
+       NOT-FOR-US: Bottelet DaybydayCRM
 CVE-2026-10282 (A security vulnerability has been detected in Bottelet 
DaybydayCRM up  ...)
-       TODO: check
+       NOT-FOR-US: Bottelet DaybydayCRM
 CVE-2026-10281 (A weakness has been identified in Enderfga claw-orchestrator 
up to 3.5 ...)
-       TODO: check
+       NOT-FOR-US: Enderfga claw-orchestrator
 CVE-2026-10280 (A security flaw has been discovered in horizon921 mcpilot 
0.1.0. The i ...)
-       TODO: check
+       NOT-FOR-US: horizon921 mcpilot
 CVE-2026-10279 (A vulnerability was identified in hiraishikentaro wezterm-mcp 
0.1.0. T ...)
        NOT-FOR-US: wezterm-mcp
 CVE-2026-10278 (A vulnerability was determined in ishayoyo excel-mcp up to 
1.0.2. Impa ...)
@@ -359,7 +359,7 @@ CVE-2026-10275 (A flaw has been found in OpenSC up to 
0.26.1. This affects the f
 CVE-2026-10274 (A vulnerability was determined in indrasishbanerjee 
aem-mcp-server up  ...)
        NOT-FOR-US: aem-mcp-server
 CVE-2026-10273 (A vulnerability was found in php-censor up to 2.1.6. This 
affects an u ...)
-       TODO: check
+       NOT-FOR-US: php-censor
 CVE-2026-10272 (A vulnerability has been found in a4m4 
Student-Management-System up to ...)
        NOT-FOR-US: a4m4 Student-Management-System
 CVE-2026-10271 (A flaw has been found in a4m4 Student-Management-System up to 
f0c5f684 ...)
@@ -369,23 +369,23 @@ CVE-2026-10270 (A vulnerability was detected in D-Link 
DI-7001 MINI up to 19.09.
 CVE-2026-10269 (A security vulnerability has been detected in decolua 9router 
up to 0. ...)
        NOT-FOR-US: 9router
 CVE-2026-10268 (A weakness has been identified in janet-lang janet up to 
1.41.0. This  ...)
-       TODO: check
+       NOT-FOR-US: janet-lang janet
 CVE-2026-10267 (A security flaw has been discovered in janet-lang janet up to 
1.41.0.  ...)
-       TODO: check
+       NOT-FOR-US: janet-lang janet
 CVE-2026-10265 (A vulnerability was identified in itsourcecode Content 
Management Syst ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-10264 (A vulnerability was determined in lharries whatsapp-mcp 0.0.1. 
Affecte ...)
-       TODO: check
+       NOT-FOR-US: lharries whatsapp-mcp
 CVE-2026-10263 (A vulnerability was found in SourceCodester Computer Repair 
Shop Manag ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-10262 (A vulnerability has been found in code-projects Real State 
Services 1. ...)
-       TODO: check
+       NOT-FOR-US: code-projects Real State Services
 CVE-2026-10261 (A flaw has been found in CodeAstro Online Job Portal 1.0. This 
affects ...)
-       TODO: check
+       NOT-FOR-US: CodeAstro Online Job Portal
 CVE-2026-10260 (A vulnerability was detected in CodeAstro Online Job Portal 
1.0. The i ...)
-       TODO: check
+       NOT-FOR-US: CodeAstro Online Job Portal
 CVE-2026-10259 (A security vulnerability has been detected in H3C Magic B0 up 
to 100R0 ...)
-       TODO: check
+       NOT-FOR-US: H3C
 CVE-2026-10258 (A weakness has been identified in itsourcecode Content 
Management Syst ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-10257 (A security flaw has been discovered in itsourcecode Content 
Management ...)
@@ -421,11 +421,11 @@ CVE-2026-10243 (A security vulnerability has been 
detected in code-projects Smar
 CVE-2026-10242 (A weakness has been identified in itsourcecode Content 
Management Syst ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-10241 (A security flaw has been discovered in jeecgboot The server 
processes  ...)
-       TODO: check
+       NOT-FOR-US: jeecgboot
 CVE-2026-10240 (A vulnerability was identified in JeecgBoot up to 3.9.2. The 
impacted  ...)
-       TODO: check
+       NOT-FOR-US: JeecgBoot
 CVE-2026-10239 (A vulnerability was determined in JeecgBoot up to 3.9.2. The 
affected  ...)
-       TODO: check
+       NOT-FOR-US: JeecgBoot
 CVE-2026-10237 (A vulnerability was found in SourceCodester Water Billing 
Management S ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-10236 (A vulnerability has been found in SourceCodester Water Billing 
Managem ...)
@@ -433,7 +433,7 @@ CVE-2026-10236 (A vulnerability has been found in 
SourceCodester Water Billing M
 CVE-2026-10235 (A flaw has been found in CodeAstro Ingredients Stock 
Management System ...)
        NOT-FOR-US: CodeAstro
 CVE-2026-10234 (A vulnerability was detected in Mettle sendportal up to 3.0.1. 
This af ...)
-       TODO: check
+       NOT-FOR-US: Mettle sendportal
 CVE-2026-10233 (A security vulnerability has been detected in Assimp up to 
6.0.4. Affe ...)
        TODO: check
 CVE-2026-10232 (A weakness has been identified in Assimp up to 6.0.4. Affected 
by this ...)
@@ -445,13 +445,13 @@ CVE-2026-10230 (A vulnerability was identified in Assimp 
up to 6.0.4. This impac
 CVE-2026-10229 (A vulnerability was determined in Assimp up to 6.0.4. This 
affects the ...)
        TODO: check
 CVE-2026-10228 (A vulnerability was found in raisulislamg4 
student_management_system_b ...)
-       TODO: check
+       NOT-FOR-US: raisulislamg4 student_management_system_by_php
 CVE-2026-10227 (A vulnerability has been found in raisulislamg4 
student_management_sys ...)
-       TODO: check
+       NOT-FOR-US: raisulislamg4 student_management_system_by_php
 CVE-2026-10226 (A flaw has been found in raisulislamg4 
student_management_system_by_ph ...)
-       TODO: check
+       NOT-FOR-US: raisulislamg4 student_management_system_by_php
 CVE-2026-10225 (A vulnerability was detected in raisulislamg4 
student_management_syste ...)
-       TODO: check
+       NOT-FOR-US: raisulislamg4 student_management_system_by_php
 CVE-2026-10224 (A security vulnerability has been detected in NousResearch 
hermes-agen ...)
        NOT-FOR-US: aem-mcp-server
 CVE-2026-10223 (A weakness has been identified in NousResearch hermes-agent up 
to 2026 ...)
@@ -463,11 +463,11 @@ CVE-2026-10221 (A vulnerability was identified in 
NousResearch hermes-agent up t
 CVE-2026-10220 (A vulnerability was determined in NousResearch hermes-agent up 
to 2026 ...)
        NOT-FOR-US: aem-mcp-server
 CVE-2026-10219 (A vulnerability was found in nextlevelbuilder GoClaw up to 
3.11.3. Thi ...)
-       TODO: check
+       NOT-FOR-US: nextlevelbuilder GoClaw
 CVE-2026-10218 (A vulnerability has been found in nextlevelbuilder GoClaw up 
to 3.11.3 ...)
-       TODO: check
+       NOT-FOR-US: nextlevelbuilder GoClaw
 CVE-2026-10217 (A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. 
The imp ...)
-       TODO: check
+       NOT-FOR-US: nextlevelbuilder GoClaw
 CVE-2026-10216 (A vulnerability was detected in unitedbyai droidclaw up to 
0.5.3. The  ...)
        NOT-FOR-US: droidclaw
 CVE-2026-10215 (A security vulnerability has been detected in Dolibarr ERP CRM 
up to 2 ...)
@@ -489,13 +489,13 @@ CVE-2026-10208 (A flaw has been found in code-projects 
Online Hospital Managemen
 CVE-2026-10206 (A vulnerability was detected in D-Link DI-8400 up to 
16.07.26A1. This  ...)
        NOT-FOR-US: D-Link
 CVE-2026-10205 (A security vulnerability has been detected in Metasoft 
\u7f8e\u7279\u8 ...)
-       TODO: check
+       NOT-FOR-US: Metasoft MetaCRM
 CVE-2026-10204 (A weakness has been identified in OFCMS 1.1.3. The affected 
element is ...)
-       TODO: check
+       NOT-FOR-US: OFCMS
 CVE-2026-10203 (A security flaw has been discovered in OFCMS 1.1.3. Impacted 
is the fu ...)
-       TODO: check
+       NOT-FOR-US: OFCMS
 CVE-2026-10202 (A vulnerability was identified in OFCMS 1.1.3. This issue 
affects the  ...)
-       TODO: check
+       NOT-FOR-US: OFCMS
 CVE-2026-10201 (A vulnerability was determined in Assimp up to 6.0.4. This 
vulnerabili ...)
        TODO: check
 CVE-2026-10200 (A vulnerability was found in Assimp up to 6.0.4. This affects 
the func ...)
@@ -6328,7 +6328,7 @@ CVE-2026-41401 (libyang before 5.2.6 contains a heap 
use-after-free write vulner
        NOTE: 
https://github.com/CESNET/libyang/security/advisories/GHSA-9f49-8x56-jmjc
        NOTE: Fixed by: 
https://github.com/CESNET/libyang/commit/54c3276d871023da266d4ed3ceaee7e8d71d0b04
 (v5.4.9)
 CVE-2026-41164 (nuts-node is the reference implementation of the Nuts 
specification. P ...)
-       TODO: check
+       NOT-FOR-US: nuts-node
 CVE-2026-40564 (Files or Directories Accessible to External Parties, 
Server-Side Reque ...)
        NOT-FOR-US: Apache Flink Kubernetes Operator
 CVE-2026-40384 (An improper validation of the search parameter of the 
com_media files  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/effd7b74afb6d3adf47e93e908d4a8b27254df18

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/effd7b74afb6d3adf47e93e908d4a8b27254df18
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to