Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
926925e5 by Salvatore Bonaccorso at 2026-06-18T08:45:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2026-6733 (Impact: Undici's HTTP/1.1 client is vulnerable 
to response queue
 CVE-2026-5667 (Use of Hard-coded Credentials vulnerability in Mitsubishi 
Electric Roo ...)
        NOT-FOR-US: Mitsubishi
 CVE-2026-55743 (The shell tool command allowlist in the SecurityPolicy of 
OpenHuman de ...)
-       TODO: check
+       NOT-FOR-US: OpenHuman
 CVE-2026-55738 (A stack-based buffer overflow exists in the raw_to_header() 
function i ...)
        NOT-FOR-US: microtar
 CVE-2026-55198 (Hermes WebUI before 0.51.443 contains an authorization bypass 
vulnerab ...)
@@ -2070,7 +2070,7 @@ CVE-2026-54294
 CVE-2026-54292
        REJECTED
 CVE-2026-53430 (Improper Handling of Highly Compressed Data (Data 
Amplification) vulne ...)
-       TODO: check
+       NOT-FOR-US: elixir-grpc grpc
 CVE-2026-52722 (A signed integer overflow vulnerability was found in 
GStreamer's VMnc  ...)
        - gst-plugins-bad1.0 <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2486733
@@ -2102,7 +2102,7 @@ CVE-2026-52693 (Unauthenticated SQL Injection in 
eCommerce Product Catalog <= 3.
 CVE-2026-52692 (Unauthenticated Sensitive Data Exposure in Affiliates Manager 
<= 2.9.5 ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-50892 (Incorrect access control in the "Let's Encrypt" certificate 
download e ...)
-       TODO: check
+       NOT-FOR-US: Nginx Proxy Manager
 CVE-2026-50891 (Incorrect access control in the /admin/api/config component of 
Filesta ...)
        NOT-FOR-US: Filestash
 CVE-2026-50890 (Bernd Bestel grocy v4.6.0 was discovered to contain a SQL 
injection vu ...)
@@ -2264,9 +2264,9 @@ CVE-2026-48868 (Unauthenticated Insecure Direct Object 
References (IDOR) in Simp
 CVE-2026-48867 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey 
Master < ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48854 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: elixir-grpc grpc
 CVE-2026-48853 (Deserialization of Untrusted Data and Allocation of Resources 
Without  ...)
-       TODO: check
+       NOT-FOR-US: elixir-grpc grpc
 CVE-2026-48838 (Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 
3.6.2 versi ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48836 (Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 
2.1.19  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/926925e5f6e37b5c633437581d63bf3c1031b3ce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/926925e5f6e37b5c633437581d63bf3c1031b3ce
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to