Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7c4adeb6 by Salvatore Bonaccorso at 2026-06-24T22:46:48+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -227,13 +227,13 @@ CVE-2026-35025 (ProFTPD through 1.3.9b and 1.3.10rc2 
contains an access control
 CVE-2026-29034
        REJECTED
 CVE-2026-13164 (Missing Authentication for Critical Function (CWE-306) in the 
Register ...)
-       TODO: check
+       NOT-FOR-US: MailerUp
 CVE-2026-13163 (Open redirect vulnerability (CWE-601) in the _safe_redirect 
function o ...)
-       TODO: check
+       NOT-FOR-US: MailerUp
 CVE-2026-13150 (Server-Side Request Forgery (SSRF) (CWE-918) in the PDF 
generation end ...)
-       TODO: check
+       NOT-FOR-US: ccyl13 Pentestify
 CVE-2026-13140 (Stored Cross-Site Scripting in the exposed AWS API key store 
ofThinkst ...)
-       TODO: check
+       NOT-FOR-US: Canarytokens
 CVE-2026-12986 (A critical vulnerability in Admin GUI in Payara Server Full 
4.x, 5.x,  ...)
        NOT-FOR-US: Payara
 CVE-2026-12760 (A denial-of-service (DoS) vulnerability has been identified in 
Tapo C2 ...)
@@ -251,11 +251,11 @@ CVE-2026-11877 (An unauthorized user can modify 
configuration through API calls
 CVE-2026-10745 (Improper output neutralization for logs vulnerability in 
upKeeper Solu ...)
        NOT-FOR-US: upKeeper Solutions
 CVE-2025-71361 (picklescan before 0.0.29 fails to detect malicious 
idlelib.calltip.Cal ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71354 (picklescan before 0.0.29 fails to detect malicious pickle 
files that e ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71332 (Flowise through 2.2.7 contains a SQL injection vulnerability 
in the im ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-53127 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
@@ -1992,7 +1992,7 @@ CVE-2026-10711 (Missing authentication for critical 
function vulnerability in AK
 CVE-2026-10609 (A missing authorization flaw was found in the OpenShift 
Cluster Loggin ...)
        NOT-FOR-US: OpenShift
 CVE-2026-10521 (An high privileged remote attacker can access a hidden 
configuration m ...)
-       TODO: check
+       NOT-FOR-US: MB connect
 CVE-2026-0864 (When using the "configparser" module to write configuration 
files cont ...)
        TODO: check
 CVE-2025-71382 (MuPDF before 1.27.0-rc1 contains an uncontrolled recursion 
vulnerabili ...)
@@ -2564,7 +2564,7 @@ CVE-2026-12725 (A heap-based buffer overflow was found in 
dnsmasq. When DNSSEC v
 CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM 
Storage Pro ...)
        NOT-FOR-US: IBM
 CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions 
prior t ...)
-       TODO: check
+       NOT-FOR-US: Aruba ArubaSign
 CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation 
vulnerabilit ...)
        NOT-FOR-US: Digiwin
 CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site 
Scripting v ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c4adeb6e8ad5a075f62f717d84da836c2924e93

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c4adeb6e8ad5a075f62f717d84da836c2924e93
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to