Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5d9a548a by Moritz Muehlenhoff at 2026-06-27T13:24:05+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -780,13 +780,13 @@ CVE-2026-44018 (Docling simplifies document processing by 
parsing diverse format
 CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore 
v2.16.0 ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 
11.5.x <= 1 ...)
-       TODO: check
+       - mattermost-server <itp> (bug #823556)
 CVE-2026-33646 (mise manages dev tools like node, python, cmake, and 
terraform. Prior  ...)
        TODO: check
 CVE-2026-30041 (An integer overflow in the PSD parser compnent of FastStone 
Image View ...)
-       TODO: check
+       NOT-FOR-US: FastStone ImageViewer
 CVE-2026-30040 (A heap overflow in the FSViewer.exe process of FastStone Image 
Viewer  ...)
-       TODO: check
+       NOT-FOR-US: FastStone ImageViewer
 CVE-2026-2053 (The WSO2 API Manager's message flow component, when processing 
WS-Addr ...)
        NOT-FOR-US: WSO2
 CVE-2026-28385 (In Canonical LXD versions 4.12 through 6.9, a Server-Side 
Request Forg ...)
@@ -798,21 +798,21 @@ CVE-2026-21734 (A web page that contains unusual GPU 
shader code is loaded into
 CVE-2026-1869 (The User Registration & Membership \u2013 Free & Paid 
Memberships, Sub ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13434 (A flaw was found in KubeVirt's network annotation generator. 
When a te ...)
-       TODO: check
+       NOT-FOR-US: KubeVirt
 CVE-2026-13426 (The Mattermost Go module 
github.com/mattermost/mattermost/server/publi ...)
        TODO: check
 CVE-2026-13372 (Incorrect link resolution by display name in the custom 
PowerShell VPN ...)
        NOT-FOR-US: Devolutions
 CVE-2026-13325 (A flaw was found in KubeVirt's migration proxy. When 
spec.configuratio ...)
-       TODO: check
+       NOT-FOR-US: KubeVirt
 CVE-2026-12411 (Broken Access Control in the devLXDInstancePatchHandler 
component of C ...)
        TODO: check
 CVE-2026-11779 (An Improper Authorization vulnerability exists in PayloadCMS 
version 3 ...)
-       TODO: check
+       NOT-FOR-US: PayloadCMS
 CVE-2026-0828 (Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint 
client x ...)
-       TODO: check
+       NOT-FOR-US: Safetica
 CVE-2026-0685 (Server side template inject (SSTI) in the expression evaluation 
compon ...)
-       TODO: check
+       NOT-FOR-US: Genshi
 CVE-2025-7958 (A Code Injection vulnerability existed in Trellix Network 
Security CM  ...)
        TODO: check
 CVE-2025-68075 (Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 
2.0.8 ve ...)
@@ -842,11 +842,11 @@ CVE-2025-63041 (Contributor Broken Access Control in 
Forget About Shortcode Butt
 CVE-2025-55017 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-32423 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2025-32394 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2025-11919 (The default JVM can access files and directories under `/tmp/` 
includi ...)
-       TODO: check
+       NOT-FOR-US: Wolfram Cloud
 CVE-2026-11702 (Bytes::Random::Secure::Tiny versions through 1.011 for Perl 
share inte ...)
        NOT-FOR-US: Bytes::Random::Secure::Tiny Perl module
 CVE-2026-11625 (Bytes::Random::Secure versions through 0.29 for Perl share 
internal st ...)
@@ -964,7 +964,7 @@ CVE-2026-46601 (The webp decoder can panic when processing 
a VP8 chunk with dime
        NOTE: https://github.com/golang/go/issues/79869
        NOTE: Fixed by: 
https://github.com/golang/image/commit/c5511df3ee92e86ce3fa383fdd247080019257c7 
(v0.43.0)
 CVE-2026-44622 (Charging station authentication identifiers are publicly 
accessible vi ...)
-       TODO: check
+       NOT-FOR-US: Evoke
 CVE-2026-43920 (FOSSBilling is a free, open-source billing and client 
management syste ...)
        NOT-FOR-US: FOSSBilling
 CVE-2026-40941 (Cacti is an open source performance and fault management 
framework. Ve ...)
@@ -992,19 +992,19 @@ CVE-2026-40080 (Cacti is an open source performance and 
fault management framewo
        NOTE: https://github.com/Cacti/cacti/pull/7039
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f 
(release/1.2.31)
 CVE-2026-38640 (A reachable unwrap in the __assert_fail function 
(/assert/mod.rs) of r ...)
-       TODO: check
+       NOT-FOR-US: relibc
 CVE-2026-38637 (An issue in the pthread_rwlockattr_setpshared() function of 
relibc com ...)
-       TODO: check
+       NOT-FOR-US: relibc
 CVE-2026-37454 (Insecure Permissions vulnerability in MSI NBFoundation Service 
v.2.0.2 ...)
-       TODO: check
+       NOT-FOR-US: MSI NBFoundation Service
 CVE-2026-37453 (Insecure Permissions vulnerability in MSI NBFoundation Service 
v.2.0.2 ...)
-       TODO: check
+       NOT-FOR-US: MSI NBFoundation Service
 CVE-2026-37452 (Insecure Permissions vulnerability in MSI NBFoundation Service 
v.2.0.2 ...)
-       TODO: check
+       NOT-FOR-US: MSI NBFoundation Service
 CVE-2026-37149 (GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN 
v1.0 wa ...)
-       TODO: check
+       NOT-FOR-US: 
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN
 CVE-2026-2299 (The Mattermost Google Drive plugin before version 1.1.0 fails 
to valid ...)
-       TODO: check
+       NOT-FOR-US: Mattermost plugin
 CVE-2026-22879 (vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer 
overflow  ...)
        TODO: check
 CVE-2026-13322 (A flaw was found in KubeVirt's downward metrics virtio-serial 
server.  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d9a548af7979aaad242c14de7d175a73bd2c4c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d9a548af7979aaad242c14de7d175a73bd2c4c5
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to