Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
93c201d7 by Salvatore Bonaccorso at 2026-06-27T22:08:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -147,11 +147,11 @@ CVE-2026-44731 (OpenProject is open-source, web-based 
project management softwar
 CVE-2026-44696 (OpenProject is open-source, web-based project management 
software. Pri ...)
        NOT-FOR-US: OpenProject
 CVE-2026-39031 (Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption 
with a ha ...)
-       TODO: check
+       NOT-FOR-US: Lansweeper lsrunase
 CVE-2026-38641 (An issue in the DSO::mmap_and_copy function of relibc commit 
61f42d al ...)
-       TODO: check
+       NOT-FOR-US: redox-os relibc
 CVE-2026-38639 (An issue in the parse_month function (/time/strptime.rs) of 
relibc com ...)
-       TODO: check
+       NOT-FOR-US: redox-os relibc
 CVE-2026-38571 (Cleartext storage and exposure of WPA2 credentials, and 
missing authen ...)
        NOT-FOR-US: Tenda
 CVE-2026-36908 (A stack overflow in the 
AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity ...)
@@ -159,17 +159,17 @@ CVE-2026-36908 (A stack overflow in the 
AP4_Array<AP4_TrunAtom::Entry>::EnsureCa
 CVE-2026-36907 (A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component 
of axioma ...)
        NOT-FOR-US: Bento4
 CVE-2026-36478 (An issue in Technitium DNS Server v.14.3 and before allows a 
remote at ...)
-       TODO: check
+       NOT-FOR-US: Technitium DNS Server
 CVE-2026-33560 (The DMP-5000 file service exposes authenticated arbitrary file 
upload  ...)
-       TODO: check
+       NOT-FOR-US: Daktronics
 CVE-2026-32833 (Cudy LT300 3.0 running firmware prior to version 2.5.12 
contains an OS ...)
-       TODO: check
+       NOT-FOR-US: Cudy LT300
 CVE-2026-31928 (The DMP-5000 devices are shipped with a default administrative 
web acc ...)
-       TODO: check
+       NOT-FOR-US: Daktronics
 CVE-2026-29509 (Patool before 4.0.5 contains a path traversal vulnerability in 
the saf ...)
        TODO: check
 CVE-2026-28701 (Various versions of Daktronics Controller Firmware could allow 
authent ...)
-       TODO: check
+       NOT-FOR-US: Daktronics
 CVE-2026-13422 (The HD Quiz plugin for WordPress is vulnerable to Cross-Site 
Request F ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13335 (The CodePeople Post Map for Google Maps plugin for WordPress 
is vulner ...)
@@ -834,7 +834,7 @@ CVE-2026-40711 (Dell Dell Container Storage Modules, 
version(s) csi-powerstore v
 CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 
11.5.x <= 1 ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2026-33646 (mise manages dev tools like node, python, cmake, and 
terraform. Prior  ...)
-       TODO: check
+       NOT-FOR-US: mise
 CVE-2026-30041 (An integer overflow in the PSD parser compnent of FastStone 
Image View ...)
        NOT-FOR-US: FastStone ImageViewer
 CVE-2026-30040 (A heap overflow in the FSViewer.exe process of FastStone Image 
Viewer  ...)
@@ -1026,7 +1026,7 @@ CVE-2026-40941 (Cacti is an open source performance and 
fault management framewo
        NOTE: https://github.com/Cacti/cacti/pull/7054
        NOTE: 
https://github.com/Cacti/cacti/commit/891344a5c10b8687a3d2a5d26e6de20f13069e2a 
(release/1.2.31)
 CVE-2026-40702 (WebSocket endpoints lack proper authentication mechanisms, 
enabling at ...)
-       TODO: check
+       NOT-FOR-US: EVoke
 CVE-2026-40084 (Cacti is an open source performance and fault management 
framework. Ve ...)
        - cacti <unfixed> (bug #1140813)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-mjvw-mhj5-9jcj
@@ -1324,7 +1324,7 @@ CVE-2026-56768 (Seahub before 13.0.23 does not enforce 
SHARE_LINK_LOGIN_REQUIRED
 CVE-2026-56767 (Maxun before 0.0.42 contains a cross-tenant insecure direct 
object ref ...)
        NOT-FOR-US: Maxun
 CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack 
buffer ov ...)
-       TODO: check
+       NOT-FOR-US: Hydra
 CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This 
potential ...)
        TODO: check
 CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA 
CORPORAT ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93c201d7da667d770187f683a27098ea0ae64378

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93c201d7da667d770187f683a27098ea0ae64378
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to