[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 10 Mar 2026 22:47:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0154488d by Salvatore Bonaccorso at 2026-03-11T06:44:57+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58,7 +58,7 @@ CVE-2026-30979 (iccDEV provides a set of libraries and tools 
for working with IC
 CVE-2026-30978 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
        NOT-FOR-US: iccDEV
 CVE-2026-30977 (RenderBlocking is a MediaWiki extension that allows interface 
administ ...)
-       TODO: check
+       NOT-FOR-US: RenderBlocking MediaWiki extension
 CVE-2026-30974 (Copyparty is a portable file server. Prior to v1.20.11., the 
nohtml co ...)
        NOT-FOR-US: Copyparty
 CVE-2026-30973 (Appium is an automation framework that provides 
WebDriver-based automa ...)
@@ -70,9 +70,9 @@ CVE-2026-30969 (Coral Server is open collaboration 
infrastructure that enables c
 CVE-2026-30968 (Coral Server is open collaboration infrastructure that enables 
communi ...)
        NOT-FOR-US: Coral Server
 CVE-2026-30964 (web-auth/webauthn-lib is an open source set of PHP libraries 
and a Sym ...)
-       TODO: check
+       NOT-FOR-US: web-auth/webauthn-lib PHP libraries and Symfony bundle
 CVE-2026-30960 (rssn is a scientific computing library for Rust, combining a 
high-perf ...)
-       TODO: check
+       NOT-FOR-US: rssn Rust library
 CVE-2026-30959 (OneUptime is a solution for monitoring and managing online 
services. T ...)
        NOT-FOR-US: OneUptime
 CVE-2026-30958 (OneUptime is a solution for monitoring and managing online 
services. P ...)
@@ -104,9 +104,9 @@ CVE-2026-30928 (Glances is an open-source system 
cross-platform monitoring tool.
 CVE-2026-30897 (A stack-based buffer overflow vulnerability in Fortinet 
FortiWeb 8.0.0 ...)
        NOT-FOR-US: Fortinet
 CVE-2026-2742 (An authentication bypass vulnerability exists in Vaadin 14.0.0 
through ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2026-2741 (Specially crafted ZIP archives can escape the intended 
extraction dire ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2026-2724 (The Unlimited Elements for Elementor plugin for WordPress is 
vulnerabl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-2713 (IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer 
Rapport could ...)
@@ -134,11 +134,11 @@ CVE-2026-29113 (Craft is a content management system 
(CMS). Prior to 4.17.4 and
 CVE-2026-28495 (GetSimple CMS is a content management system. The massiveAdmin 
plugin  ...)
        NOT-FOR-US: GetSimple CMS
 CVE-2026-28292 (`simple-git`, an interface for running git commands in any 
node.js app ...)
-       TODO: check
+       NOT-FOR-US: Node simple-git
 CVE-2026-27826 (MCP Atlassian is a Model Context Protocol (MCP) server for 
Atlassian p ...)
-       TODO: check
+       NOT-FOR-US: MCP Atlassian is a Model Context Protocol (MCP) server for 
Atlassian products (Confluence and Jira)
 CVE-2026-27825 (MCP Atlassian is a Model Context Protocol (MCP) server for 
Atlassian p ...)
-       TODO: check
+       NOT-FOR-US: MCP Atlassian is a Model Context Protocol (MCP) server for 
Atlassian products (Confluence and Jira)
 CVE-2026-27661 (A vulnerability has been identified in SINEC Security Monitor 
(All ver ...)
        NOT-FOR-US: Siemens
 CVE-2026-27281 (DNG SDK versions 1.7.1 2471 and earlier are affected by an 
Integer Ove ...)
@@ -172,73 +172,73 @@ CVE-2026-27215 (Substance3D - Painter versions 11.1.2 and 
earlier are affected b
 CVE-2026-27214 (Substance3D - Painter versions 11.1.2 and earlier are affected 
by a NU ...)
        NOT-FOR-US: Adobe
 CVE-2026-26801 (Server-Side Request Forgery (SSRF) vulnerability in pdfmake 
versions 0 ...)
-       TODO: check
+       NOT-FOR-US: pdfmake
 CVE-2026-26742 (PX4 Autopilot versions 1.12.x through 1.15.x contain a 
protection mech ...)
-       TODO: check
+       NOT-FOR-US: PX4 Autopilot
 CVE-2026-26741 (PX4 Autopilot versions 1.12.x through 1.15.x contain a logic 
flaw in t ...)
-       TODO: check
+       NOT-FOR-US: PX4 Autopilot
 CVE-2026-26738 (Buffer Overflow vulnerability in Uderzo Software SpaceSniffer 
v.2.0.5. ...)
-       TODO: check
+       NOT-FOR-US: Uderzo Software SpaceSniffer
 CVE-2026-26330 (Envoy is a high-performance edge/middle/service proxy. Prior 
to 1.37.1 ...)
-       TODO: check
+       - envoyproxy <itp> (bug #987544)
 CVE-2026-26311 (Envoy is a high-performance edge/middle/service proxy. Prior 
to 1.37.1 ...)
-       TODO: check
+       - envoyproxy <itp> (bug #987544)
 CVE-2026-26310 (Envoy is a high-performance edge/middle/service proxy. Prior 
to 1.37.1 ...)
-       TODO: check
+       - envoyproxy <itp> (bug #987544)
 CVE-2026-26309 (Envoy is a high-performance edge/middle/service proxy. Prior 
to 1.37.1 ...)
-       TODO: check
+       - envoyproxy <itp> (bug #987544)
 CVE-2026-26308 (Envoy is a high-performance edge/middle/service proxy. Prior 
to 1.37.1 ...)
-       TODO: check
+       - envoyproxy <itp> (bug #987544)
 CVE-2026-26148 (External initialization of trusted variables or data stores in 
Azure E ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26144 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
 CVE-2026-26141 (Improper authentication in Azure Arc allows an authorized 
attacker to  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26134 (Integer overflow or wraparound in Microsoft Office allows an 
authorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26132 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26131 (Incorrect default permissions in .NET allows an authorized 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26130 (Allocation of resources without limits or throttling in 
ASP.NET Core a ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26128 (Improper authentication in Windows SMB Server allows an 
authorized att ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26127 (Out-of-bounds read in .NET allows an unauthorized attacker to 
deny ser ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26123 (Cwe is not in rca categories in Microsoft Authenticator allows 
an unau ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26121 (Server-side request forgery (ssrf) in Azure IoT Explorer 
allows an una ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26118 (Server-side request forgery (ssrf) in Azure MCP Server allows 
an autho ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26117 (Authentication bypass using an alternate path or channel in 
Azure Wind ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26116 (Improper neutralization of special elements used in an sql 
command ('s ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26115 (Improper validation of specified type of input in SQL Server 
allows an ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26114 (Deserialization of untrusted data in Microsoft Office 
SharePoint allow ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26113 (Untrusted pointer dereference in Microsoft Office allows an 
unauthoriz ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26112 (Untrusted pointer dereference in Microsoft Office Excel allows 
an unau ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26111 (Integer overflow or wraparound in Windows Routing and Remote 
Access Se ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26110 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26109 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26108 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26107 (Use after free in Microsoft Office Excel allows an 
unauthorized attack ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26106 (Improper input validation in Microsoft Office SharePoint 
allows an aut ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-26105 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-25972 (An improper neutralization of input during web page generation 
('cross ...)
        NOT-FOR-US: Fortinet
 CVE-2026-25836 (An improper neutralization of special elements used in an os 
command ( ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0154488dc153e3179ca475eeee2899f12354451f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0154488dc153e3179ca475eeee2899f12354451f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to