[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 12 Mar 2026 06:54:21 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e6c956ee by Moritz Muehlenhoff at 2026-03-12T14:53:44+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,10 @@ CVE-2026-3981 (A vulnerability was found in itsourcecode 
Online Doctor Appointme
 CVE-2026-3980 (A vulnerability has been found in itsourcecode Online Doctor 
Appointme ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-3979 (A flaw has been found in quickjs-ng quickjs up to 0.12.1. This 
affects ...)
-       TODO: check
+       NOT-FOR-US: quickjs-ng
+       NOTE: Doesn't affect src:quickjs
+       NOTE: https://github.com/quickjs-ng/quickjs/issues/1368
+       NOTE: https://github.com/quickjs-ng/quickjs/pull/1370
 CVE-2026-3978 (A vulnerability was detected in D-Link DIR-513 1.10. The 
impacted elem ...)
        NOT-FOR-US: D-Link
 CVE-2026-3977 (A security vulnerability has been detected in projectsend up to 
r1945. ...)
@@ -200,7 +203,7 @@ CVE-2026-32121 (OpenEMR is a free and open source 
electronic health records and
 CVE-2026-32118 (OpenEMR is a free and open source electronic health records 
and medica ...)
        NOT-FOR-US: OpenEMR
 CVE-2026-32117 (The grafanacubism-panel plugin allows use of cubism.js in 
Grafana. In  ...)
-       TODO: check
+       NOT-FOR-US: Grafana plugin
 CVE-2026-32112 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the 
ha-mcp OAut ...)
        NOT-FOR-US: ha-mcp
 CVE-2026-32111 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the 
ha-mcp OAut ...)
@@ -224,7 +227,8 @@ CVE-2026-32101 (StudioCMS is a server-side-rendered, Astro 
native, headless cont
 CVE-2026-31988 (yauzl (aka Yet Another Unzip Library) version 3.2.0 for 
Node.js contai ...)
        TODO: check
 CVE-2026-2808 (HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 
and 1.22. ...)
-       TODO: check
+       - consul <removed>
+       [bullseye] - consul <end-of-life> (bug #1057418)
 CVE-2026-2687 (The Reading progressbar WordPress plugin before 1.3.1 does not 
sanitis ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-2640 (During an internal security assessment, a potential 
vulnerability was  ...)
@@ -232,7 +236,7 @@ CVE-2026-2640 (During an internal security assessment, a 
potential vulnerability
 CVE-2026-2368 (An improper certificate validation vulnerability was reported 
in the L ...)
        NOT-FOR-US: Lenovo
 CVE-2026-27591 (Winter is a free, open-source content management system (CMS) 
based on ...)
-       TODO: check
+       NOT-FOR-US: Winter CMS
 CVE-2026-1878 (An Insufficient Integrity Verification vulnerability in the 
ASUS ROG p ...)
        NOT-FOR-US: ASUS
 CVE-2026-1717 (An input validation vulnerability was reported in the 
LenovoProductivi ...)
@@ -254,11 +258,11 @@ CVE-2026-0940 (A potential improper initialization 
vulnerability was reported in
 CVE-2026-0520 (A potential vulnerability was reported in the Lenovo FileZ 
Android app ...)
        NOT-FOR-US: Lenovo
 CVE-2025-70041 (An issue pertaining to CWE-259: Use of Hard-coded Password was 
discove ...)
-       TODO: check
+       NOT-FOR-US: ThermaKube
 CVE-2025-70024 (An issue pertaining to CWE-89: Improper Neutralization of 
Special Elem ...)
-       TODO: check
+       NOT-FOR-US: generatedata
 CVE-2025-66956 (Insecure Access Control in Contact Plan, E-Mail, SMS and Fax 
component ...)
-       TODO: check
+       NOT-FOR-US: Asseco SEE Live
 CVE-2025-62328 (HCL Nomad server on Domino did not configure the 
frame-ancestors direc ...)
        NOT-FOR-US: HCL
 CVE-2025-59388 (A use of hard-coded password vulnerability has been reported 
to affect ...)
@@ -420,7 +424,7 @@ CVE-2026-31840 (Parse Server is an open source backend that 
can be deployed to a
 CVE-2026-31839 (Striae is a firearms examiner's comparison companion. A 
high-severity  ...)
        NOT-FOR-US: STriae
 CVE-2026-31813 (Supabase Auth is a JWT based API for managing users and 
issuing JWT to ...)
-       TODO: check
+       NOT-FOR-US: Supabase
 CVE-2026-30903 (External Control of File Name or Path in the Mail feature of 
Zoom Work ...)
        NOT-FOR-US: Zoom
 CVE-2026-30902 (Improper Privilege Management in certain Zoom Clients for 
Windows may  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6c956ee8d40b56bd2225e7373c7033a7137f58b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6c956ee8d40b56bd2225e7373c7033a7137f58b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to