Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
526a4de2 by Salvatore Bonaccorso at 2026-03-27T09:11:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -244,7 +244,7 @@ CVE-2026-27664 (A vulnerability has been identified in
CPCI85 Central Processing
CVE-2026-27663 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
NOT-FOR-US: Siemens
CVE-2026-26213 (thingino-firmware versions up to the firmware-2026-03-16
release conta ...)
- TODO: check
+ NOT-FOR-US: thingino-firmware
CVE-2026-26074 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
NOT-FOR-US: EVerest
CVE-2026-26073 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
@@ -436,9 +436,9 @@ CVE-2026-4822 (A vulnerability was detected in Enter
Software Iperius Backup bis
CVE-2026-4758 (The WP Job Portal plugin for WordPress is vulnerable to
arbitrary file ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4747 (Each RPCSEC_GSS data packet is validated by a routine which
checks a s ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-4652 (On a system exposing an NVMe/TCP target, a remote client can
trigger a ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-4484 (The Masteriyo LMS plugin for WordPress is vulnerable to
Privilege Esca ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4389 (The DSGVO snippet for Leaflet Map and its Extensions plugin for
WordPr ...)
@@ -454,7 +454,7 @@ CVE-2026-4281 (The FormLift for Infusionsoft Web Forms
plugin for WordPress is v
CVE-2026-4278 (The Simple Download Counter plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4247 (When a challenge ACK is to be sent tcp_respond() constructs and
sends ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-4075 (The BWL Advanced FAQ Manager Lite plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3328 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
@@ -3286,11 +3286,11 @@ CVE-2026-2298 (Improper Neutralization of Argument
Delimiters in a Command ('Arg
CVE-2026-28809 (XML External Entity (XXE) vulnerability in esaml (and its
forks) allow ...)
TODO: check
CVE-2026-27131 (The Sprig Plugin for Craft CMS is a reactive Twig component
framework ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2026-26829 (A NULL pointer dereference in the safe_atou64 function
(src/misc.c) of ...)
- TODO: check
+ NOT-FOR-US: owntone-server
CVE-2026-26828 (A NULL pointer dereference in the daap_reply_playlists
function (src/h ...)
- TODO: check
+ NOT-FOR-US: owntone-server
CVE-2026-26209 (cbor2 provides encoding and decoding for the Concise Binary
Object Rep ...)
- cbor2 5.9.0-1
NOTE:
https://github.com/agronholm/cbor2/security/advisories/GHSA-3c37-wwvx-h642
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/526a4de2ac0c3fff33f73adb759f204036b47182
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/526a4de2ac0c3fff33f73adb759f204036b47182
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
