[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 04 Apr 2026 01:15:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9faa7506 by Salvatore Bonaccorso at 2026-04-04T10:14:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2026-35559 (Out-of-bounds write in the query processing 
components in Amazon
 CVE-2026-35558 (Improper neutralization of special elements in the 
authentication comp ...)
        NOT-FOR-US: Amazon
 CVE-2026-35468 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq 
Proof-of ...)
-       TODO: check
+       NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2026-34990 (OpenPrinting CUPS is an open source printing system for Linux 
and othe ...)
        - cups <unfixed>
        NOTE: 
https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
@@ -105,32 +105,32 @@ CVE-2026-34229 (Emlog is an open source website building 
system. Prior to versio
 CVE-2026-34228 (Emlog is an open source website building system. Prior to 
version 2.6. ...)
        NOT-FOR-US: Emlog
 CVE-2026-34061 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq 
Proof-of ...)
-       TODO: check
+       NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2026-34052 (LTI JupyterHub Authenticator is a JupyterHub authenticator for 
LTI. Pr ...)
-       TODO: check
+       NOT-FOR-US: LTI JupyterHub Authenticator
 CVE-2026-33709 (JupyterHub is software that allows one to create a multi-user 
server f ...)
        - jupyterhub <unfixed>
        NOTE: 
https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-3vff-hjqv-m7h8
 CVE-2026-33184 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq 
Proof-of ...)
-       TODO: check
+       NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2026-33175 (OAuthenticator is software that allows OAuth2 identity 
providers to be ...)
-       TODO: check
+       NOT-FOR-US: OAuthenticator
 CVE-2026-32662 (Development and test API endpoints are present that mirror 
production  ...)
-       TODO: check
+       NOT-FOR-US: Gardyn
 CVE-2026-32646 (A specific administrative endpoint is accessible without 
proper authen ...)
-       TODO: check
+       NOT-FOR-US: Gardyn
 CVE-2026-2949 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for 
WordPress ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-2924 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & 
Ecosystem ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-28798 (ZimaOS is a fork of CasaOS, an operating system for Zima 
devices and x ...)
-       TODO: check
+       NOT-FOR-US: ZimaOS
 CVE-2026-28797 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) 
engine. ...)
-       TODO: check
+       NOT-FOR-US: RAGFlow
 CVE-2026-28767 (A specific administrative endpoint notifications is accessible 
without ...)
-       TODO: check
+       NOT-FOR-US: Gardyn
 CVE-2026-28766 (A specific endpoint exposes all user account information for 
registere ...)
-       TODO: check
+       NOT-FOR-US: Gardyn
 CVE-2026-27885 (Piwigo is an open source photo gallery application for the 
web. Prior  ...)
        TODO: check
 CVE-2026-27834 (Piwigo is an open source photo gallery application for the 
web. Prior  ...)
@@ -150,47 +150,47 @@ CVE-2026-26058 (Zulip is an open-source team 
collaboration tool. From version 1.
 CVE-2026-25742 (Zulip is an open-source team collaboration tool. Prior to 
version 11.6 ...)
        TODO: check
 CVE-2026-25726 (Cloudreve is a self-hosted file management and sharing system. 
Prior t ...)
-       TODO: check
+       NOT-FOR-US: Cloudreve
 CVE-2026-25197 (A specific endpoint allows authenticated users to pivot to 
other user  ...)
-       TODO: check
+       NOT-FOR-US: Gardyn
 CVE-2026-22665 (prompts.chat prior to commit 1464475 contains an identity 
confusion vu ...)
-       TODO: check
+       NOT-FOR-US: prompts.chat
 CVE-2026-22664 (prompts.chat prior to commit 30a8f04 contains a server-side 
request fo ...)
-       TODO: check
+       NOT-FOR-US: prompts.chat
 CVE-2026-22663 (prompts.chat prior to commit 7b81836 contains multiple 
authorization b ...)
-       TODO: check
+       NOT-FOR-US: prompts.chat
 CVE-2026-22662 (prompts.chat prior to commit 1464475 contains a blind 
server-side requ ...)
-       TODO: check
+       NOT-FOR-US: prompts.chat
 CVE-2026-22661 (prompts.chat prior to commit 0f8d4c3 contains a path traversal 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: prompts.chat
 CVE-2025-10681 (Storage credentials are hardcoded in the mobile app and device 
firmwar ...)
-       TODO: check
+       NOT-FOR-US: Gardyn
 CVE-2022-4987 (Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 
and 08 ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann Industrial HiVision
 CVE-2021-4477 (Hirschmann HiLCOS OpenBAT and BAT450 products contain a 
firewall bypas ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2020-37216 (Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01  
contain ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2018-25237 (Hirschmann HiSecOS devices versions prior to 05.3.03 contain a 
buffer  ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2018-25236 (Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, 
MSP, EES,  ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2017-20238 (Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 
prior to 0 ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2017-20237 (Hirschmann Industrial HiVision versions prior to 06.0.07 and 
07.0.03 c ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2017-20236 (ProSoft Technology ICX35-HWC versions 1.3 and prior cellular 
gateways  ...)
-       TODO: check
+       NOT-FOR-US: ProSoft Technology ICX35-HWC
 CVE-2017-20235 (ProSoft Technology ICX35-HWC version 1.3 and prior cellular 
gateways c ...)
-       TODO: check
+       NOT-FOR-US: ProSoft Technology ICX35-HWC
 CVE-2017-20234 (GarrettCom Magnum 6K and 10K managed switches contain an 
authenticatio ...)
-       TODO: check
+       NOT-FOR-US: GarrettCom Magnum 6K and 10K managed switches
 CVE-2017-20233 (Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 
contains a fir ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2016-15058 (Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, 
L3E, L3P ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2015-10148 (Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 
8.80 an ...)
-       TODO: check
+       NOT-FOR-US: Hirschmann
 CVE-2026-5476 (A vulnerability was identified in NASA cFS up to 7.0.0 on 
32-bit. Affe ...)
        NOT-FOR-US: NASA cFS
 CVE-2026-5475 (A vulnerability was determined in NASA cFS up to 7.0.0. This 
impacts t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9faa7506c266c32cfdf3c3d69056bf28cf3ccca9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9faa7506c266c32cfdf3c3d69056bf28cf3ccca9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to