[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5518b411 by Salvatore Bonaccorso at 2026-05-13T07:46:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-44378
        - botan3 <unfixed>
        NOTE: 
https://github.com/randombit/botan/security/advisories/GHSA-7q2v-3g27-6g3j
 CVE-2026-8431 (An administrative user with access to configure webhooks can 
execute a ...)
-       TODO: check
+       NOT-FOR-US: MongoDB Ops Manager
 CVE-2026-8430 (SPIP versions prior to 4.4.14 contain a remote code execution 
vulnerab ...)
        - spip <unfixed>
 CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a remote code execution 
vulnerab ...)
@@ -46,7 +46,7 @@ CVE-2026-8110 (Incorrect permissions assignment inthe agent 
ofIvanti Endpoint Ma
 CVE-2026-8109 (An exposed dangerous methodonthe Core Server ofIvanti Endpoint 
Manager ...)
        NOT-FOR-US: Ivanti
 CVE-2026-8072 (Insecure generation of credentials in the local SAT (Technical 
Support ...)
-       TODO: check
+       NOT-FOR-US: Ingecon Sun EMS Board
 CVE-2026-8051 (OS command injection in Ivanti Virtual Traffic Manager before 
version  ...)
        NOT-FOR-US: Ivanti
 CVE-2026-8043 (External control of a file name in Ivanti Xtraction before 
version 202 ...)
@@ -108,7 +108,7 @@ CVE-2026-6247 (The scratchblocks for WP plugin for 
WordPress is vulnerable to St
 CVE-2026-6237 (The Quick Table plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-6001 (Authorization bypass through User-Controlled key vulnerability 
in ABIS ...)
-       TODO: check
+       NOT-FOR-US: BAPSIS
 CVE-2026-5715 (The Voyage Plus plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-5693 (The Smart Appointment & Booking plugin for WordPress is 
vulnerable to  ...)
@@ -120,7 +120,7 @@ CVE-2026-5146 (Improper access control in the notification 
management endpoints
 CVE-2026-5061 (The consul-template library before version 0.42.0 is vulnerable 
to a s ...)
        TODO: check
 CVE-2026-5029 (A remote code execution vulnerability exists inCode Runner MCP 
Server  ...)
-       TODO: check
+       NOT-FOR-US: Code Runner MCP Server
 CVE-2026-5028 (The Eight Day Week Print Workflow plugin for WordPress is 
vulnerable t ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-4920 (The Next Date plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
@@ -164,11 +164,11 @@ CVE-2026-44277 (A improper access control vulnerability 
in Fortinet FortiAuthent
 CVE-2026-44204 (Shelf is a platform for tracking physical assets. From 1.12 to 
before  ...)
        TODO: check
 CVE-2026-44196 (Pingvin Share X is a secure and easy self-hosted file sharing 
platform ...)
-       TODO: check
+       NOT-FOR-US: Pingvin Share X
 CVE-2026-44184 (Cleanuparr is a tool for automating the cleanup of unwanted or 
blocked ...)
-       TODO: check
+       NOT-FOR-US: Cleanuparr
 CVE-2026-44183 (Cleanuparr is a tool for automating the cleanup of unwanted or 
blocked ...)
-       TODO: check
+       NOT-FOR-US: Cleanuparr
 CVE-2026-44167 (phpseclib is a PHP secure communications library. Prior to 
1.0.29, 2.0 ...)
        TODO: check
 CVE-2026-44166 (Pocketbase is an open source web backend written in go. Prior 
to 0.22. ...)
@@ -834,7 +834,7 @@ CVE-2026-45026 (WeGIA is a web manager for charitable 
institutions. In versions
 CVE-2026-45025 (WeGIA is a web manager for charitable institutions. In 
versions prior  ...)
        NOT-FOR-US: WeGIA
 CVE-2026-44695 (Outline is a service that allows for collaborative 
documentation. Prio ...)
-       TODO: check
+       NOT-FOR-US: Outline
 CVE-2026-43914 (Vaultwarden is a Bitwarden-compatible server written in Rust. 
Prior to ...)
        - vaultwarden <itp> (bug #1067023)
 CVE-2026-43913 (Vaultwarden is a Bitwarden-compatible server written in Rust. 
Prior to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5518b411cfe3ff5e07c3159bcb130daa782032f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5518b411cfe3ff5e07c3159bcb130daa782032f6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits