[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Sun, 31 May 2026 14:03:32 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
90a183d9 by Moritz Muehlenhoff at 2026-05-31T23:03:04+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -281,9 +281,9 @@ CVE-2026-46527 (cpp-httplib is a C++11 single-file 
header-only cross platform HT
        - cpp-httplib <unfixed> (bug #1138578)
        NOTE: 
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-hg3g-vrg8-578g
 CVE-2026-46385 (iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the 
Avro arr ...)
-       TODO: check
+       NOT-FOR-US: iskorotkov/avro
 CVE-2026-46384 (iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, 
several Avro ...)
-       TODO: check
+       NOT-FOR-US: iskorotkov/avro
 CVE-2026-45700 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.26.0+dfsg-1
        - freerdp2 <removed>
@@ -1677,7 +1677,7 @@ CVE-2026-47326 (Ubuntu Linux 6.8, 6.17 and 7.0 contain 
SAUCE patches with a memo
 CVE-2026-47136 (RustFS is a distributed object storage system built in Rust. 
Prior to  ...)
        NOT-FOR-US: RustFS
 CVE-2026-47074 (Improper Certificate Validation vulnerability in ex-aws 
ex_aws_sns (Ex ...)
-       TODO: check
+       NOT-FOR-US: ex_aws_sns
 CVE-2026-46685 (RustFS is a distributed object storage system built in Rust. 
Prior to  ...)
        NOT-FOR-US: RustFS
 CVE-2026-46561 (pyLoad is a free and open-source download manager written in 
Python. P ...)
@@ -2649,7 +2649,7 @@ CVE-2026-42197 (RELATE is a web-based courseware package. 
Versions prior to comm
 CVE-2026-3173 (The Meta Field Block plugin for WordPress is vulnerable to 
Insecure Di ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-33552 (Northern.tech Mender Enterprise Server before 4.1.1 has 
Incorrect Acce ...)
-       TODO: check
+       NOT-FOR-US: Northern.tech Mender Enterprise Server
 CVE-2026-32999 (Insufficient character filtering in backup agent signing 
module on Com ...)
        NOT-FOR-US: Comet Backup
 CVE-2026-32998 (This vulnerability in Veeam Service Provider Console allows 
for remote ...)
@@ -3232,7 +3232,7 @@ CVE-2026-3001 (The Gutenverse plugin for WordPress is 
vulnerable to Reflected Cr
 CVE-2026-38945 (Command injection in Raynet rvia version 12.6 Update 8 and 
previous ve ...)
        NOT-FOR-US: Raynet
 CVE-2026-38931 (A stored cross-site scripting (XSS) vulnerability in the 
/admin/config ...)
-       TODO: check
+       NOT-FOR-US: simplephp
 CVE-2026-38930 (OpenRapid RapidCMS v1.3.1 was discovered to contain an 
authentication  ...)
        NOT-FOR-US: OpenRapid RapidCMS
 CVE-2026-38808 (SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a 
remote att ...)
@@ -3260,7 +3260,7 @@ CVE-2026-36538 (Netis AC1200 Router NC21 V4.0.1.4296 
contains a hard-coded root
 CVE-2026-36045 (picoclaw <=v0.1.2 and earlier is vulnerable to OS command 
injection vi ...)
        NOT-FOR-US: PicoClaw
 CVE-2026-36044 (@pensar/apex <= 0.0.58 is vulnerable to OS command injection 
via the s ...)
-       TODO: check
+       NOT-FOR-US: @pensar/apex
 CVE-2026-35090 (In Slican telephone exchanges it is possible to manage the 
control pan ...)
        NOT-FOR-US: Slican telephone exchanges
 CVE-2026-35089 (In Slican telephone exchanges secure key is generated in a 
predictable ...)
@@ -5015,9 +5015,9 @@ CVE-2026-49000 (An insecure password scheme refers to 
vulnerabilities arising fr
 CVE-2026-48999 (Attackers carefully craft malicious scripts, such as 
JavaScript, and i ...)
        NOT-FOR-US: ZTE
 CVE-2026-48593 (Uncontrolled Resource Consumption vulnerability in oban-bg 
oban_web (' ...)
-       TODO: check
+       NOT-FOR-US: oban_web
 CVE-2026-48592 (Missing Authorization vulnerability in oban-bg oban_web 
('Elixir.Oban. ...)
-       TODO: check
+       NOT-FOR-US: oban_web
 CVE-2026-47672 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the 
Telemat ...)
        NOT-FOR-US: epa4all-client
 CVE-2026-45575 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the 
Telemat ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a183d97917d4c32252b3c2cf47a14e56ab11a8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a183d97917d4c32252b3c2cf47a14e56ab11a8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to