Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c572fe82 by Salvatore Bonaccorso at 2026-06-24T09:56:56+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -93,13 +93,13 @@ CVE-2026-54513 (jackson-databind contains the 
general-purpose data-binding funct
 CVE-2026-54512 (jackson-databind contains the general-purpose data-binding 
functionali ...)
        TODO: check
 CVE-2026-54328 (Pi is a minimal terminal coding harness. From 0.74.0 until 
0.78.1, Pi  ...)
-       TODO: check
+       NOT-FOR-US: earendil-works Pi
 CVE-2026-54327 (Pi is a minimal terminal coding harness. From 0.74.0 until 
0.78.1, Pi  ...)
-       TODO: check
+       NOT-FOR-US: earendil-works Pi
 CVE-2026-54326 (Pi is a minimal terminal coding harness. From 0.74.0 until 
0.78.1, Pi  ...)
-       TODO: check
+       NOT-FOR-US: earendil-works Pi
 CVE-2026-54325 (Pi is a minimal terminal coding harness. Pi before 0.79.0 
loaded proje ...)
-       TODO: check
+       NOT-FOR-US: earendil-works Pi
 CVE-2026-53931 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
        NOT-FOR-US: NocoDB
 CVE-2026-53930 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
@@ -179,9 +179,9 @@ CVE-2026-41862 (Spring Statemachine's Kryo-based 
persistence backends (JPA, Mong
 CVE-2026-3652 (The ARForms plugin for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-39253 (An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker 
to execut ...)
-       TODO: check
+       NOT-FOR-US: Pivotal CRM
 CVE-2026-23513 (FOSSBilling is a free, open-source billing and client 
management syste ...)
-       TODO: check
+       NOT-FOR-US: FOSSBilling
 CVE-2026-13006 (ACE vulnerability in conditional configuration file processing 
 by QOS ...)
        TODO: check
 CVE-2026-12892 (A flaw was found in GStreamer's gst-plugins-bad package. When 
processi ...)
@@ -189,25 +189,25 @@ CVE-2026-12892 (A flaw was found in GStreamer's 
gst-plugins-bad package. When pr
 CVE-2026-12891 (A flaw was found in the GStreamer gst-plugins-bad package. 
When proces ...)
        TODO: check
 CVE-2026-12851 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12850 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12849 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12848 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12847 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12846 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12681 (Improper Validation of Specified Index, Position, or Offset in 
Input v ...)
        TODO: check
 CVE-2026-12488 (A memory corruption vulnerability exists in the GV-Cloud 
functionality ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12486 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12485 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
-       TODO: check
+       NOT-FOR-US: GeoVision
 CVE-2026-12417 (The SignUp & SignIn plugin for WordPress is vulnerable to 
Authenticati ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12416 (The Invoice Generator plugin for WordPress is vulnerable to 
Account Ta ...)
@@ -217,7 +217,7 @@ CVE-2026-12164 (Fortra File Integrity Monitoring (FIM), 
formerly Tripwire Enterp
 CVE-2026-12163 (Fortra File Integrity Monitoring (FIM), formerly Tripwire 
Enterprise,  ...)
        NOT-FOR-US: Fortra
 CVE-2026-12112 (A flaw was found in the foreman-mcp-server. A session 
management vulne ...)
-       TODO: check
+       NOT-FOR-US: foreman-mcp-server
 CVE-2026-12100 (The URL Preview plugin for WordPress is vulnerable to 
Server-Side Requ ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12095 (The Kargo Takip plugin for WordPress is vulnerable to 
Server-Side Requ ...)
@@ -633,15 +633,15 @@ CVE-2026-44089 (TotolinkEX1200L router is vulnerable to 
Buffer Overflow in the l
 CVE-2026-42867 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
        NOT-FOR-US: Langflow
 CVE-2026-35019 (NetComm NF20MESH routers running firmware R6B031 and earlier 
contain a ...)
-       TODO: check
+       NOT-FOR-US: NetComm
 CVE-2026-35018 (NetComm NF20MESH routers running firmware R6B031 and earlier 
contain a ...)
-       TODO: check
+       NOT-FOR-US: NetComm
 CVE-2026-33760 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-28496 (FOSSBilling is a free, open-source billing and client 
management syste ...)
-       TODO: check
+       NOT-FOR-US: FOSSBilling
 CVE-2026-27604 (FOSSBilling is a free, open-source billing and client 
management syste ...)
-       TODO: check
+       NOT-FOR-US: FOSSBilling
 CVE-2026-13007 (Tenable Identity Exposure contains multiple unauthenticated 
API endpoi ...)
        TODO: check
 CVE-2026-12969 (An out-of-bounds read vulnerability exists in dnsmasq's 
find_soa() fun ...)
@@ -1228,9 +1228,9 @@ CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 
through 8.2.1.0 and IBM Stora
 CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions 
prior t ...)
        TODO: check
 CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Digiwin
 CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site 
Scripting v ...)
-       TODO: check
+       NOT-FOR-US: Digiwin
 CVE-2026-12549 (The fix for CVE-2026-2443 was regressed by a subsequent rework 
commit  ...)
        TODO: check
 CVE-2026-12479 (A path traversal vulnerability exists in keras-team/keras 
version 3.14 ...)
@@ -1238,11 +1238,11 @@ CVE-2026-12479 (A path traversal vulnerability exists 
in keras-team/keras versio
 CVE-2026-12249 (An issue was discovered in Canonical ADSys upstream versions 
through v ...)
        TODO: check
 CVE-2026-11994 (Akaunting 3.1.21 contains an authenticated stored Cross-Site 
Scripting ...)
-       TODO: check
+       NOT-FOR-US: Akaunting
 CVE-2026-11943 (Akaunting 3.1.21 contains an authenticated stored cross-site 
scripting ...)
-       TODO: check
+       NOT-FOR-US: Akaunting
 CVE-2026-11942 (Akaunting 3.1.21 contains an authenticated stored cross-site 
scripting ...)
-       TODO: check
+       NOT-FOR-US: Akaunting
 CVE-2026-11834 (A command injection vulnerability has been identified in the 
DHCP opti ...)
        NOT-FOR-US: TPLink
 CVE-2026-11825



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c572fe82c69535f354273955ec451b7bfb8bd6de

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c572fe82c69535f354273955ec451b7bfb8bd6de
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to