Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
93c201d7 by Salvatore Bonaccorso at 2026-06-27T22:08:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -147,11 +147,11 @@ CVE-2026-44731 (OpenProject is open-source, web-based
project management softwar
CVE-2026-44696 (OpenProject is open-source, web-based project management
software. Pri ...)
NOT-FOR-US: OpenProject
CVE-2026-39031 (Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption
with a ha ...)
- TODO: check
+ NOT-FOR-US: Lansweeper lsrunase
CVE-2026-38641 (An issue in the DSO::mmap_and_copy function of relibc commit
61f42d al ...)
- TODO: check
+ NOT-FOR-US: redox-os relibc
CVE-2026-38639 (An issue in the parse_month function (/time/strptime.rs) of
relibc com ...)
- TODO: check
+ NOT-FOR-US: redox-os relibc
CVE-2026-38571 (Cleartext storage and exposure of WPA2 credentials, and
missing authen ...)
NOT-FOR-US: Tenda
CVE-2026-36908 (A stack overflow in the
AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity ...)
@@ -159,17 +159,17 @@ CVE-2026-36908 (A stack overflow in the
AP4_Array<AP4_TrunAtom::Entry>::EnsureCa
CVE-2026-36907 (A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component
of axioma ...)
NOT-FOR-US: Bento4
CVE-2026-36478 (An issue in Technitium DNS Server v.14.3 and before allows a
remote at ...)
- TODO: check
+ NOT-FOR-US: Technitium DNS Server
CVE-2026-33560 (The DMP-5000 file service exposes authenticated arbitrary file
upload ...)
- TODO: check
+ NOT-FOR-US: Daktronics
CVE-2026-32833 (Cudy LT300 3.0 running firmware prior to version 2.5.12
contains an OS ...)
- TODO: check
+ NOT-FOR-US: Cudy LT300
CVE-2026-31928 (The DMP-5000 devices are shipped with a default administrative
web acc ...)
- TODO: check
+ NOT-FOR-US: Daktronics
CVE-2026-29509 (Patool before 4.0.5 contains a path traversal vulnerability in
the saf ...)
TODO: check
CVE-2026-28701 (Various versions of Daktronics Controller Firmware could allow
authent ...)
- TODO: check
+ NOT-FOR-US: Daktronics
CVE-2026-13422 (The HD Quiz plugin for WordPress is vulnerable to Cross-Site
Request F ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13335 (The CodePeople Post Map for Google Maps plugin for WordPress
is vulner ...)
@@ -834,7 +834,7 @@ CVE-2026-40711 (Dell Dell Container Storage Modules,
version(s) csi-powerstore v
CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3,
11.5.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-33646 (mise manages dev tools like node, python, cmake, and
terraform. Prior ...)
- TODO: check
+ NOT-FOR-US: mise
CVE-2026-30041 (An integer overflow in the PSD parser compnent of FastStone
Image View ...)
NOT-FOR-US: FastStone ImageViewer
CVE-2026-30040 (A heap overflow in the FSViewer.exe process of FastStone Image
Viewer ...)
@@ -1026,7 +1026,7 @@ CVE-2026-40941 (Cacti is an open source performance and
fault management framewo
NOTE: https://github.com/Cacti/cacti/pull/7054
NOTE:
https://github.com/Cacti/cacti/commit/891344a5c10b8687a3d2a5d26e6de20f13069e2a
(release/1.2.31)
CVE-2026-40702 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
- TODO: check
+ NOT-FOR-US: EVoke
CVE-2026-40084 (Cacti is an open source performance and fault management
framework. Ve ...)
- cacti <unfixed> (bug #1140813)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-mjvw-mhj5-9jcj
@@ -1324,7 +1324,7 @@ CVE-2026-56768 (Seahub before 13.0.23 does not enforce
SHARE_LINK_LOGIN_REQUIRED
CVE-2026-56767 (Maxun before 0.0.42 contains a cross-tenant insecure direct
object ref ...)
NOT-FOR-US: Maxun
CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack
buffer ov ...)
- TODO: check
+ NOT-FOR-US: Hydra
CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This
potential ...)
TODO: check
CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA
CORPORAT ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93c201d7da667d770187f683a27098ea0ae64378
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93c201d7da667d770187f683a27098ea0ae64378
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits