[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 2 08:01:32 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
784b32e1 by Salvatore Bonaccorso at 2026-04-02T09:01:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,9 +105,9 @@ CVE-2026-34072 (Cr*nMaster (cronmaster) is a Cronjob management UI with human re
 CVE-2026-33990 (Docker Model Runner (DMR) is software used to manage, run, and deploy  ...)
 	TODO: check
 CVE-2026-33978 (Notesnook is a note-taking app focused on user privacy & ease of use.  ...)
-	TODO: check
+	NOT-FOR-US: Notesnook
 CVE-2026-33949 (Tina is a headless content management system. Prior to version 2.2.2,  ...)
-	TODO: check
+	NOT-FOR-US: Tina CMS
 CVE-2026-31027 (TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2026-30643 (An issue was discovered in DedeCMS 5.7.118 allowing attackers to execu ...)
@@ -125,17 +125,17 @@ CVE-2026-30292 (An arbitrary file overwrite vulnerability in Docudepot PDF Reade
 CVE-2026-30291 (An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Re ...)
 	TODO: check
 CVE-2026-30289 (An arbitrary file overwrite vulnerability in Tinybeans Private Family  ...)
-	TODO: check
+	NOT-FOR-US: Tinybeans Private Family Album App
 CVE-2026-30287 (An arbitrary file overwrite vulnerability in Deep Thought Industries A ...)
-	TODO: check
+	NOT-FOR-US: Deep Thought Industries ACE Scanner PDF Scanner
 CVE-2026-30273 (pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: pandas-ai
 CVE-2026-2265 (An unauthenticated remote code execution (RCE) vulnerability exists in ...)
 	TODO: check
 CVE-2026-29598 (Multiple stored cross-site scripting (XSS) vulnerabilities in the subm ...)
-	TODO: check
+	NOT-FOR-US: Acora CMS
 CVE-2026-29014 (MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP  ...)
-	TODO: check
+	NOT-FOR-US: MetInfo CMS
 CVE-2026-28265 (PowerStore, contains a Path Traversal vulnerability in the Service use ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-27489 (Open Neural Network Exchange (ONNX) is an open standard for machine le ...)
@@ -415,7 +415,7 @@ CVE-2026-3469 (A denial-of-service (DoS) vulnerability exists due to improper in
 CVE-2026-3468 (A stored Cross-Site Scripting (XSS) vulnerability has been identified  ...)
 	NOT-FOR-US: SonicWall
 CVE-2026-3356 (The MS27102A Remote Spectrum Monitor is vulnerable to an authenticatio ...)
-	TODO: check
+	NOT-FOR-US: MS27102A Remote Spectrum Monitor
 CVE-2026-3308 (An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF  ...)
 	TODO: check
 CVE-2026-3191 (The Minify HTML plugin for WordPress is vulnerable to Cross-Site Reque ...)
@@ -719,15 +719,15 @@ CVE-2026-30521 (A Business Logic vulnerability exists in SourceCodester Loan Man
 CVE-2026-30520 (A Blind SQL Injection vulnerability exists in SourceCodester Loan Mana ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-30314 (Ridvay Code's command auto-approval module contains a critical OS comm ...)
-	TODO: check
+	NOT-FOR-US: Ridvay Code
 CVE-2026-30312 (DSAI-Cline's command auto-approval module contains a critical OS comma ...)
-	TODO: check
+	NOT-FOR-US: DSAI-Cline
 CVE-2026-30311 (Ridvay Code's command auto-approval module contains a critical OS comm ...)
-	TODO: check
+	NOT-FOR-US: Ridvay Code
 CVE-2026-30310 (In its design for automatic terminal command execution, Sixth offers t ...)
 	TODO: check
 CVE-2026-30309 (InfCode's terminal auto-execution module contains a critical command f ...)
-	TODO: check
+	NOT-FOR-US: InfCode
 CVE-2026-30290 (An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ...)
 	TODO: check
 CVE-2026-30286 (An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Clo ...)
@@ -737,17 +737,17 @@ CVE-2026-30285 (An arbitrary file overwrite vulnerability in Zora: Post, Trade,
 CVE-2026-30284 (An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorde ...)
 	TODO: check
 CVE-2026-30283 (An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal ...)
-	TODO: check
+	NOT-FOR-US: PEAKSEL
 CVE-2026-30282 (An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Sc ...)
-	TODO: check
+	NOT-FOR-US: UXGROUP LLC Cast to TV Screen Mirroring
 CVE-2026-30281 (An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allo ...)
-	TODO: check
+	NOT-FOR-US: MaruNuri LLC
 CVE-2026-30280 (An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVAT ...)
-	TODO: check
+	NOT-FOR-US: RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos
 CVE-2026-30279 (An arbitrary file overwrite vulnerability in Squareapps LLC My Locatio ...)
-	TODO: check
+	NOT-FOR-US: Squareapps LLC My Location Travel Timeline
 CVE-2026-30278 (An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navig ...)
-	TODO: check
+	NOT-FOR-US: FLY is FUN Aviation Navigation
 CVE-2026-30277 (An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX  ...)
 	TODO: check
 CVE-2026-30276 (An arbitrary file overwrite vulnerability in DeftPDF Document Translat ...)
@@ -763,7 +763,7 @@ CVE-2026-2394 (Buffer Over-read vulnerability in RTI Connext Professional (Core
 CVE-2026-2123 (A security audit identified a privilege escalation vulnerability in Op ...)
 	NOT-FOR-US: OpenText
 CVE-2026-29870 (A directory traversal vulnerability in the agentic-context-engine proj ...)
-	TODO: check
+	NOT-FOR-US: agentic-context-engine project
 CVE-2026-24165 (NVIDIA BioNeMo contains a vulnerability where a user could cause a des ...)
 	TODO: check
 CVE-2026-24164 (NVIDIA BioNeMo contains a vulnerability where a user could cause a des ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/784b32e1f0546a542da23389ec5f986c1f6f7a72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/784b32e1f0546a542da23389ec5f986c1f6f7a72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/88a13fcc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list