[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 4 09:15:20 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9faa7506 by Salvatore Bonaccorso at 2026-04-04T10:14:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2026-35559 (Out-of-bounds write in the query processing components in Amazon
 CVE-2026-35558 (Improper neutralization of special elements in the authentication comp ...)
 	NOT-FOR-US: Amazon
 CVE-2026-35468 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
-	TODO: check
+	NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2026-34990 (OpenPrinting CUPS is an open source printing system for Linux and othe ...)
 	- cups <unfixed>
 	NOTE: https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
@@ -105,32 +105,32 @@ CVE-2026-34229 (Emlog is an open source website building system. Prior to versio
 CVE-2026-34228 (Emlog is an open source website building system. Prior to version 2.6. ...)
 	NOT-FOR-US: Emlog
 CVE-2026-34061 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
-	TODO: check
+	NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2026-34052 (LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Pr ...)
-	TODO: check
+	NOT-FOR-US: LTI JupyterHub Authenticator
 CVE-2026-33709 (JupyterHub is software that allows one to create a multi-user server f ...)
 	- jupyterhub <unfixed>
 	NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-3vff-hjqv-m7h8
 CVE-2026-33184 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
-	TODO: check
+	NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2026-33175 (OAuthenticator is software that allows OAuth2 identity providers to be ...)
-	TODO: check
+	NOT-FOR-US: OAuthenticator
 CVE-2026-32662 (Development and test API endpoints are present that mirror production  ...)
-	TODO: check
+	NOT-FOR-US: Gardyn
 CVE-2026-32646 (A specific administrative endpoint is accessible without proper authen ...)
-	TODO: check
+	NOT-FOR-US: Gardyn
 CVE-2026-2949 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2924 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & Ecosystem ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-28798 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
-	TODO: check
+	NOT-FOR-US: ZimaOS
 CVE-2026-28797 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
-	TODO: check
+	NOT-FOR-US: RAGFlow
 CVE-2026-28767 (A specific administrative endpoint notifications is accessible without ...)
-	TODO: check
+	NOT-FOR-US: Gardyn
 CVE-2026-28766 (A specific endpoint exposes all user account information for registere ...)
-	TODO: check
+	NOT-FOR-US: Gardyn
 CVE-2026-27885 (Piwigo is an open source photo gallery application for the web. Prior  ...)
 	TODO: check
 CVE-2026-27834 (Piwigo is an open source photo gallery application for the web. Prior  ...)
@@ -150,47 +150,47 @@ CVE-2026-26058 (Zulip is an open-source team collaboration tool. From version 1.
 CVE-2026-25742 (Zulip is an open-source team collaboration tool. Prior to version 11.6 ...)
 	TODO: check
 CVE-2026-25726 (Cloudreve is a self-hosted file management and sharing system. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Cloudreve
 CVE-2026-25197 (A specific endpoint allows authenticated users to pivot to other user  ...)
-	TODO: check
+	NOT-FOR-US: Gardyn
 CVE-2026-22665 (prompts.chat prior to commit 1464475 contains an identity confusion vu ...)
-	TODO: check
+	NOT-FOR-US: prompts.chat
 CVE-2026-22664 (prompts.chat prior to commit 30a8f04 contains a server-side request fo ...)
-	TODO: check
+	NOT-FOR-US: prompts.chat
 CVE-2026-22663 (prompts.chat prior to commit 7b81836 contains multiple authorization b ...)
-	TODO: check
+	NOT-FOR-US: prompts.chat
 CVE-2026-22662 (prompts.chat prior to commit 1464475 contains a blind server-side requ ...)
-	TODO: check
+	NOT-FOR-US: prompts.chat
 CVE-2026-22661 (prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnera ...)
-	TODO: check
+	NOT-FOR-US: prompts.chat
 CVE-2025-10681 (Storage credentials are hardcoded in the mobile app and device firmwar ...)
-	TODO: check
+	NOT-FOR-US: Gardyn
 CVE-2022-4987 (Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08 ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann Industrial HiVision
 CVE-2021-4477 (Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypas ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2020-37216 (Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01  contain ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2018-25237 (Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer  ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2018-25236 (Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES,  ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2017-20238 (Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 0 ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2017-20237 (Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 c ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2017-20236 (ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways  ...)
-	TODO: check
+	NOT-FOR-US: ProSoft Technology ICX35-HWC
 CVE-2017-20235 (ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways c ...)
-	TODO: check
+	NOT-FOR-US: ProSoft Technology ICX35-HWC
 CVE-2017-20234 (GarrettCom Magnum 6K and 10K managed switches contain an authenticatio ...)
-	TODO: check
+	NOT-FOR-US: GarrettCom Magnum 6K and 10K managed switches
 CVE-2017-20233 (Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a fir ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2016-15058 (Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2015-10148 (Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 an ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann
 CVE-2026-5476 (A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affe ...)
 	NOT-FOR-US: NASA cFS
 CVE-2026-5475 (A vulnerability was determined in NASA cFS up to 7.0.0. This impacts t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9faa7506c266c32cfdf3c3d69056bf28cf3ccca9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9faa7506c266c32cfdf3c3d69056bf28cf3ccca9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260404/4437dd06/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list