[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 7 16:19:11 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
422110ea by Moritz Muehlenhoff at 2026-04-07T17:18:30+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -361,7 +361,7 @@ CVE-2026-34885 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2026-34841 (Bruno is an open source IDE for exploring and testing APIs. Prior to 3 ...)
 	NOT-FOR-US: Bruno
 CVE-2026-34783 (Ferret is a declarative system for working with web data. Prior to 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Ferret scraping framework (different from src:ferret)
 CVE-2026-34764 (Electron is a framework for writing cross-platform desktop application ...)
 	- electron <itp> (bug #842420)
 CVE-2026-34756 (vLLM is an inference and serving engine for large language models (LLM ...)
@@ -424,21 +424,21 @@ CVE-2026-33817 (Index out-of-range when encountering a branch page with zero ele
 CVE-2026-33752 (curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi ...)
 	TODO: check
 CVE-2026-33727 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole
 CVE-2026-33540 (Distribution is a toolkit to pack, ship, store, and deliver container  ...)
 	TODO: check
 CVE-2026-33510 (Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross ...)
-	TODO: check
+	NOT-FOR-US: Homarr
 CVE-2026-33406 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole Admin Interface
 CVE-2026-33405 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole Admin Interface
 CVE-2026-33404 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole Admin Interface
 CVE-2026-33403 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole Admin Interface
 CVE-2026-32602 (Homarr is an open-source dashboard. Prior to 1.57.0, the user registra ...)
-	TODO: check
+	NOT-FOR-US: Homarr
 CVE-2026-31354 (Multiple authenticated stored cross-site scripting (XSS) vulnerabiliti ...)
 	TODO: check
 CVE-2026-31353 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
@@ -452,7 +452,7 @@ CVE-2026-31350 (An authenticated stored cross-site scripting (XSS) vulnerability
 CVE-2026-31313 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
 	NOT-FOR-US: Feehi CMS
 CVE-2026-31153 (A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 a ...)
-	TODO: check
+	NOT-FOR-US: Bynder
 CVE-2026-31151 (An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attacke ...)
 	NOT-FOR-US: Kaleris YMS
 CVE-2026-31150 (Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated  ...)
@@ -478,7 +478,7 @@ CVE-2026-31058 (UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to cont
 CVE-2026-31053 (A double free vulnerability exists in librz/bin/format/le/le.c in the  ...)
 	TODO: check
 CVE-2026-30613 (An information disclosure vulnerability exists in AZIOT 1 Node Smart S ...)
-	TODO: check
+	NOT-FOR-US: AZIOT 1 Node Smart Switch
 CVE-2026-30078 (OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message w ...)
 	NOT-FOR-US: OpenAirInterface
 CVE-2026-29047 (GLPI is a free asset and IT management software package. From 10.0.0 t ...)
@@ -516,7 +516,7 @@ CVE-2026-21367 (Transient DOS when processing nonstandard FILS Discovery Frames
 CVE-2026-0049 (In onHeaderDecoded of LocalImageResolver.java, there is a possible per ...)
 	NOT-FOR-US: Android
 CVE-2025-61166 (An open redirect in Ascertia SigningHub User v10.0 allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: Ascertia SigningHub User
 CVE-2025-59440 (An issue was discovered in USIM in Samsung Mobile Processor, Wearable  ...)
 	NOT-FOR-US: Samsung
 CVE-2025-58349 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
@@ -540,7 +540,7 @@ CVE-2025-47389 (Memory corruption when buffer copy operation fails due to intege
 CVE-2025-47374 (Memory Corruption when accessing freed memory due to concurrent fence  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2024-14032 (Twitch Studio version 0.114.8 and prior contain a privilege escalation ...)
-	TODO: check
+	NOT-FOR-US: Twitch Studio
 CVE-2026-31410 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.19.10-1
 	NOTE: https://git.kernel.org/linus/3a64125730cabc34fccfbc230c2667c2e14f7308 (7.0-rc5)
@@ -712,37 +712,37 @@ CVE-2026-4272 (Missing Authentication for Critical Function vulnerability in Hon
 CVE-2026-35679 (Zcash zcashd before 6.12.0 allows invalid transactions to be accepted  ...)
 	NOT-FOR-US: Zcash zcashd
 CVE-2019-25704 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25702 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25700 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25698 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25696 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25694 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25692 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25690 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25688 (Kados R10 GreenBee contains an SQL injection vulnerability that allows ...)
-	TODO: check
+	NOT-FOR-US: Kados
 CVE-2019-25687 (Pegasus CMS 1.0 contains a remote code execution vulnerability in the  ...)
-	TODO: check
+	NOT-FOR-US: Pegasus CMS
 CVE-2019-25686 (Core FTP 2.0 build 653 contains a denial of service vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Core FTP
 CVE-2019-25685 (phpBB contains an arbitrary file upload vulnerability that allows auth ...)
-	TODO: check
+	NOT-FOR-US: phpBB
 CVE-2019-25684 (OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows u ...)
-	TODO: check
+	NOT-FOR-US: OpenDocMan
 CVE-2019-25683 (FileZilla 3.40.0 contains a denial of service vulnerability in the loc ...)
 	TODO: check
 CVE-2019-25682 (CMSsite 1.0 contains a cross-site request forgery vulnerability that a ...)
-	TODO: check
+	NOT-FOR-US: CMSsite
 CVE-2019-25681 (Xlight FTP Server 3.9.1 contains a structured exception handler (SEH)  ...)
-	TODO: check
+	NOT-FOR-US: Xlight FTP Server
 CVE-2019-25680 (Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerabi ...)
 	TODO: check
 CVE-2019-25679 (RealTerm Serial Terminal 2.0.0.70 contains a structured exception hand ...)
@@ -4527,7 +4527,7 @@ CVE-2026-33767 (WWBN AVideo is an open source video platform. In versions up to
 CVE-2026-33766 (WWBN AVideo is an open source video platform. In versions up to and in ...)
 	NOT-FOR-US: WWBN AVideo
 CVE-2026-33765 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	NOT-FOR-US: Pi-Hole
+	NOT-FOR-US: Pi-Hole Admin Interface
 CVE-2026-33764 (WWBN AVideo is an open source video platform. In versions up to and in ...)
 	NOT-FOR-US: WWBN AVideo
 CVE-2026-33763 (WWBN AVideo is an open source video platform. In versions up to and in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/422110ea955384129976a7a504c89b764ee526a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/422110ea955384129976a7a504c89b764ee526a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/84833d75/attachment.htm>

More information about the debian-security-tracker-commits mailing list