[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 27 20:30:31 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70bc2b23 by Salvatore Bonaccorso at 2026-04-27T21:30:02+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2026-7144 (A security flaw has been discovered in 1000 Projects Portfolio Ma
 CVE-2026-7143 (A vulnerability was identified in 1000 Projects Portfolio Management S ...)
 	NOT-FOR-US: 1000 Projects Portfolio Management System MCA
 CVE-2026-7142 (A vulnerability was determined in Wooey up to 0.13.2. The impacted ele ...)
-	TODO: check
+	NOT-FOR-US: Wooey
 CVE-2026-7141 (A vulnerability was found in vllm up to 0.19.0. The affected element i ...)
 	TODO: check
 CVE-2026-7140 (A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 ...)
@@ -67,9 +67,9 @@ CVE-2026-7115 (A vulnerability was identified in code-projects Employee Manageme
 CVE-2026-7114 (A vulnerability was determined in code-projects Employee Management Sy ...)
 	NOT-FOR-US: code-projects
 CVE-2026-7113 (A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected ...)
-	TODO: check
+	NOT-FOR-US: NousResearch hermes-agent
 CVE-2026-7112 (A vulnerability has been found in NousResearch hermes-agent 0.8.0. Aff ...)
-	TODO: check
+	NOT-FOR-US: NousResearch hermes-agent
 CVE-2026-7110 (A flaw has been found in code-projects Invoice System in Laravel 1.0.  ...)
 	NOT-FOR-US: code-projects
 CVE-2026-7109 (A vulnerability was detected in code-projects Invoice System in Larave ...)
@@ -103,7 +103,7 @@ CVE-2026-6357 (pip prior to version 26.1 would run self-update check functionali
 CVE-2026-6337
 	REJECTED
 CVE-2026-6265 (Insecure preserved inherited permissions vulnerability in Cerberus FTP ...)
-	TODO: check
+	NOT-FOR-US: Cerberus FTP Server
 CVE-2026-5943 (Document structural anomalies caused inconsistencies between page elem ...)
 	NOT-FOR-US: Foxit
 CVE-2026-5942 (Flaws in page lifecycle management allow document structure changes to ...)
@@ -125,17 +125,17 @@ CVE-2026-42379 (Insertion of Sensitive Information Into Sent Data vulnerability
 CVE-2026-41635 (Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, o ...)
 	TODO: check
 CVE-2026-41467 (ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scri ...)
-	TODO: check
+	NOT-FOR-US: ProjeQtor
 CVE-2026-41466 (ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scri ...)
-	TODO: check
+	NOT-FOR-US: ProjeQtor
 CVE-2026-41465 (ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulner ...)
-	TODO: check
+	NOT-FOR-US: ProjeQtor
 CVE-2026-41464 (ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization  ...)
-	TODO: check
+	NOT-FOR-US: ProjeQtor
 CVE-2026-41463 (ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal ...)
-	TODO: check
+	NOT-FOR-US: ProjeQtor
 CVE-2026-41462 (ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL i ...)
-	TODO: check
+	NOT-FOR-US: ProjeQtor
 CVE-2026-41409 (The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() ...)
 	TODO: check
 CVE-2026-41081 (Improper Handling of TLS Client Authentication Failure Leading to Anon ...)
@@ -147,7 +147,7 @@ CVE-2026-40858 (The camel-infinispan component's ProtoStream-based remote aggreg
 CVE-2026-40557 (Improper Certificate Validation via Global SSL Context Downgrade in Ap ...)
 	TODO: check
 CVE-2026-40514 (SmarterTools SmarterMail builds prior to 9610 contain a cryptographic  ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2026-40473 (The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type  ...)
 	TODO: check
 CVE-2026-40453 (The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilte ...)
@@ -157,17 +157,17 @@ CVE-2026-40048 (The Camel-PQC FileBasedKeyLifecycleManager class deserializes th
 CVE-2026-40022 (When authentication is enabled on the Apache Camel embedded HTTP serve ...)
 	TODO: check
 CVE-2026-38936 (A reflected cross-site scripting (XSS) vulnerability exists in diskove ...)
-	TODO: check
+	NOT-FOR-US: diskover-community
 CVE-2026-38935 (A reflected cross-site scripting (XSS) vulnerability exists in diskove ...)
-	TODO: check
+	NOT-FOR-US: diskover-community
 CVE-2026-38934 (Cross Site Request Forgery vulnerability in diskoverdata diskover-comm ...)
-	TODO: check
+	NOT-FOR-US: diskover-community
 CVE-2026-35903 (MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an i ...)
-	TODO: check
+	NOT-FOR-US: MERCURY MIPC252W IP camera
 CVE-2026-35902 (The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has  ...)
-	TODO: check
+	NOT-FOR-US: MERCURY IP camera MIPC252W
 CVE-2026-35901 (A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Bui ...)
-	TODO: check
+	NOT-FOR-US: Mercury MIPC252W
 CVE-2026-33454 (The Camel-Mail component is vulnerable to Camel message header injecti ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-33453 (Improperly Controlled Modification of Dynamically-Determined Object At ...)
@@ -303,7 +303,7 @@ CVE-2026-7058 (A vulnerability has been found in 666ghj MiroFish up to 0.1.2. Th
 CVE-2026-42371 (uriparser before 1.0.1 has numeric truncation in text range comparison ...)
 	TODO: check
 CVE-2026-42363 (An insufficient encryption vulnerability exists in the Device Authenti ...)
-	TODO: check
+	NOT-FOR-US: GeoVision GV-IP Device Utility
 CVE-2026-3868 (An improper handling of the length parameter inconsistency vulnerabili ...)
 	NOT-FOR-US: Moxa
 CVE-2026-3867 (An improper ownership management vulnerability has been identified in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70bc2b236516025dc6b8126965e3ccba8d297233

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70bc2b236516025dc6b8126965e3ccba8d297233
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260427/fb956c97/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list