[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 28 04:53:28 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4406993 by Salvatore Bonaccorso at 2026-04-28T05:53:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,7 +97,7 @@ CVE-2026-7096 (A security flaw has been discovered in Tenda HG3 2.0 300003070. T
 CVE-2026-7095 (A vulnerability was identified in code-projects Employee Management Sy ...)
 	NOT-FOR-US: code-projects
 CVE-2026-6970 (authd prior to version 0.6.4 contains a logic error in primary group I ...)
-	TODO: check
+	NOT-FOR-US: Canonical authd
 CVE-2026-6357 (pip prior to version 26.1 would run self-update check functionality af ...)
 	- python-pip <unfixed> (bug #1135110)
 	NOTE: https://github.com/pypa/pip/pull/13923
@@ -174,7 +174,7 @@ CVE-2026-33454 (The Camel-Mail component is vulnerable to Camel message header i
 CVE-2026-33453 (Improperly Controlled Modification of Dynamically-Determined Object At ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-32688 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: elixir-plug plug_cowboy
 CVE-2026-32655 (Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, cont ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-31691 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
@@ -206,19 +206,19 @@ CVE-2026-31686 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.19.14-1
 	NOTE: https://git.kernel.org/linus/51d8c78be0c27ddb91bc2c0263941d8b30a47d3b (7.1-rc1)
 CVE-2026-31256 (A null pointer dereference vulnerability exists in the RTSP service of ...)
-	TODO: check
+	NOT-FOR-US: MERCURY MIPC252W
 CVE-2026-31255 (A command injection vulnerability exists in Tenda AC18 V15.03.05.05_mu ...)
 	NOT-FOR-US: Tenda
 CVE-2026-30462 (A path traversal vulnerability in the Blocks module of Daylight Studio ...)
-	TODO: check
+	NOT-FOR-US: Daylight Studio FuelCMS
 CVE-2026-30352 (A remote code execution (RCE) vulnerability in the /devserver/start en ...)
-	TODO: check
+	NOT-FOR-US: leonvanzyl autocoder
 CVE-2026-30351 (A path traversal vulnerability in the UI/static component of leonvanzy ...)
-	TODO: check
+	NOT-FOR-US: leonvanzyl autocoder
 CVE-2026-30350 (An issue in the /store/items/search endpoint of Agent Protocol server  ...)
-	TODO: check
+	NOT-FOR-US: Agent Protocol server
 CVE-2026-30346 (An open redirect in the /api/google/authorize endpoint of hunvreus Dev ...)
-	TODO: check
+	NOT-FOR-US: hunvreus DevPush
 CVE-2026-27172 (The ConsulRegistry in the camel-consul component (class org.apache.cam ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-25908 (Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, cont ...)
@@ -333,9 +333,9 @@ CVE-2026-3008 (Successful exploitation of the string injection vulnerability cou
 CVE-2026-3006 (Successful exploitation of the race condition vulnerability could allo ...)
 	TODO: check
 CVE-2026-33566 (There is a cypher injection issue in LogonTracer prior to v2.0.0. If s ...)
-	TODO: check
+	NOT-FOR-US: LogonTracer
 CVE-2026-33277 (An OS command Injection issue exists in LogonTracer prior to v2.0.0. A ...)
-	TODO: check
+	NOT-FOR-US: LogonTracer
 CVE-2026-7057 (A flaw has been found in Tenda F456 1.0.0.5. The affected element is a ...)
 	NOT-FOR-US: Tenda
 CVE-2026-7056 (A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the fu ...)
@@ -487,7 +487,7 @@ CVE-2026-6994 (A weakness has been identified in Envoy up to 1.33.0. Affected is
 CVE-2026-42255 (Technitium DNS Server before 15.0 allows DNS traffic amplification via ...)
 	NOT-FOR-US: Technitium DNS Server
 CVE-2026-6993 (A security flaw has been discovered in go-kratos kratos up to 2.9.2. T ...)
-	TODO: check
+	NOT-FOR-US: go-kratos
 CVE-2026-6992 (A vulnerability was identified in Linksys MR9600 2.0.6.206937. This af ...)
 	NOT-FOR-US: Linksys
 CVE-2026-6991 (A vulnerability was determined in colinhacks Zod up to 4.3.6. The impa ...)
@@ -2962,7 +2962,7 @@ CVE-2026-31431 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2026-31192 (Insufficient validation of Chrome extension identifiers in Raindrop.io ...)
 	TODO: check
 CVE-2026-30139 (A reflected cross-site scripting (XSS) vulnerability in the AdvancedSe ...)
-	TODO: check
+	NOT-FOR-US: Silverpeas Core
 CVE-2026-2719 (The Private WP suite plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2717 (The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a440699323832269af36da16bd0e26c3d4d0c998

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a440699323832269af36da16bd0e26c3d4d0c998
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/b15c3a2c/attachment.htm>

More information about the debian-security-tracker-commits mailing list