[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 29 07:33:08 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a363d7b by Salvatore Bonaccorso at 2026-04-29T08:33:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -254,19 +254,19 @@ CVE-2026-40556 (GNU nano creates the user\u2019s ~/.local directory with overly
NOTE: Fixed by: https://cgit.git.savannah.gnu.org/cgit/nano.git/commit/?id=cb43493e00e5777d2433ecf5db6402983b282d6f (v9.0)
NOTE: Duplicate CVE assignment for CVE-2026-6842.
CVE-2026-40552 (mpGabinet is vulnerable to Remote Command Execution. An authorized use ...)
- TODO: check
+ NOT-FOR-US: mpGabinet
CVE-2026-40551 (mpGabinet performs client-side authentication. An attacker with access ...)
- TODO: check
+ NOT-FOR-US: mpGabinet
CVE-2026-40550 (mpGabinet is vulnerable to Privilege Escalation due to excessive datab ...)
- TODO: check
+ NOT-FOR-US: mpGabinet
CVE-2026-3323 (An unsecured configuration interface on affected devices allows unauth ...)
TODO: check
CVE-2026-38949 (Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: HTMLy
CVE-2026-38948 (Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and ...)
- TODO: check
+ NOT-FOR-US: FUEL CMS
CVE-2026-38651 (Authentication Bypass vulnerability exists in Netmaker versions prior ...)
- TODO: check
+ NOT-FOR-US: Netmaker
CVE-2026-27760 (OpenCATS prior to commit 3002a29 contains a PHP code injection vulnera ...)
TODO: check
CVE-2025-67223 (The Aranda File Server (AFS) component in Aranda Software Aranda Servi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a363d7beac79deeafb6fff5b14564a7ba41af19
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a363d7beac79deeafb6fff5b14564a7ba41af19
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/e4931000/attachment.htm>
More information about the debian-security-tracker-commits
mailing list