[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 30 21:49:45 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
466c4fa5 by Salvatore Bonaccorso at 2026-04-30T22:49:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,19 +3,19 @@ CVE-2026-7500 (When Keycloak is started with `--features-disabled=account,accoun
 CVE-2026-7461 (Improper neutralization of inputs used in an OS command in the FSx Win ...)
 	NOT-FOR-US: Amazon
 CVE-2026-7402 (Improper Control of Interaction Frequency vulnerability in MeWare Soft ...)
-	TODO: check
+	NOT-FOR-US: MeWare Software Development Inc. PDKS
 CVE-2026-7399 (Authorization bypass through User-Controlled key vulnerability in MeWa ...)
-	TODO: check
+	NOT-FOR-US: MeWare Software Development Inc. PDKS
 CVE-2026-7382 (Exposure of Sensitive Information to an Unauthorized Actor, Exposure o ...)
-	TODO: check
+	NOT-FOR-US: MeWare Software Development Inc. PDKS
 CVE-2026-7270 (An operator precedence bug in the kernel results in a scenario where a ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2026-7246 (Pallets Click, versions 8.3.2 and below, contain a command injection v ...)
 	TODO: check
 CVE-2026-7164 (Incorrect packet validation allowed unbounded recursion parsing SCTP c ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2026-7163 (A vulnerability in the assisted-service REST API, an optional Assisted ...)
-	TODO: check
+	NOT-FOR-US: Red Hat assisted-service REST API
 CVE-2026-6498 (The Five Star Restaurant Reservations plugin for WordPress is vulnerab ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5174 (Improper input validation vulnerability in Progress Software MOVEit Au ...)
@@ -39,57 +39,57 @@ CVE-2026-41882 (In JetBrains IntelliJ IDEA before 2024.3.7.1,  2025.1.7.1, 2025.
 CVE-2026-41016 (Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMT ...)
 	TODO: check
 CVE-2026-40904 (Chartbrew is an open-source web application that can connect directly  ...)
-	TODO: check
+	NOT-FOR-US: Chartbrew
 CVE-2026-40603 (Chartbrew is an open-source web application that can connect directly  ...)
-	TODO: check
+	NOT-FOR-US: Chartbrew
 CVE-2026-40601 (Chartbrew is an open-source web application that can connect directly  ...)
-	TODO: check
+	NOT-FOR-US: Chartbrew
 CVE-2026-40600 (Chartbrew is an open-source web application that can connect directly  ...)
-	TODO: check
+	NOT-FOR-US: Chartbrew
 CVE-2026-40595 (Chartbrew is an open-source web application that can connect directly  ...)
-	TODO: check
+	NOT-FOR-US: Chartbrew
 CVE-2026-39457 (When exchanging data over a socket, libnv uses select(2) to wait for d ...)
 	TODO: check
 CVE-2026-38940 (Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 a ...)
-	TODO: check
+	NOT-FOR-US: RafyMrX TOKO-ONLINE-ROTI
 CVE-2026-38939 (Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0  ...)
-	TODO: check
+	NOT-FOR-US: andrewtch88 mvc-ecommerce
 CVE-2026-36960 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the web ma ...)
-	TODO: check
+	NOT-FOR-US: U-SPEED N300 Router
 CVE-2026-36959 (U-SPEED N300 router V1.0.0 does not implement rate limiting or account ...)
-	TODO: check
+	NOT-FOR-US: U-SPEED N300 Router
 CVE-2026-36958 (A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wi ...)
-	TODO: check
+	NOT-FOR-US: U-SPEED N300 Router
 CVE-2026-36957 (Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router
 CVE-2026-36956 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the web ma ...)
-	TODO: check
+	NOT-FOR-US: Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router
 CVE-2026-36767 (A path traversal vulnerability in the /content/images/add endpoint of  ...)
-	TODO: check
+	NOT-FOR-US: shopizer
 CVE-2026-36766 (Multiple authenticated cross-site scripting (XSS) vulnerabilities in t ...)
-	TODO: check
+	NOT-FOR-US: shopizer
 CVE-2026-36765 (An XML external entity (XXE) vulnerability in the /designer/loadReport ...)
-	TODO: check
+	NOT-FOR-US: SpringBlade
 CVE-2026-36764 (A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testCo ...)
-	TODO: check
+	NOT-FOR-US: SpringBlade
 CVE-2026-36763 (A stored cross-site scripting (XSS) vulnerability in the /api/blade-de ...)
-	TODO: check
+	NOT-FOR-US: SpringBlade
 CVE-2026-36762 (An issue in the fileEntityId parameter in the /a/file/upload endpoint  ...)
-	TODO: check
+	NOT-FOR-US: JeeSite
 CVE-2026-36761 (A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner ...)
-	TODO: check
+	NOT-FOR-US: JeeSite
 CVE-2026-36760 (An issue in the fileMd5 parameter in the /a/file/upload endpoint of Je ...)
-	TODO: check
+	NOT-FOR-US: JeeSite
 CVE-2026-36759 (A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-fro ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2026-36758 (A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2026-36757 (A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-fr ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2026-36756 (A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-ur ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2026-36340 (An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote at ...)
-	TODO: check
+	NOT-FOR-US: Krayin CRM
 CVE-2026-35547 (When processing the header of an incoming message, libnv failed to pro ...)
 	TODO: check
 CVE-2026-35514 (Chartbrew is an open-source web application that can connect directly  ...)
@@ -420,7 +420,7 @@ CVE-2026-5299 (ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 a
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-12.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21077
 CVE-2026-41226 (Open redirect vulnerability exists in Multiple laser printers and MFPs ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2026-34965 (Cockpit CMS contains an authenticated remote code execution vulnerabil ...)
 	NOT-FOR-US: Cockpit CMS
 CVE-2026-1858 (wget2 accepts a server certificate with incorrect Key Usage (KU) or Ex ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/466c4fa580af90cf3f6a79ac2640c21fc0332d43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/466c4fa580af90cf3f6a79ac2640c21fc0332d43
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/2c76d4c6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list