[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 1 21:28:28 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a80c32a9 by Salvatore Bonaccorso at 2026-06-01T22:27:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2026-48865 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2026-48839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48559 (Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-s ...)
-	TODO: check
+	NOT-FOR-US: Lightweight Music Server (LMS)
 CVE-2026-48210 (An improper default configuration in OTRS 2026.3.1 causes ticket artic ...)
 	TODO: check
 CVE-2026-48209 (An improper neutralization of user-controllable input in OTRS or ((OTR ...)
@@ -89,7 +89,7 @@ CVE-2026-45543 (Nextcloud is an open source content collaboration platform. From
 CVE-2026-45505 (Improper Input Validation, Improper Control of Generation of Code ('Co ...)
 	TODO: check
 CVE-2026-45302 (parse-nested-form-data is a tiny node module for parsing FormData by n ...)
-	TODO: check
+	NOT-FOR-US: parse-nested-form-data
 CVE-2026-45286 (Nextcloud is an open source content collaboration platform. From versi ...)
 	NOT-FOR-US: Nextcloud Calendar
 CVE-2026-45285 (Nextcloud is an open source content collaboration platform. From versi ...)
@@ -117,7 +117,7 @@ CVE-2026-45266 (Nextcloud is an open source content collaboration platform. Prio
 CVE-2026-45264 (Nextcloud is an open source content collaboration platform. From versi ...)
 	NOT-FOR-US: Nextcloud Groupfolder
 CVE-2026-45159 (Nextcloud is an open source content collaboration platform. From versi ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud end_to_end_encryption
 CVE-2026-45157 (Nextcloud is an open source content collaboration platform. In Nextclo ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2026-45156 (Nextcloud is an open source content collaboration platform. From versi ...)
@@ -125,25 +125,25 @@ CVE-2026-45156 (Nextcloud is an open source content collaboration platform. From
 CVE-2026-45155 (Nextcloud is an open source content collaboration platform. In Nextclo ...)
 	NOT-FOR-US: Nextcloud Circles
 CVE-2026-45154 (Nextcloud is an open source content collaboration platform. From versi ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud collectives
 CVE-2026-45153 (Nextcloud is an open source content collaboration platform. From versi ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud for Android
 CVE-2026-45132 (CloudPirates Open Source Helm Charts is a collection of Helm charts. P ...)
-	TODO: check
+	NOT-FOR-US: CloudPirates Open Source Helm Charts
 CVE-2026-45131 (CloudPirates Open Source Helm Charts is a collection of Helm charts. P ...)
-	TODO: check
+	NOT-FOR-US: CloudPirates Open Source Helm Charts
 CVE-2026-44740 (Billy is an interface filesystem abstraction for Go. Prior to versions ...)
 	TODO: check
 CVE-2026-44211 (Cline is an autonomous coding agent as an SDK, IDE extension, or CLI a ...)
-	TODO: check
+	NOT-FOR-US: Cline
 CVE-2026-43958 (A flaw was found in rrdcached, a component of rrdtool. A local attacke ...)
 	TODO: check
 CVE-2026-43625 (CodexBar prior to 0.32.0 contains a session cookie leakage vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: CodexBar
 CVE-2026-43624 (F5-TTS through version 1.1.20 contains a path traversal vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: F5-TTS
 CVE-2026-43623 (microtar through 0.1.0 contains a stack-based buffer overflow vulnerab ...)
-	TODO: check
+	NOT-FOR-US: microtar
 CVE-2026-42683 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42682 (Missing Authorization vulnerability in Tomdever wpForo Forum allows Ex ...)
@@ -175,7 +175,7 @@ CVE-2026-42588 (Improper Input Validation, Improper Control of Generation of Cod
 CVE-2026-42253 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	TODO: check
 CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an unauthorized atta ...)
-	TODO: check
+	NOT-FOR-US: KS-SOMED
 CVE-2026-41013 (Input validation bypass in SMB volume mount handling in CloudFoundry F ...)
 	TODO: check
 CVE-2026-40990 (OOM error is possible while attempting to add infinite amount of funct ...)
@@ -183,59 +183,59 @@ CVE-2026-40990 (OOM error is possible while attempting to add infinite amount of
 CVE-2026-40989 (Under infinite recursion in the routing layer, request-handling can ca ...)
 	TODO: check
 CVE-2026-40549 (SOPlanning is vulnerable to Cross\u2011Site Request Forgery (CSRF) in  ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2026-40548 (SOPlanning does not verify uploaded file extension. An authenticated a ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2026-40547 (SOPlanning is vulnerable to Path Traversal in backup endpoints.  Authe ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2026-40546 (SOPlanning is vulnerable to SQL Injection across multiple endpoints an ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2026-40545 (SOPlanning is vulnerable to Reflected XSS via the taches parameter. An ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2026-40544 (SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /pro ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2026-40543 (SOPlanning does not enforce authorization for backup functionalities.A ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2026-38950 (An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute a ...)
-	TODO: check
+	NOT-FOR-US: ESA AnomalyMatch
 CVE-2026-37235 (FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads with ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37233 (FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp iso ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37232 (An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in  ...)
-	TODO: check
+	NOT-FOR-US: OpenAirInterface5G
 CVE-2026-37231 (FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stor ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37230 (FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION  ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37229 (FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() tri ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37228 (FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg()  ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37227 (FlexRIC v2.0.0 contains reachable assert(0) calls in stub message hand ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37226 (FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_ ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37225 (FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_ ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37224 (FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST fro ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37223 (FlexRIC v2.0.0 contains a reachable assertion in the iApp message disp ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37222 (FlexRIC v2.0.0 uses hardcoded assertions to validate Information Eleme ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37221 (FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-37220 (FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2 ...)
-	TODO: check
+	NOT-FOR-US: FlexRIC
 CVE-2026-34193 (Kernel software installed and running inside a Guest/Host VM may post  ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2026-32325 (Privilege chaining issue exists in ServerView Agents for Windows V11.6 ...)
-	TODO: check
+	NOT-FOR-US: ServerView Agents for Windows
 CVE-2026-30963 (Capsule is a multi-tenancy and policy-based framework for Kubernetes.  ...)
-	TODO: check
+	NOT-FOR-US: Capsule
 CVE-2026-27788 (Incorrect permission assignment for critical resource issue exists in  ...)
-	TODO: check
+	NOT-FOR-US: ServerView Agents for Windows
 CVE-2026-25600 (The PDBM application relies on a static, hard\u2011coded secret embedd ...)
 	TODO: check
 CVE-2026-25599 (Missing authentication and clear\u2011text transmission of data from t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a80c32a9dbf9ec652a7b4ec0f7826184134ed1e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a80c32a9dbf9ec652a7b4ec0f7826184134ed1e4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/0c16f267/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list