[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 2 07:08:01 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
effd7b74 by Salvatore Bonaccorso at 2026-06-02T08:07:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,7 +97,7 @@ CVE-2026-49157 (Incorrect Default Permissions vulnerability in Apache ActiveMQ.
 	- activemq <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/21
 CVE-2026-49121 (AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthent ...)
-	TODO: check
+	NOT-FOR-US: AI Tensor Engine for ROCm (AITER)
 CVE-2026-48879 (Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Pri ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48866 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -255,7 +255,7 @@ CVE-2026-42253 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an unauthorized atta ...)
 	NOT-FOR-US: KS-SOMED
 CVE-2026-41013 (Input validation bypass in SMB volume mount handling in CloudFoundry F ...)
-	TODO: check
+	NOT-FOR-US: CloudFoundry
 CVE-2026-40990 (OOM error is possible while attempting to add infinite amount of funct ...)
 	TODO: check
 CVE-2026-40989 (Under infinite recursion in the routing layer, request-handling can ca ...)
@@ -317,11 +317,11 @@ CVE-2026-27788 (Incorrect permission assignment for critical resource issue exis
 CVE-2026-25600 (The PDBM application relies on a static, hard\u2011coded secret embedd ...)
 	NOT-FOR-US: Trac PDBM
 CVE-2026-25599 (Missing authentication and clear\u2011text transmission of data from t ...)
-	TODO: check
+	NOT-FOR-US: Orca Energy
 CVE-2026-23638 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an  ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2026-22872 (Capsule is a multi-tenancy and policy-based framework for Kubernetes.  ...)
-	TODO: check
+	NOT-FOR-US: Capsule
 CVE-2026-20456 (In wlan STA driver, there is a possible system crash due to a missing  ...)
 	NOT-FOR-US: MediaTek
 CVE-2026-20455 (In geniezone, there is a possible out of bounds write due to a missing ...)
@@ -337,15 +337,15 @@ CVE-2026-10533 (A flaw was found in OpenShift Container Platform. Completed pods
 CVE-2026-10532 (Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...)
 	TODO: check
 CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes outbound HTTP r ...)
-	TODO: check
+	NOT-FOR-US: Clair
 CVE-2026-10283 (A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affe ...)
-	TODO: check
+	NOT-FOR-US: Bottelet DaybydayCRM
 CVE-2026-10282 (A security vulnerability has been detected in Bottelet DaybydayCRM up  ...)
-	TODO: check
+	NOT-FOR-US: Bottelet DaybydayCRM
 CVE-2026-10281 (A weakness has been identified in Enderfga claw-orchestrator up to 3.5 ...)
-	TODO: check
+	NOT-FOR-US: Enderfga claw-orchestrator
 CVE-2026-10280 (A security flaw has been discovered in horizon921 mcpilot 0.1.0. The i ...)
-	TODO: check
+	NOT-FOR-US: horizon921 mcpilot
 CVE-2026-10279 (A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. T ...)
 	NOT-FOR-US: wezterm-mcp
 CVE-2026-10278 (A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impa ...)
@@ -359,7 +359,7 @@ CVE-2026-10275 (A flaw has been found in OpenSC up to 0.26.1. This affects the f
 CVE-2026-10274 (A vulnerability was determined in indrasishbanerjee aem-mcp-server up  ...)
 	NOT-FOR-US: aem-mcp-server
 CVE-2026-10273 (A vulnerability was found in php-censor up to 2.1.6. This affects an u ...)
-	TODO: check
+	NOT-FOR-US: php-censor
 CVE-2026-10272 (A vulnerability has been found in a4m4 Student-Management-System up to ...)
 	NOT-FOR-US: a4m4 Student-Management-System
 CVE-2026-10271 (A flaw has been found in a4m4 Student-Management-System up to f0c5f684 ...)
@@ -369,23 +369,23 @@ CVE-2026-10270 (A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.
 CVE-2026-10269 (A security vulnerability has been detected in decolua 9router up to 0. ...)
 	NOT-FOR-US: 9router
 CVE-2026-10268 (A weakness has been identified in janet-lang janet up to 1.41.0. This  ...)
-	TODO: check
+	NOT-FOR-US: janet-lang janet
 CVE-2026-10267 (A security flaw has been discovered in janet-lang janet up to 1.41.0.  ...)
-	TODO: check
+	NOT-FOR-US: janet-lang janet
 CVE-2026-10265 (A vulnerability was identified in itsourcecode Content Management Syst ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-10264 (A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affecte ...)
-	TODO: check
+	NOT-FOR-US: lharries whatsapp-mcp
 CVE-2026-10263 (A vulnerability was found in SourceCodester Computer Repair Shop Manag ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-10262 (A vulnerability has been found in code-projects Real State Services 1. ...)
-	TODO: check
+	NOT-FOR-US: code-projects Real State Services
 CVE-2026-10261 (A flaw has been found in CodeAstro Online Job Portal 1.0. This affects ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Online Job Portal
 CVE-2026-10260 (A vulnerability was detected in CodeAstro Online Job Portal 1.0. The i ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Online Job Portal
 CVE-2026-10259 (A security vulnerability has been detected in H3C Magic B0 up to 100R0 ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2026-10258 (A weakness has been identified in itsourcecode Content Management Syst ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-10257 (A security flaw has been discovered in itsourcecode Content Management ...)
@@ -421,11 +421,11 @@ CVE-2026-10243 (A security vulnerability has been detected in code-projects Smar
 CVE-2026-10242 (A weakness has been identified in itsourcecode Content Management Syst ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-10241 (A security flaw has been discovered in jeecgboot The server processes  ...)
-	TODO: check
+	NOT-FOR-US: jeecgboot
 CVE-2026-10240 (A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted  ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2026-10239 (A vulnerability was determined in JeecgBoot up to 3.9.2. The affected  ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2026-10237 (A vulnerability was found in SourceCodester Water Billing Management S ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-10236 (A vulnerability has been found in SourceCodester Water Billing Managem ...)
@@ -433,7 +433,7 @@ CVE-2026-10236 (A vulnerability has been found in SourceCodester Water Billing M
 CVE-2026-10235 (A flaw has been found in CodeAstro Ingredients Stock Management System ...)
 	NOT-FOR-US: CodeAstro
 CVE-2026-10234 (A vulnerability was detected in Mettle sendportal up to 3.0.1. This af ...)
-	TODO: check
+	NOT-FOR-US: Mettle sendportal
 CVE-2026-10233 (A security vulnerability has been detected in Assimp up to 6.0.4. Affe ...)
 	TODO: check
 CVE-2026-10232 (A weakness has been identified in Assimp up to 6.0.4. Affected by this ...)
@@ -445,13 +445,13 @@ CVE-2026-10230 (A vulnerability was identified in Assimp up to 6.0.4. This impac
 CVE-2026-10229 (A vulnerability was determined in Assimp up to 6.0.4. This affects the ...)
 	TODO: check
 CVE-2026-10228 (A vulnerability was found in raisulislamg4 student_management_system_b ...)
-	TODO: check
+	NOT-FOR-US: raisulislamg4 student_management_system_by_php
 CVE-2026-10227 (A vulnerability has been found in raisulislamg4 student_management_sys ...)
-	TODO: check
+	NOT-FOR-US: raisulislamg4 student_management_system_by_php
 CVE-2026-10226 (A flaw has been found in raisulislamg4 student_management_system_by_ph ...)
-	TODO: check
+	NOT-FOR-US: raisulislamg4 student_management_system_by_php
 CVE-2026-10225 (A vulnerability was detected in raisulislamg4 student_management_syste ...)
-	TODO: check
+	NOT-FOR-US: raisulislamg4 student_management_system_by_php
 CVE-2026-10224 (A security vulnerability has been detected in NousResearch hermes-agen ...)
 	NOT-FOR-US: aem-mcp-server
 CVE-2026-10223 (A weakness has been identified in NousResearch hermes-agent up to 2026 ...)
@@ -463,11 +463,11 @@ CVE-2026-10221 (A vulnerability was identified in NousResearch hermes-agent up t
 CVE-2026-10220 (A vulnerability was determined in NousResearch hermes-agent up to 2026 ...)
 	NOT-FOR-US: aem-mcp-server
 CVE-2026-10219 (A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. Thi ...)
-	TODO: check
+	NOT-FOR-US: nextlevelbuilder GoClaw
 CVE-2026-10218 (A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3 ...)
-	TODO: check
+	NOT-FOR-US: nextlevelbuilder GoClaw
 CVE-2026-10217 (A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The imp ...)
-	TODO: check
+	NOT-FOR-US: nextlevelbuilder GoClaw
 CVE-2026-10216 (A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The  ...)
 	NOT-FOR-US: droidclaw
 CVE-2026-10215 (A security vulnerability has been detected in Dolibarr ERP CRM up to 2 ...)
@@ -489,13 +489,13 @@ CVE-2026-10208 (A flaw has been found in code-projects Online Hospital Managemen
 CVE-2026-10206 (A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This  ...)
 	NOT-FOR-US: D-Link
 CVE-2026-10205 (A security vulnerability has been detected in Metasoft \u7f8e\u7279\u8 ...)
-	TODO: check
+	NOT-FOR-US: Metasoft MetaCRM
 CVE-2026-10204 (A weakness has been identified in OFCMS 1.1.3. The affected element is ...)
-	TODO: check
+	NOT-FOR-US: OFCMS
 CVE-2026-10203 (A security flaw has been discovered in OFCMS 1.1.3. Impacted is the fu ...)
-	TODO: check
+	NOT-FOR-US: OFCMS
 CVE-2026-10202 (A vulnerability was identified in OFCMS 1.1.3. This issue affects the  ...)
-	TODO: check
+	NOT-FOR-US: OFCMS
 CVE-2026-10201 (A vulnerability was determined in Assimp up to 6.0.4. This vulnerabili ...)
 	TODO: check
 CVE-2026-10200 (A vulnerability was found in Assimp up to 6.0.4. This affects the func ...)
@@ -6328,7 +6328,7 @@ CVE-2026-41401 (libyang before 5.2.6 contains a heap use-after-free write vulner
 	NOTE: https://github.com/CESNET/libyang/security/advisories/GHSA-9f49-8x56-jmjc
 	NOTE: Fixed by: https://github.com/CESNET/libyang/commit/54c3276d871023da266d4ed3ceaee7e8d71d0b04 (v5.4.9)
 CVE-2026-41164 (nuts-node is the reference implementation of the Nuts specification. P ...)
-	TODO: check
+	NOT-FOR-US: nuts-node
 CVE-2026-40564 (Files or Directories Accessible to External Parties, Server-Side Reque ...)
 	NOT-FOR-US: Apache Flink Kubernetes Operator
 CVE-2026-40384 (An improper validation of the search parameter of the com_media files  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/effd7b74afb6d3adf47e93e908d4a8b27254df18

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/effd7b74afb6d3adf47e93e908d4a8b27254df18
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/6fe9cceb/attachment.htm>

More information about the debian-security-tracker-commits mailing list