[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e62d3f7 by Moritz Muehlenhoff at 2026-06-11T15:00:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -190,7 +190,7 @@ CVE-2026-46609 (Umbraco is an ASP.NET CMS. From version 14.0.0 to before version
 CVE-2026-46558 (Plane is an open-source project management tool. Prior to version 1.3. ...)
 	NOT-FOR-US: Plane
 CVE-2026-46497 (Crawlee is a web scraping and browser automation library. From version ...)
-	TODO: check
+	NOT-FOR-US: Crawlee
 CVE-2026-45569 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
 	NOT-FOR-US: Roxy-WI
 CVE-2026-45567 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
@@ -254,7 +254,7 @@ CVE-2026-11884 (A heap buffer overflow flaw was found in 389 Directory Server. W
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2423624
 	TODO: check upstream details
 CVE-2026-11859 (An HTML injection vulnerability in the "fetch links" email sent by Thi ...)
-	TODO: check
+	NOT-FOR-US: Canarytokens
 CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be susceptible  ...)
 	NOT-FOR-US: Symantec
 CVE-2026-11596 (In ScreenConnect\u2122 versions prior to 26.2, input validation within ...)
@@ -264,11 +264,11 @@ CVE-2026-11417 (OS command injection in the NodejsFunction local bundling pipeli
 CVE-2026-10740 (Unbounded memory allocation in the CRYPTO frame reassembler in s2n-qui ...)
 	NOT-FOR-US: Amazon
 CVE-2026-10721 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection viaunse ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2025-71330 (image-size through 2.0.2 contains a denial of service vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: Node image-size
 CVE-2025-71329 (image-size through 2.0.2 contains a denial of service vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: Node image-size
 CVE-2025-6254 (The Doctreat Core plugin for WordPress is vulnerable to Privilege Esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10238 (During an internal security assessment, apotential out-of-bounds write ...)
@@ -276,7 +276,7 @@ CVE-2025-10238 (During an internal security assessment, apotential out-of-bounds
 CVE-2025-10237 (During an internal security assessment, a potential vulnerability was  ...)
 	NOT-FOR-US: Lenovo
 CVE-2024-58350 (Ghidra before 11.2 contains a use after free vulnerability in the Slei ...)
-	TODO: check
+	- ghidra <itp> (bug #923851)
 CVE-2026-XXXX [OnionShare follows symlinks in shared directories, allowing unintended disclosure of local files]
 	- onionshare <unfixed>
 	NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-22p9-r2f5-22mf



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e62d3f7228caf267e6367ccd35905f1dfe1613c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e62d3f7228caf267e6367ccd35905f1dfe1613c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/f44975de/attachment.htm>