[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 18 07:45:49 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
926925e5 by Salvatore Bonaccorso at 2026-06-18T08:45:39+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2026-6733 (Impact: Undici's HTTP/1.1 client is vulnerable to response queue
CVE-2026-5667 (Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Roo ...)
NOT-FOR-US: Mitsubishi
CVE-2026-55743 (The shell tool command allowlist in the SecurityPolicy of OpenHuman de ...)
- TODO: check
+ NOT-FOR-US: OpenHuman
CVE-2026-55738 (A stack-based buffer overflow exists in the raw_to_header() function i ...)
NOT-FOR-US: microtar
CVE-2026-55198 (Hermes WebUI before 0.51.443 contains an authorization bypass vulnerab ...)
@@ -2070,7 +2070,7 @@ CVE-2026-54294
CVE-2026-54292
REJECTED
CVE-2026-53430 (Improper Handling of Highly Compressed Data (Data Amplification) vulne ...)
- TODO: check
+ NOT-FOR-US: elixir-grpc grpc
CVE-2026-52722 (A signed integer overflow vulnerability was found in GStreamer's VMnc ...)
- gst-plugins-bad1.0 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2486733
@@ -2102,7 +2102,7 @@ CVE-2026-52693 (Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.
CVE-2026-52692 (Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.5 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-50892 (Incorrect access control in the "Let's Encrypt" certificate download e ...)
- TODO: check
+ NOT-FOR-US: Nginx Proxy Manager
CVE-2026-50891 (Incorrect access control in the /admin/api/config component of Filesta ...)
NOT-FOR-US: Filestash
CVE-2026-50890 (Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vu ...)
@@ -2264,9 +2264,9 @@ CVE-2026-48868 (Unauthenticated Insecure Direct Object References (IDOR) in Simp
CVE-2026-48867 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master < ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48854 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- TODO: check
+ NOT-FOR-US: elixir-grpc grpc
CVE-2026-48853 (Deserialization of Untrusted Data and Allocation of Resources Without ...)
- TODO: check
+ NOT-FOR-US: elixir-grpc grpc
CVE-2026-48838 (Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48836 (Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/926925e5f6e37b5c633437581d63bf3c1031b3ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/926925e5f6e37b5c633437581d63bf3c1031b3ce
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260618/78cf9ab9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list