[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 24 21:47:11 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c4adeb6 by Salvatore Bonaccorso at 2026-06-24T22:46:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -227,13 +227,13 @@ CVE-2026-35025 (ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control
CVE-2026-29034
REJECTED
CVE-2026-13164 (Missing Authentication for Critical Function (CWE-306) in the Register ...)
- TODO: check
+ NOT-FOR-US: MailerUp
CVE-2026-13163 (Open redirect vulnerability (CWE-601) in the _safe_redirect function o ...)
- TODO: check
+ NOT-FOR-US: MailerUp
CVE-2026-13150 (Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation end ...)
- TODO: check
+ NOT-FOR-US: ccyl13 Pentestify
CVE-2026-13140 (Stored Cross-Site Scripting in the exposed AWS API key store ofThinkst ...)
- TODO: check
+ NOT-FOR-US: Canarytokens
CVE-2026-12986 (A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, ...)
NOT-FOR-US: Payara
CVE-2026-12760 (A denial-of-service (DoS) vulnerability has been identified in Tapo C2 ...)
@@ -251,11 +251,11 @@ CVE-2026-11877 (An unauthorized user can modify configuration through API calls
CVE-2026-10745 (Improper output neutralization for logs vulnerability in upKeeper Solu ...)
NOT-FOR-US: upKeeper Solutions
CVE-2025-71361 (picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Cal ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71354 (picklescan before 0.0.29 fails to detect malicious pickle files that e ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71332 (Flowise through 2.2.7 contains a SQL injection vulnerability in the im ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-53127 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 7.0.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
@@ -1992,7 +1992,7 @@ CVE-2026-10711 (Missing authentication for critical function vulnerability in AK
CVE-2026-10609 (A missing authorization flaw was found in the OpenShift Cluster Loggin ...)
NOT-FOR-US: OpenShift
CVE-2026-10521 (An high privileged remote attacker can access a hidden configuration m ...)
- TODO: check
+ NOT-FOR-US: MB connect
CVE-2026-0864 (When using the "configparser" module to write configuration files cont ...)
TODO: check
CVE-2025-71382 (MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerabili ...)
@@ -2564,7 +2564,7 @@ CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC v
CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Pro ...)
NOT-FOR-US: IBM
CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions prior t ...)
- TODO: check
+ NOT-FOR-US: Aruba ArubaSign
CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation vulnerabilit ...)
NOT-FOR-US: Digiwin
CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting v ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c4adeb6e8ad5a075f62f717d84da836c2924e93
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c4adeb6e8ad5a075f62f717d84da836c2924e93
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/09806628/attachment.htm>
More information about the debian-security-tracker-commits
mailing list