[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 26 20:30:19 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a760bc2c by Salvatore Bonaccorso at 2026-06-26T21:29:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-9699 (Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sa ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Plugins
 CVE-2026-9640 (A privilege escalation vulnerability exists in LXD from 6.0 before 6.9 ...)
 	TODO: check
 CVE-2026-9639 (Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to v ...)
@@ -9,7 +9,7 @@ CVE-2026-6658 (A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows fo
 CVE-2026-5757 (Unauthenticated remote information disclosure vulnerability in Ollama' ...)
 	TODO: check
 CVE-2026-57940 (HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: HTMLy
 CVE-2026-57926 (In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vu ...)
 	NOT-FOR-US: JetBrains
 CVE-2026-57925 (In JetBrains YouTrack before 2026.2.16593 improper access control allo ...)
@@ -23,7 +23,7 @@ CVE-2026-57922 (In JetBrains YouTrack before 2026.2.16593 project settings discl
 CVE-2026-57921 (In JetBrains YouTrack before 2026.2.16593 improper access control allo ...)
 	NOT-FOR-US: JetBrains
 CVE-2026-57920 (Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a s ...)
-	TODO: check
+	NOT-FOR-US: Peplink InControl
 CVE-2026-57918 (libnfs through 6.0.2 before 935b8db has an xid integer underflow in RE ...)
 	TODO: check
 CVE-2026-57915 (It is possible to bypass the Kerberos pre-authentication check in Apac ...)
@@ -31,29 +31,29 @@ CVE-2026-57915 (It is possible to bypass the Kerberos pre-authentication check i
 CVE-2026-57914 (By sending a deeply nested ASN1 structure to a Apache Kerby client or  ...)
 	TODO: check
 CVE-2026-57913 (Johnson & Johnson Audit Tracking Management System (ATMS) before 2026- ...)
-	TODO: check
+	NOT-FOR-US: Johnson & Johnson Audit Tracking Management System (ATMS)
 CVE-2026-57912 (Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing o ...)
-	TODO: check
+	NOT-FOR-US: Johnson & Johnson
 CVE-2026-57881 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57880 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57879 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57878 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57877 (An unauthenticated format string vulnerability exists in vlsvr in GeoV ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57876 (An unauthenticated out-of-bounds write vulnerability exists in onvif.c ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57875 (An unauthenticated NULL pointer dereference vulnerability exists in th ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57874 (An unauthenticated buffer overflow vulnerability exists in IEEE8021x_u ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57873 (An unauthenticated NULL pointer dereference vulnerability exists in IE ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57872 (An unauthenticated directory traversal vulnerability exists in get_fco ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-57667 (Sales Representative SQL Injection in Groundhogg <= 4.5 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57665 (Unauthenticated Insecure Direct Object References (IDOR) in GravityVie ...)
@@ -143,9 +143,9 @@ CVE-2026-57617 (Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5
 CVE-2026-57527 (Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an i ...)
 	TODO: check
 CVE-2026-57518 (Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that  ...)
-	TODO: check
+	NOT-FOR-US: Pagekit CMS
 CVE-2026-57473 (A vulnerability exists in the netclient and factory services of Reolin ...)
-	TODO: check
+	NOT-FOR-US: Reolink Home Hub
 CVE-2026-57431 (Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57430 (Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a760bc2cb5790a0f778039edf28e02ff6a725c2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a760bc2cb5790a0f778039edf28e02ff6a725c2b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260626/a2243285/attachment.htm>


More information about the debian-security-tracker-commits mailing list