[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 30 20:57:26 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b104b25 by Salvatore Bonaccorso at 2026-06-30T21:56:49+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,27 +7,27 @@ CVE-2026-8864 (The HP Fan Control App might allow local escalation of privileges
 CVE-2026-8655 (Multiple Memory overflow vulnerabilities inNetScaler ADC and NetScaler ...)
 	TODO: check
 CVE-2026-8452 (Memory overflow vulnerabilityNetScaler ADC and NetScaler Gatewayleadin ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2026-8451 (Insufficient input validation inNetScaler ADC and NetScaler Gatewaylea ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2026-8403 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: SYSGUARD 6001
 CVE-2026-8402 (Improper neutralization of special elements used in an SQL command ('S ...)
-	TODO: check
+	NOT-FOR-US: SYSGUARD 6001
 CVE-2026-8141 (The Ajax Load More - Filters plugin for WordPress is vulnerable to Sto ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6954 (Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl  ...)
-	TODO: check
+	NOT-FOR-US: Intermark IT's WebControl CMS
 CVE-2026-6953 (HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. Th ...)
-	TODO: check
+	NOT-FOR-US: Intermark IT's WebControl CMS
 CVE-2026-6556 (@fastify/express versions 4.0.6 and earlier only rewrite the plugin pr ...)
-	TODO: check
+	NOT-FOR-US: fastify/express
 CVE-2026-58377 (JeecgBoot through 3.9.2 contains a broken access control vulnerability ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2026-58376 (Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injec ...)
 	NOT-FOR-US: Dolibarr
 CVE-2026-58375 (JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoi ...)
-	TODO: check
+	NOT-FOR-US: JimuReport
 CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEE ...)
 	TODO: check
 CVE-2026-58373 (CVAT before 2.69.0 contains an improper authorization vulnerability in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b104b2500f2464bc97bd419b204b32f1f9b48e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b104b2500f2464bc97bd419b204b32f1f9b48e4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/29980668/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list