[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 4 08:42:52 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f6ff3d9 by Salvatore Bonaccorso at 2026-03-04T09:42:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,17 +5,17 @@ CVE-2026-3486 (A vulnerability has been found in itsourcecode College Management
 CVE-2026-3485 (A flaw has been found in D-Link DIR-868L 110b03. This affects the func ...)
 	NOT-FOR-US: D-Link
 CVE-2026-3452 (Concrete CMS below version 9.4.8 is vulnerable toRemote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2026-3266 (Missing Authorization vulnerability in OpenText\u2122 Filr allows Auth ...)
 	NOT-FOR-US: OpenText
 CVE-2026-3244 (In Concrete CMS below version 9.4.8, A stored cross-site scripting (XS ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2026-3242 (In Concrete CMS below version 9.4.8, a rogue administrator can add sto ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2026-3241 (In Concrete CMS below version 9.4.8, astored cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2026-3240 (In Concrete CMS below version 9.4.8, auser with permission to edit a p ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2026-3224 (Authentication bypass in the Microsoft Entra ID (Azure AD) authenticat ...)
 	NOT-FOR-US: Devolutions
 CVE-2026-3204 (Improper  input validation in the error message page in Devolutions Se ...)
@@ -25,7 +25,7 @@ CVE-2026-3130 (Improper Enforcement of Behavioral Controls inDevolutions Server
 CVE-2026-3076
 	REJECTED
 CVE-2026-2994 (Concrete CMS below version 9.4.8 is subject toCSRF by a Rogue Administ ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2026-2732 (The Enable Media Replace plugin for WordPress is vulnerable to unautho ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2590 (Improper  enforcement of the Disable password saving in vaults setting ...)
@@ -39,25 +39,25 @@ CVE-2026-2289 (The Taskbuilder plugin for WordPress is vulnerable to Stored Cros
 CVE-2026-2025 (The Mail Mint  WordPress plugin before 1.19.5 does not have authorizat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-28778 (International Datacasting Corporation (IDC) SFX Series SuperFlex Satel ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28777 (International Datacasting Corporation (IDC)   SFX2100 Satellite Receiv ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX2100 Satellite Receiver
 CVE-2026-28776 (International Datacasting Corporation (IDC) SFX Series SuperFlex Satel ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28775 (An unauthenticated Remote Code Execution (RCE) vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28774 (An OS Command Injection vulnerability exists in the web-based Tracerou ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28773 (The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in Internat ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28772 (A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Loggi ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28771 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /in ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28770 (Improper neutralization of special elements in the /IDC_Logging/checki ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28769 (A path traversal vulnerability exists in the /IDC_Logging/checkifdone. ...)
-	TODO: check
+	NOT-FOR-US: International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver
 CVE-2026-28289 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
 	TODO: check
 CVE-2026-27981 (HomeBox is a home inventory and organization system. Prior to 0.24.0,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6ff3d98164d033eaf9149b6f1d49c3e2ce9937

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6ff3d98164d033eaf9149b6f1d49c3e2ce9937
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260304/07bc9c6d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list