[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 4 22:03:32 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f7891b9 by Salvatore Bonaccorso at 2026-03-04T23:03:07+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2026-3520 (Multer is a node.js middleware for handling `multipart/form-data`
 CVE-2026-3439 (A post-authentication Stack-based Buffer Overflow vulnerability in Son ...)
 	NOT-FOR-US: SonicWall
 CVE-2026-3125 (A Server-Side Request Forgery (SSRF) vulnerability was identified in t ...)
-	TODO: check
+	NOT-FOR-US: opennextjs/cloudflare package
 CVE-2026-3103 (A logic error in the remove_password() function in Checkmk GmbH's Chec ...)
 	- check-mk <removed>
 CVE-2026-3094 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
@@ -43,11 +43,11 @@ CVE-2026-3058 (The Seraphinite Accelerator plugin for WordPress is vulnerable to
 CVE-2026-3056 (The Seraphinite Accelerator plugin for WordPress is vulnerable to unau ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2748 (SEPPmail Secure Email Gateway before version 15.0.1 improperly validat ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-2747 (SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PG ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-2746 (SEPPmail Secure Email Gateway before version 15.0.1 does not properly  ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-2355 (The My Calendar \u2013 Accessible Event Manager plugin for WordPress i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29120 (The /root/anaconda-ks.cfg installation configuration file in Internati ...)
@@ -79,15 +79,15 @@ CVE-2026-28427 (OpenDeck is Linux software for your Elgato Stream Deck. Prior to
 CVE-2026-27446 (Missing Authentication for Critical Function (CWE-306) vulnerability i ...)
 	TODO: check
 CVE-2026-27445 (SEPPmail Secure Email Gateway before version 15.0.1 does not properly  ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-27444 (SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interp ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-27443 (SEPPmail Secure Email Gateway before version 15.0.1 does not properly  ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-27442 (The GINA web interface in SEPPmail Secure Email Gateway before version ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-27441 (SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neu ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-26949 (Dell Device Management Agent (DDMA), versions prior to 26.02, contain  ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-26673 (An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.050 ...)
@@ -95,7 +95,7 @@ CVE-2026-26673 (An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.
 CVE-2026-26514 (An Argument Injection vulnerability exists in bird-lg-go before commit ...)
 	TODO: check
 CVE-2026-26478 (A shell command injection vulnerability in Mobvoi Tichome Mini smart s ...)
-	TODO: check
+	NOT-FOR-US: Mobvoi Tichome Mini smart speaker
 CVE-2026-25907 (Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictiv ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-24732 (Files or Directories Accessible to External Parties, Incorrect Permiss ...)
@@ -241,7 +241,7 @@ CVE-2026-0847 (A vulnerability in NLTK versions up to and including 3.9.2 allows
 CVE-2025-70342 (erase-install prior to v40.4 commit 2c31239 writes swiftDialog credent ...)
 	TODO: check
 CVE-2025-70341 (Insecure permissions in App-Auto-Patch v3.4.2 create a race condition  ...)
-	TODO: check
+	NOT-FOR-US: App-Auto-Patch
 CVE-2025-70226 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
 	NOT-FOR-US: D-Link
 CVE-2025-70223 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
@@ -410,19 +410,19 @@ CVE-2026-27622 (OpenEXR provides the specification and reference implementation
 CVE-2026-27601 (Underscore.js is a utility-belt library for JavaScript. Prior to 1.13. ...)
 	TODO: check
 CVE-2026-27600 (HomeBox is a home inventory and organization system. Prior to 0.24.0-r ...)
-	TODO: check
+	NOT-FOR-US: HomeBox
 CVE-2026-27012 (OpenSTAManager is an open source management software for technical ass ...)
-	TODO: check
+	NOT-FOR-US: OpenSTAManager
 CVE-2026-26279 (Froxlor is open source server administration software. Prior to 2.3.4, ...)
 	TODO: check
 CVE-2026-26272 (HomeBox is a home inventory and organization system. Prior to 0.24.0-r ...)
-	TODO: check
+	NOT-FOR-US: HomeBox
 CVE-2026-26266 (AliasVault is a privacy-first password manager with built-in email ali ...)
-	TODO: check
+	NOT-FOR-US: AliasVault
 CVE-2026-25906 (Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Reso ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-25590 (The GLPI Inventory Plugin handles network discovery, inventory, softwa ...)
-	TODO: check
+	NOT-FOR-US: GLPI Inventory Plugin
 CVE-2026-25146 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2026-24898 (OpenEMR is a free and open source electronic health records and medica ...)
@@ -432,15 +432,15 @@ CVE-2026-24848 (OpenEMR is a free and open source electronic health records and
 CVE-2026-24502 (Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contai ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-24415 (OpenSTAManager is an open source management software for technical ass ...)
-	TODO: check
+	NOT-FOR-US: OpenSTAManager
 CVE-2026-21866 (Dify is an open-source LLM app development platform. Prior to 1.11.2,  ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2026-1980 (The WPBookit plugin for WordPress is vulnerable to unauthorized data d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1945 (The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1775 (The Labkotec LID-3300IP has an existing vulnerability in the ice detec ...)
-	TODO: check
+	NOT-FOR-US: Labkotec LID-3300IP
 CVE-2026-1713 (IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3 ...)
 	NOT-FOR-US: IBM
 CVE-2026-1651 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f7891b942511425c47fe0b40b5a38b190b36d0c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f7891b942511425c47fe0b40b5a38b190b36d0c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260304/782df635/attachment.htm>

More information about the debian-security-tracker-commits mailing list