[Git][security-tracker-team/security-tracker][master] Process some CVEs associated with RustDesk products

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f911279b by Salvatore Bonaccorso at 2026-03-05T22:53:06+01:00
Process some CVEs associated with RustDesk products

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-3598 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in rust ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Server Pro (not same as src:rustdesk, itp'ed #1038942)
 CVE-2026-3459 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin for Wor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3236 (In affected versions of Octopus Server it was possible to create a new ...)
@@ -9,31 +9,31 @@ CVE-2026-3047 (A flaw was found in org.keycloak.broker.saml. When a disabled Sec
 CVE-2026-3009 (A security flaw in the IdentityBrokerService.performLogin endpoint of  ...)
 	TODO: check
 CVE-2026-30798 (Insufficient Verification of Data Authenticity, Improper Handling of E ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30797 (Missing Authorization vulnerability in rustdesk-client RustDesk Client ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30796 (Cleartext Transmission of Sensitive Information vulnerability in rustd ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Server Pro (not same as src:rustdesk, itp'ed #1038942)
 CVE-2026-30795 (Cleartext Transmission of Sensitive Information vulnerability in rustd ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30794 (Improper Certificate Validation vulnerability in rustdesk-client RustD ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30793 (Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client Rus ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30792 (A vulnerability in rustdesk-client RustDesk Client rustdesk-client on  ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30791 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in rust ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30790 (Improper Restriction of Excessive Authentication Attempts, Use of Pass ...)
-	TODO: check
+	- rustdesk <itp> (bug #1038942)
 CVE-2026-30789 (Authentication Bypass by Capture-replay, Use of Password Hash With Ins ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30785 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-30784 (Missing Authorization, Missing Authentication for Critical Function vu ...)
-	TODO: check
+	- rustdesk <itp> (bug #1038942)
 CVE-2026-30783 (A vulnerability in rustdesk-client RustDesk Client rustdesk-client on  ...)
-	TODO: check
+	NOT-FOR-US: RustDesk Client
 CVE-2026-2599 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29054 (Traefik is an HTTP reverse proxy and load balancer. From version 2.11. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f911279b92fdd479e74000efdad8c1e8e0b2a837

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f911279b92fdd479e74000efdad8c1e8e0b2a837
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260305/659f7295/attachment.htm>