[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Mar 10 16:20:03 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64955119 by Salvatore Bonaccorso at 2026-03-10T17:19:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,9 +97,9 @@ CVE-2026-30918 (facileManager is a modular suite of web apps built with the sysa
 CVE-2026-30917 (Bucket is a MediaWiki extension to store and retrieve structured data  ...)
 	NOT-FOR-US: Bucket MediaWiki extensiom
 CVE-2026-30916 (Shescape is a simple shell escape library for JavaScript. Prior to 2.1 ...)
-	TODO: check
+	NOT-FOR-US: Shescape
 CVE-2026-30913 (Flarum is open-source forum software. When the flarum/nicknames extens ...)
-	TODO: check
+	NOT-FOR-US: Flarum
 CVE-2026-30887 (OneUptime is a solution for monitoring and managing online services. P ...)
 	NOT-FOR-US: OneUptime
 CVE-2026-30885 (WWBN AVideo is an open source video platform. Prior to 25.0, the /obje ...)
@@ -157,9 +157,9 @@ CVE-2026-28686 (ImageMagick is free and open-source software used for editing an
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d622bd6023310d57cec1e8f265095a1979210371 (7.1.2-16)
 CVE-2026-28513 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
-	TODO: check
+	NOT-FOR-US: Pocket ID OIDC provider
 CVE-2026-28512 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
-	TODO: check
+	NOT-FOR-US: Pocket ID OIDC provider
 CVE-2026-28494 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm
@@ -169,15 +169,15 @@ CVE-2026-28493 (ImageMagick is free and open-source software used for editing an
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2
 CVE-2026-28433 (Misskey is an open source, federated social media platform. All Misske ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2026-28432 (Misskey is an open source, federated social media platform. All Misske ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2026-28431 (Misskey is an open source, federated social media platform. All Misske ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2026-28281 (InstantCMS is a free and open source content management system. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Instant CMS
 CVE-2026-28267 (Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with ...)
-	TODO: check
+	NOT-FOR-US: Digital Arts
 CVE-2026-27689 (Due to an uncontrolled resource consumption (Denial of Service) vulner ...)
 	NOT-FOR-US: SAP
 CVE-2026-27688 (Due to a missing authorization check in SAP NetWeaver Application Serv ...)
@@ -195,9 +195,9 @@ CVE-2026-26982 (Ghostty is a cross-platform terminal emulator. Ghostty allows co
 CVE-2026-25960 (vLLM is an inference and serving engine for large language models (LLM ...)
 	TODO: check
 CVE-2026-25737 (Budibase is a low code platform for creating internal tools, workflows ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-25045 (Budibase is a low code platform for creating internal tools, workflows ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-24317 (SAP GUI for Windows allows DLL files to be loaded from arbitrary direc ...)
 	NOT-FOR-US: SAP
 CVE-2026-24316 (SAP NetWeaver Application Server for ABAP provides an ABAP Report for  ...)
@@ -215,7 +215,7 @@ CVE-2026-1920 (The Booking Calendar for Appointments and Service Businesses \u20
 CVE-2026-1919 (The Booking Calendar for Appointments and Service Businesses \u2013 Bo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1776 (Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e,  ...)
-	TODO: check
+	NOT-FOR-US: Camaleon CMS
 CVE-2026-1508 (The Court Reservation  WordPress plugin before 1.10.9 does not have CS ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0953 (The Tutor LMS Pro plugin for WordPress is vulnerable to authentication ...)
@@ -223,9 +223,9 @@ CVE-2026-0953 (The Tutor LMS Pro plugin for WordPress is vulnerable to authentic
 CVE-2026-0489 (Due to insufficient validation of user-controlled input in the URLs qu ...)
 	NOT-FOR-US: SAP
 CVE-2025-70973 (ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assi ...)
-	TODO: check
+	NOT-FOR-US: ScadaBR
 CVE-2025-70028 (An issue pertaining to CWE-22: Improper Limitation of a Pathname to a  ...)
-	TODO: check
+	NOT-FOR-US: Sunbird-Ed SunbirdEd-portal
 CVE-2025-36173 (Affected Product(s)Version(s)InfoSphere Data Architect9.2.1)
 	NOT-FOR-US: IBM
 CVE-2025-36105 (IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1 ...)
@@ -233,7 +233,7 @@ CVE-2025-36105 (IBM Planning Analytics Advanced Certified Containers 3.1.0 throu
 CVE-2025-2399 (Improper Validation of Specified Index, Position, or Offset in Input v ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2025-15603 (A security vulnerability has been detected in open-webui up to 0.6.16. ...)
-	TODO: check
+	NOT-FOR-US: open-webui
 CVE-2025-11158 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
 	NOT-FOR-US: Hitachi Vantana
 CVE-2026-3288 (A security issue was discovered in ingress-nginx where the `nginx.ingr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/649551194a6de2f00d1aa57627e4a0089dbc32b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/649551194a6de2f00d1aa57627e4a0089dbc32b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260310/18946373/attachment.htm>
