[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 11 05:46:51 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0154488d by Salvatore Bonaccorso at 2026-03-11T06:44:57+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58,7 +58,7 @@ CVE-2026-30979 (iccDEV provides a set of libraries and tools for working with IC
 CVE-2026-30978 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
 	NOT-FOR-US: iccDEV
 CVE-2026-30977 (RenderBlocking is a MediaWiki extension that allows interface administ ...)
-	TODO: check
+	NOT-FOR-US: RenderBlocking MediaWiki extension
 CVE-2026-30974 (Copyparty is a portable file server. Prior to v1.20.11., the nohtml co ...)
 	NOT-FOR-US: Copyparty
 CVE-2026-30973 (Appium is an automation framework that provides WebDriver-based automa ...)
@@ -70,9 +70,9 @@ CVE-2026-30969 (Coral Server is open collaboration infrastructure that enables c
 CVE-2026-30968 (Coral Server is open collaboration infrastructure that enables communi ...)
 	NOT-FOR-US: Coral Server
 CVE-2026-30964 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...)
-	TODO: check
+	NOT-FOR-US: web-auth/webauthn-lib PHP libraries and Symfony bundle
 CVE-2026-30960 (rssn is a scientific computing library for Rust, combining a high-perf ...)
-	TODO: check
+	NOT-FOR-US: rssn Rust library
 CVE-2026-30959 (OneUptime is a solution for monitoring and managing online services. T ...)
 	NOT-FOR-US: OneUptime
 CVE-2026-30958 (OneUptime is a solution for monitoring and managing online services. P ...)
@@ -104,9 +104,9 @@ CVE-2026-30928 (Glances is an open-source system cross-platform monitoring tool.
 CVE-2026-30897 (A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 ...)
 	NOT-FOR-US: Fortinet
 CVE-2026-2742 (An authentication bypass vulnerability exists in Vaadin 14.0.0 through ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2026-2741 (Specially crafted ZIP archives can escape the intended extraction dire ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2026-2724 (The Unlimited Elements for Elementor plugin for WordPress is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2713 (IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could ...)
@@ -134,11 +134,11 @@ CVE-2026-29113 (Craft is a content management system (CMS). Prior to 4.17.4 and
 CVE-2026-28495 (GetSimple CMS is a content management system. The massiveAdmin plugin  ...)
 	NOT-FOR-US: GetSimple CMS
 CVE-2026-28292 (`simple-git`, an interface for running git commands in any node.js app ...)
-	TODO: check
+	NOT-FOR-US: Node simple-git
 CVE-2026-27826 (MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian p ...)
-	TODO: check
+	NOT-FOR-US: MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira)
 CVE-2026-27825 (MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian p ...)
-	TODO: check
+	NOT-FOR-US: MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira)
 CVE-2026-27661 (A vulnerability has been identified in SINEC Security Monitor (All ver ...)
 	NOT-FOR-US: Siemens
 CVE-2026-27281 (DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Ove ...)
@@ -172,73 +172,73 @@ CVE-2026-27215 (Substance3D - Painter versions 11.1.2 and earlier are affected b
 CVE-2026-27214 (Substance3D - Painter versions 11.1.2 and earlier are affected by a NU ...)
 	NOT-FOR-US: Adobe
 CVE-2026-26801 (Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0 ...)
-	TODO: check
+	NOT-FOR-US: pdfmake
 CVE-2026-26742 (PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mech ...)
-	TODO: check
+	NOT-FOR-US: PX4 Autopilot
 CVE-2026-26741 (PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in t ...)
-	TODO: check
+	NOT-FOR-US: PX4 Autopilot
 CVE-2026-26738 (Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5. ...)
-	TODO: check
+	NOT-FOR-US: Uderzo Software SpaceSniffer
 CVE-2026-26330 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
-	TODO: check
+	- envoyproxy <itp> (bug #987544)
 CVE-2026-26311 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
-	TODO: check
+	- envoyproxy <itp> (bug #987544)
 CVE-2026-26310 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
-	TODO: check
+	- envoyproxy <itp> (bug #987544)
 CVE-2026-26309 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
-	TODO: check
+	- envoyproxy <itp> (bug #987544)
 CVE-2026-26308 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
-	TODO: check
+	- envoyproxy <itp> (bug #987544)
 CVE-2026-26148 (External initialization of trusted variables or data stores in Azure E ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26144 (Improper neutralization of input during web page generation ('cross-si ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-26141 (Improper authentication in Azure Arc allows an authorized attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26134 (Integer overflow or wraparound in Microsoft Office allows an authorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26132 (Use after free in Windows Kernel allows an authorized attacker to elev ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26131 (Incorrect default permissions in .NET allows an authorized attacker to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26130 (Allocation of resources without limits or throttling in ASP.NET Core a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26128 (Improper authentication in Windows SMB Server allows an authorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26127 (Out-of-bounds read in .NET allows an unauthorized attacker to deny ser ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26123 (Cwe is not in rca categories in Microsoft Authenticator allows an unau ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26121 (Server-side request forgery (ssrf) in Azure IoT Explorer allows an una ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26118 (Server-side request forgery (ssrf) in Azure MCP Server allows an autho ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26117 (Authentication bypass using an alternate path or channel in Azure Wind ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26116 (Improper neutralization of special elements used in an sql command ('s ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26115 (Improper validation of specified type of input in SQL Server allows an ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26114 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26113 (Untrusted pointer dereference in Microsoft Office allows an unauthoriz ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26112 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26111 (Integer overflow or wraparound in Windows Routing and Remote Access Se ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26110 (Access of resource using incompatible type ('type confusion') in Micro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26109 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26108 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26107 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26106 (Improper input validation in Microsoft Office SharePoint allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26105 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25972 (An improper neutralization of input during web page generation ('cross ...)
 	NOT-FOR-US: Fortinet
 CVE-2026-25836 (An improper neutralization of special elements used in an os command ( ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0154488dc153e3179ca475eeee2899f12354451f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0154488dc153e3179ca475eeee2899f12354451f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/2070449b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list