[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Mar 12 13:54:10 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6c956ee by Moritz Muehlenhoff at 2026-03-12T14:53:44+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,10 @@ CVE-2026-3981 (A vulnerability was found in itsourcecode Online Doctor Appointme
 CVE-2026-3980 (A vulnerability has been found in itsourcecode Online Doctor Appointme ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-3979 (A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects ...)
-	TODO: check
+	NOT-FOR-US: quickjs-ng
+	NOTE: Doesn't affect src:quickjs
+	NOTE: https://github.com/quickjs-ng/quickjs/issues/1368
+	NOTE: https://github.com/quickjs-ng/quickjs/pull/1370
 CVE-2026-3978 (A vulnerability was detected in D-Link DIR-513 1.10. The impacted elem ...)
 	NOT-FOR-US: D-Link
 CVE-2026-3977 (A security vulnerability has been detected in projectsend up to r1945. ...)
@@ -200,7 +203,7 @@ CVE-2026-32121 (OpenEMR is a free and open source electronic health records and
 CVE-2026-32118 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2026-32117 (The grafanacubism-panel plugin allows use of cubism.js in Grafana. In  ...)
-	TODO: check
+	NOT-FOR-US: Grafana plugin
 CVE-2026-32112 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAut ...)
 	NOT-FOR-US: ha-mcp
 CVE-2026-32111 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAut ...)
@@ -224,7 +227,8 @@ CVE-2026-32101 (StudioCMS is a server-side-rendered, Astro native, headless cont
 CVE-2026-31988 (yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contai ...)
 	TODO: check
 CVE-2026-2808 (HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22. ...)
-	TODO: check
+	- consul <removed>
+	[bullseye] - consul <end-of-life> (bug #1057418)
 CVE-2026-2687 (The Reading progressbar WordPress plugin before 1.3.1 does not sanitis ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2640 (During an internal security assessment, a potential vulnerability was  ...)
@@ -232,7 +236,7 @@ CVE-2026-2640 (During an internal security assessment, a potential vulnerability
 CVE-2026-2368 (An improper certificate validation vulnerability was reported in the L ...)
 	NOT-FOR-US: Lenovo
 CVE-2026-27591 (Winter is a free, open-source content management system (CMS) based on ...)
-	TODO: check
+	NOT-FOR-US: Winter CMS
 CVE-2026-1878 (An Insufficient Integrity Verification vulnerability in the ASUS ROG p ...)
 	NOT-FOR-US: ASUS
 CVE-2026-1717 (An input validation vulnerability was reported in the LenovoProductivi ...)
@@ -254,11 +258,11 @@ CVE-2026-0940 (A potential improper initialization vulnerability was reported in
 CVE-2026-0520 (A potential vulnerability was reported in the Lenovo FileZ Android app ...)
 	NOT-FOR-US: Lenovo
 CVE-2025-70041 (An issue pertaining to CWE-259: Use of Hard-coded Password was discove ...)
-	TODO: check
+	NOT-FOR-US: ThermaKube
 CVE-2025-70024 (An issue pertaining to CWE-89: Improper Neutralization of Special Elem ...)
-	TODO: check
+	NOT-FOR-US: generatedata
 CVE-2025-66956 (Insecure Access Control in Contact Plan, E-Mail, SMS and Fax component ...)
-	TODO: check
+	NOT-FOR-US: Asseco SEE Live
 CVE-2025-62328 (HCL Nomad server on Domino did not configure the frame-ancestors direc ...)
 	NOT-FOR-US: HCL
 CVE-2025-59388 (A use of hard-coded password vulnerability has been reported to affect ...)
@@ -420,7 +424,7 @@ CVE-2026-31840 (Parse Server is an open source backend that can be deployed to a
 CVE-2026-31839 (Striae is a firearms examiner's comparison companion. A high-severity  ...)
 	NOT-FOR-US: STriae
 CVE-2026-31813 (Supabase Auth is a JWT based API for managing users and issuing JWT to ...)
-	TODO: check
+	NOT-FOR-US: Supabase
 CVE-2026-30903 (External Control of File Name or Path in the Mail feature of Zoom Work ...)
 	NOT-FOR-US: Zoom
 CVE-2026-30902 (Improper Privilege Management in certain Zoom Clients for Windows may  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6c956ee8d40b56bd2225e7373c7033a7137f58b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6c956ee8d40b56bd2225e7373c7033a7137f58b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260312/e57a9235/attachment.htm>

More information about the debian-security-tracker-commits mailing list