[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 17 21:31:16 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46de1a49 by Salvatore Bonaccorso at 2026-03-17T22:30:47+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,7 +6,7 @@ CVE-2026-4358 (A specially crafted aggregation query with $lookup by an authenti
 	- mongodb <removed>
 	NOTE: https://jira.mongodb.org/browse/SERVER-118849
 CVE-2026-4324 (A flaw was found in the Katello plugin for Red Hat Satellite. This vul ...)
-	TODO: check
+	NOT-FOR-US: Katello plugin for Red Hat Satellite
 CVE-2026-4319 (A vulnerability was identified in code-projects Simple Food Order Syst ...)
 	NOT-FOR-US: code-projects
 CVE-2026-4318 (A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. A ...)
@@ -32,13 +32,13 @@ CVE-2026-3888 (Local privilege escalation in snapd on Linux allows local attacke
 	[bookworm] - snapd <no-dsa> (Minor issue; no automatic tmpfiles.d cleanup)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/03/17/8
 CVE-2026-3564 (A condition in ScreenConnect may allow an actor with access to server- ...)
-	TODO: check
+	NOT-FOR-US: ScreenConnect
 CVE-2026-3563 (Improper input validation in the apps and endpoints configuration in P ...)
 	NOT-FOR-US: Devolutions
 CVE-2026-3207 (Configuration issuein Java Management Extensions (JMX) in TIBCO BPM En ...)
 	NOT-FOR-US: TIBCO
 CVE-2026-32981 (A path traversal vulnerability was identified in Ray Dashboard (defaul ...)
-	TODO: check
+	NOT-FOR-US: Ray Dashboard
 CVE-2026-32837 (miniaudio version 0.11.25 and earlier contain a heap out-of-bounds rea ...)
 	TODO: check
 CVE-2026-32836 (dr_libs version 0.13.3 and earlier contain an uncontrolled memory allo ...)
@@ -46,33 +46,33 @@ CVE-2026-32836 (dr_libs version 0.13.3 and earlier contain an uncontrolled memor
 CVE-2026-32586 (Missing Authorization vulnerability in Pluggabl Booster for WooCommerc ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-32298 (The Angeet ES3 KVM does not properly sanitize user-supplied variables  ...)
-	TODO: check
+	NOT-FOR-US: Angeet ES3 KVM
 CVE-2026-32297 (The Angeet ES3 KVM allows a remote, unauthenticated attacker to write  ...)
-	TODO: check
+	NOT-FOR-US: Angeet ES3 KVM
 CVE-2026-32296 (Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint wit ...)
-	TODO: check
+	NOT-FOR-US: Sipeed NanoKVM
 CVE-2026-32295 (JetKVM before 0.5.4 does not rate limit login requests, enabling brute ...)
-	TODO: check
+	NOT-FOR-US: JetKVM
 CVE-2026-32294 (JetKVM prior to 0.5.4 does not verify the authenticity of downloaded f ...)
-	TODO: check
+	NOT-FOR-US: JetKVM
 CVE-2026-32293 (The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot- ...)
-	TODO: check
+	NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
 CVE-2026-32292 (The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requ ...)
-	TODO: check
+	NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
 CVE-2026-32291 (The GL-iNet Comet (GL-RM1) KVM does not require authentication on the  ...)
-	TODO: check
+	NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
 CVE-2026-32290 (The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authen ...)
-	TODO: check
+	NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
 CVE-2026-30911 (Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vuln ...)
 	TODO: check
 CVE-2026-30707 (An issue was discovered in SpeedExam Online Examination System (SaaS)  ...)
-	TODO: check
+	NOT-FOR-US: SpeedExam Online Examination System (SaaS)
 CVE-2026-28779 (Apache Airflow versions 3.1.0 through 3.1.7session token (_token) in c ...)
 	TODO: check
 CVE-2026-28563 (Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint  ...)
 	TODO: check
 CVE-2026-28506 (Outline is a service that allows for collaborative documentation. Prio ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2026-26929 (Apache Airflow versions 3.0.0 through 3.1.7FastAPI DagVersion listing  ...)
 	TODO: check
 CVE-2026-25936 (GLPI is a free Asset and IT management software package. Starting in v ...)
@@ -187,7 +187,7 @@ CVE-2026-2454 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <
 CVE-2026-2373 (The Royal Addons for Elementor \u2013 Addons and Templates Kit for Ele ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29522 (ZwickRoell Test Data Management versions prior to3.0.8 contain a local ...)
-	TODO: check
+	NOT-FOR-US: ZwickRoell Test Data Management
 CVE-2026-26230 (Mattermost versions 10.11.x <= 10.11.10 fail to properly validate perm ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-21991 (A DTrace component, dtprobed, allows arbitrary file creation through c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46de1a491a56a5b6bc0d501ec7780dbd1f8a9207

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46de1a491a56a5b6bc0d501ec7780dbd1f8a9207
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260317/9da26b31/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list