[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 24 20:08:18 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34b87ab3 by Salvatore Bonaccorso at 2026-03-24T21:07:46+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -234,9 +234,9 @@ CVE-2026-4745 (Improper Control of Generation of Code ('Code Injection') vulnera
 CVE-2026-4744 (Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oni ...)
 	NOT-FOR-US: rizonesoft Notepad3
 CVE-2026-4743 (NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils ...)
-	TODO: check
+	NOT-FOR-US: taurusxin ncmdump
 CVE-2026-4742 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response S ...)
-	TODO: check
+	NOT-FOR-US: visualfc liteide
 CVE-2026-4741 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: TeamJCD JoyConDroid
 CVE-2026-4739 (Integer Overflow or Wraparound vulnerability in InsightSoftwareConsort ...)
@@ -250,13 +250,13 @@ CVE-2026-4736 (Improper Handling of Values vulnerability in No-Chicken Echo-Mate
 CVE-2026-4735 (Deserialization of Untrusted Data vulnerability in DTStack chunjun (ch ...)
 	NOT-FOR-US: DTStack chunjun
 CVE-2026-4734 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: yoyofr modizer
 CVE-2026-4733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: ixray-team ixray-1.6-stcop
 CVE-2026-4732 (Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndf ...)
-	TODO: check
+	NOT-FOR-US: tildearrow furnace
 CVE-2026-4731 (Integer Overflow or Wraparound vulnerability in artraweditor ART (rten ...)
-	TODO: check
+	NOT-FOR-US: artraweditor ART
 CVE-2026-4681 (A critical remote code execution (RCE) vulnerability has been reported ...)
 	NOT-FOR-US: PTC Windchill and PTC FlexPLM
 CVE-2026-4662 (The JetEngine plugin for WordPress is vulnerable to SQL Injection via  ...)
@@ -294,7 +294,7 @@ CVE-2026-4611 (A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9
 CVE-2026-4597 (A security flaw has been discovered in 648540858 wvp-GB28181-pro up to ...)
 	NOT-FOR-US: 648540858 wvp-GB28181-pro
 CVE-2026-4368 (Race Condition inNetScaler ADC and NetScaler Gateway when appliance is ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2026-4306 (The WP Job Portal plugin for WordPress is vulnerable to SQL Injection  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4283 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauth ...)
@@ -322,25 +322,25 @@ CVE-2026-3079 (The LearnDash LMS plugin for WordPress is vulnerable to blind tim
 CVE-2026-3055 (Insufficient input validation inNetScaler ADC and NetScaler Gateway wh ...)
 	TODO: check
 CVE-2026-33856 (Missing Release of Memory after Effective Lifetime vulnerability in Mo ...)
-	TODO: check
+	NOT-FOR-US: MolotovCherry Android-ImageMagick7
 CVE-2026-33855 (Integer Overflow or Wraparound vulnerability in MolotovCherry Android- ...)
-	TODO: check
+	NOT-FOR-US: MolotovCherry Android-ImageMagick7
 CVE-2026-33854 (Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick ...)
-	TODO: check
+	NOT-FOR-US: MolotovCherry Android-ImageMagick7
 CVE-2026-33853 (NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageM ...)
-	TODO: check
+	NOT-FOR-US: MolotovCherry Android-ImageMagick7
 CVE-2026-33852 (Missing Release of Memory after Effective Lifetime vulnerability in Mo ...)
-	TODO: check
+	NOT-FOR-US: MolotovCherry Android-ImageMagick7
 CVE-2026-33851 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: joncampbell123 doslib
 CVE-2026-33850 (Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This i ...)
-	TODO: check
+	NOT-FOR-US: WujekFoliarz DualSenseY-v2
 CVE-2026-33849 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: linkingvision rapidvms
 CVE-2026-33848 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: linkingvision rapidvms
 CVE-2026-33847 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: linkingvision rapidvms
 CVE-2026-33634 (Trivy is a security scanner. On March 19, 2026, a threat actor used co ...)
 	TODO: check
 CVE-2026-33320 (Dasel is a command-line tool and library for querying, modifying, and  ...)
@@ -352,15 +352,15 @@ CVE-2026-33307 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In
 CVE-2026-33298 (llama.cpp is an inference of several LLM models in C/C++. Prior to b78 ...)
 	TODO: check
 CVE-2026-33290 (WPGraphQL provides a GraphQL API for WordPress sites. Prior to version ...)
-	TODO: check
+	NOT-FOR-US: WPGraphQL
 CVE-2026-33286 (Graphiti is a framework that sits on top of models and exposes them vi ...)
-	TODO: check
+	NOT-FOR-US: Graphiti
 CVE-2026-33283 (Ella Core is a 5G core designed for private networks. Versions prior t ...)
-	TODO: check
+	NOT-FOR-US: Ella Core
 CVE-2026-33282 (Ella Core is a 5G core designed for private networks. Versions prior t ...)
-	TODO: check
+	NOT-FOR-US: Ella Core
 CVE-2026-33281 (Ella Core is a 5G core designed for private networks. Versions prior t ...)
-	TODO: check
+	NOT-FOR-US: Ella Core
 CVE-2026-33252 (The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4. ...)
 	TODO: check
 CVE-2026-33242 (Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a P ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b87ab3c72fa80a2dc407b140e83c5c9d1167f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b87ab3c72fa80a2dc407b140e83c5c9d1167f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260324/153d675c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list