[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 27 08:11:40 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
526a4de2 by Salvatore Bonaccorso at 2026-03-27T09:11:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -244,7 +244,7 @@ CVE-2026-27664 (A vulnerability has been identified in CPCI85 Central Processing
CVE-2026-27663 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
NOT-FOR-US: Siemens
CVE-2026-26213 (thingino-firmware versions up to the firmware-2026-03-16 release conta ...)
- TODO: check
+ NOT-FOR-US: thingino-firmware
CVE-2026-26074 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
NOT-FOR-US: EVerest
CVE-2026-26073 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
@@ -436,9 +436,9 @@ CVE-2026-4822 (A vulnerability was detected in Enter Software Iperius Backup bis
CVE-2026-4758 (The WP Job Portal plugin for WordPress is vulnerable to arbitrary file ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4747 (Each RPCSEC_GSS data packet is validated by a routine which checks a s ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-4652 (On a system exposing an NVMe/TCP target, a remote client can trigger a ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-4484 (The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Esca ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4389 (The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPr ...)
@@ -454,7 +454,7 @@ CVE-2026-4281 (The FormLift for Infusionsoft Web Forms plugin for WordPress is v
CVE-2026-4278 (The Simple Download Counter plugin for WordPress is vulnerable to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4247 (When a challenge ACK is to be sent tcp_respond() constructs and sends ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-4075 (The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3328 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
@@ -3286,11 +3286,11 @@ CVE-2026-2298 (Improper Neutralization of Argument Delimiters in a Command ('Arg
CVE-2026-28809 (XML External Entity (XXE) vulnerability in esaml (and its forks) allow ...)
TODO: check
CVE-2026-27131 (The Sprig Plugin for Craft CMS is a reactive Twig component framework ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2026-26829 (A NULL pointer dereference in the safe_atou64 function (src/misc.c) of ...)
- TODO: check
+ NOT-FOR-US: owntone-server
CVE-2026-26828 (A NULL pointer dereference in the daap_reply_playlists function (src/h ...)
- TODO: check
+ NOT-FOR-US: owntone-server
CVE-2026-26209 (cbor2 provides encoding and decoding for the Concise Binary Object Rep ...)
- cbor2 5.9.0-1
NOTE: https://github.com/agronholm/cbor2/security/advisories/GHSA-3c37-wwvx-h642
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/526a4de2ac0c3fff33f73adb759f204036b47182
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/526a4de2ac0c3fff33f73adb759f204036b47182
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/38f37303/attachment.htm>
More information about the debian-security-tracker-commits
mailing list