[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 28 12:56:19 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c9052ea by Salvatore Bonaccorso at 2026-03-28T13:55:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -526,9 +526,9 @@ CVE-2026-30527 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Sour
CVE-2026-30407
REJECTED
CVE-2026-30304 (In its design for automatic terminal command execution, AI Code offers ...)
- TODO: check
+ NOT-FOR-US: AI Code
CVE-2026-30303 (The command auto-approval module in Axon Code contains an OS Command I ...)
- TODO: check
+ NOT-FOR-US: Axon Code
CVE-2026-30302 (The command auto-approval module in CodeRider-Kilo contains an OS Comm ...)
NOT-FOR-US: CodeRider-Kilo
CVE-2026-29871 (A path traversal vulnerability exists in the awesome-llm-apps project ...)
@@ -560,19 +560,19 @@ CVE-2026-27877 (When using public dashboards and direct data-sources, all direct
CVE-2026-27876 (A chained attack via SQL Expressions and a Grafana Enterprise plugin c ...)
TODO: check
CVE-2026-27650 (OS Command Injection vulnerability exists in BUFFALO Wi-Fi router prod ...)
- TODO: check
+ NOT-FOR-US: BUFFALO
CVE-2026-27309 (Substance3D - Stager versions 3.1.7 and earlier are affected by a Use ...)
NOT-FOR-US: Adobe
CVE-2026-26061 (Fleet is open source device management software. Prior to 4.81.0, Flee ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-26060 (Fleet is open source device management software. Prior to 4.81.0, a vu ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-25101 (Bludit allows user's session identifier to be set before authenticatio ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2026-25100 (Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2026-25099 (Bludit\u2019s API plugin allows an authenticated attacker with a valid ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2026-23399 (In the Linux kernel, the following vulnerability has been resolved: n ...)
TODO: check
CVE-2026-22744 (InRedisFilterExpressionConverterofspring-ai-redis-store, when a user-c ...)
@@ -592,19 +592,19 @@ CVE-2026-1307 (The Ninja Forms - The Contact Form Builder That Grows With You pl
CVE-2026-0748 (In the Drupal 7 Internationalization (i18n) module, the i18n_node subm ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-69988 (BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Cont ...)
- TODO: check
+ NOT-FOR-US: BS Producten Petcam
CVE-2025-69986 (A buffer overflow vulnerability exists in the ONVIF GetStreamUri funct ...)
- TODO: check
+ NOT-FOR-US: LSC Indoor Camera
CVE-2025-61190 (A Reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
- TODO: check
+ NOT-FOR-US: DSpace JSPUI
CVE-2025-15617 (Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Acti ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2025-15616 (Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contai ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2025-15615 (Wazuh Manager authd service in wazuh-manager packages through version ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2025-15612 (Wazuh provisioning scripts and Dockerfiles contain an insecure transpo ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2025-15445 (The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecur ...)
NOT-FOR-US: WordPress plugin
CVE-2025-15381 (In the latest version of mlflow/mlflow, when the `basic-auth` app is e ...)
@@ -618,11 +618,11 @@ CVE-2024-14028 (Use after free vulnerability in Softing smartLink HW-DP or smart
CVE-2024-11604 (Insertion of Sensitive Information into Log File vulnerability in the ...)
NOT-FOR-US: OpenText
CVE-2023-7340 (Wazuh authd contains a heap-buffer overflow vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2023-7339 (Stack-based buffer overflow vulnerability in Softing Industrial Automa ...)
NOT-FOR-US: Softing
CVE-2019-25652 (UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11 ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2019-25651 (Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), ...)
NOT-FOR-US: Ubiquiti
CVE-2026-33375 (The Grafana MSSQL data source plugin contains a logic flaw that allows ...)
@@ -869,7 +869,7 @@ CVE-2026-32286 (The DataRow.Decode function fails to properly validate field len
CVE-2026-32285 (The Delete function fails to properly validate offsets when processing ...)
TODO: check
CVE-2026-32284 (The msgpack decoder fails to properly validate the input buffer length ...)
- TODO: check
+ NOT-FOR-US: shamaton/msgpack
CVE-2026-30463 (Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Daylight Studio FuelCMS
CVE-2026-30458 (An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltr ...)
@@ -933,7 +933,7 @@ CVE-2026-26070 (EVerest is an EV charging software stack. Versions prior to 2026
CVE-2026-26008 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
NOT-FOR-US: EVerest
CVE-2026-24068 (The VSL privileged helper does utilize NSXPC for IPC. The implementati ...)
- TODO: check
+ NOT-FOR-US: VSL
CVE-2026-23995 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
NOT-FOR-US: EVerest
CVE-2026-22790 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
@@ -979,67 +979,67 @@ CVE-2025-55262 (HCL Aftermarket DPC is affected by SQL Injection which allows at
CVE-2025-55261 (HCL Aftermarket DPC is affected by Missing Functional Level Access Con ...)
NOT-FOR-US: HCL
CVE-2025-41368 (Problem in the Small HTTP Server v3.06.36 service. An authenticated pa ...)
- TODO: check
+ NOT-FOR-US: Small HTTP Server
CVE-2025-41359 (Vulnerability related to an unquoted service path in Small HTTP Server ...)
- TODO: check
+ NOT-FOR-US: Small HTTP Server
CVE-2025-41027 (Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. Thes ...)
- TODO: check
+ NOT-FOR-US: GDTaller
CVE-2025-41026 (Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. Thes ...)
- TODO: check
+ NOT-FOR-US: GDTaller
CVE-2023-7338 (Ruckus Unleashed contains a remote code execution vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2021-4474 (Ruckus Access Point products contain an arbitrary file read vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2019-25650 (River Past CamDo 3.7.6 contains a structured exception handler (SEH) b ...)
- TODO: check
+ NOT-FOR-US: River Past CamDo
CVE-2019-25649 (River Past Audio Converter 7.7.16 contains a local buffer overflow vul ...)
- TODO: check
+ NOT-FOR-US: River Past Audio Converter
CVE-2019-25648 (MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerabili ...)
- TODO: check
+ NOT-FOR-US: MyVideoConverter
CVE-2018-25219 (PassFab Excel Password Recovery 8.3.1 contains a structured exception ...)
- TODO: check
+ NOT-FOR-US: PassFab Excel Password Recovery
CVE-2018-25218 (PassFab RAR Password Recovery 9.3.2 contains a structured exception ha ...)
- TODO: check
+ NOT-FOR-US: PassFab RAR Password Recovery
CVE-2018-25217 (PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) ov ...)
- TODO: check
+ NOT-FOR-US: PDF Explorer
CVE-2018-25216 (AnyBurn 4.3 contains a local buffer overflow vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: AnyBurn
CVE-2018-25215 (Excel Password Recovery Professional 8.2.0.0 contains a local buffer o ...)
- TODO: check
+ NOT-FOR-US: Excel Password Recovery Professional
CVE-2018-25214 (MegaPing contains a local buffer overflow vulnerability that allows lo ...)
- TODO: check
+ NOT-FOR-US: MegaPing
CVE-2018-25213 (Nsauditor 3.0.28.0 contains a structured exception handling buffer ove ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2018-25212 (Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerab ...)
- TODO: check
+ NOT-FOR-US: Boxoft wav-wma Converter
CVE-2018-25211 (Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: Allok Video Splitter
CVE-2018-25210 (WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: WebOfisi E-Ticaret
CVE-2018-25209 (OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: OpenBiz Cubi Lite
CVE-2018-25208 (qdPM 9.1 contains an SQL injection vulnerability that allows unauthent ...)
- TODO: check
+ NOT-FOR-US: qdPM
CVE-2018-25207 (Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the ca ...)
- TODO: check
+ NOT-FOR-US: Online Quiz Maker
CVE-2018-25206 (KomSeo Cart 1.3 contains an SQL injection vulnerability that allows at ...)
- TODO: check
+ NOT-FOR-US: KomSeo Cart
CVE-2018-25205 (ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: ASP.NET jVideo Kit
CVE-2018-25204 (Library CMS 1.0 contains an SQL injection vulnerability that allows un ...)
- TODO: check
+ NOT-FOR-US: Library CMS
CVE-2018-25203 (Online Store System CMS 1.0 contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Online Store System CMS
CVE-2018-25202 (SAT CFDI 3.3 contains an SQL injection vulnerability that allows attac ...)
- TODO: check
+ NOT-FOR-US: SAT CFDI
CVE-2018-25201 (School Management System CMS 1.0 contains an SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: School Management System CMS
CVE-2018-25195 (Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the a ...)
- TODO: check
+ NOT-FOR-US: Wecodex Hotel CMS
CVE-2018-25185 (Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Wecodex Restaurant CMS
CVE-2018-25183 (Shipping System CMS 1.0 contains an SQL injection vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Shipping System CMS
CVE-2026-23398 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/614aefe56af8e13331e50220c936fc0689cf5675 (7.0-rc5)
@@ -1581,7 +1581,7 @@ CVE-2026-29785 (NATS-Server is a High-Performance server for NATS.io, a cloud an
CVE-2026-29092 (Kiteworks is a private data network (PDN). Prior to version 9.2.1, a v ...)
NOT-FOR-US: Kiteworks
CVE-2026-28529 (cryptodev-linux version 1.14 and prior contain a page reference handli ...)
- TODO: check
+ NOT-FOR-US: cryptodev-linux
CVE-2026-27889 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
- nats-server 2.12.6-1
NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6
@@ -1651,7 +1651,7 @@ CVE-2026-26832 (node-tesseract-ocr is an npm package that provides a Node.js wra
CVE-2026-26831 (textract through 2.5.0 is vulnerable to OS Command Injection via the f ...)
TODO: check
CVE-2026-26830 (pdf-image (npm package) through version 2.0.0 allows OS command inject ...)
- TODO: check
+ NOT-FOR-US: pdf-image Node.js module
CVE-2026-26233 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-25645 (Requests is a HTTP library. Prior to version 2.33.0, the `requests.uti ...)
@@ -2801,7 +2801,7 @@ CVE-2026-24151 (NVIDIA Megatron-LM contains a vulnerability in inferencing where
CVE-2026-24150 (NVIDIA Megatron-LM contains a vulnerability in checkpoint loading wher ...)
NOT-FOR-US: NVIDIA
CVE-2026-24141 (NVIDIA Model Optimizer for Windows and Linux contains a vulnerability ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-21790 (HCL Traveler is susceptible to a weak default HTTP header validation v ...)
NOT-FOR-US: HCL
CVE-2026-20701 (An access issue was addressed with additional sandbox restrictions. Th ...)
@@ -2887,15 +2887,15 @@ CVE-2025-33248 (NVIDIA Megatron-LM contains a vulnerability in the hybrid conver
CVE-2025-33247 (NVIDIA Megatron LM contains a vulnerability in quantization configurat ...)
NOT-FOR-US: NVIDIA
CVE-2025-33244 (NVIDIA APEX for Linux contains a vulnerability where an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33242 (NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could all ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33238 (NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulner ...)
NOT-FOR-US: NVIDIA
CVE-2025-33216 (NVIDIA SNAP-4 Container contains a vulnerability in the configuration ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33215 (NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK com ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-4371 (A malicious mail server could send malformed strings with negative len ...)
{DSA-6179-1 DLA-4511-1}
- thunderbird 1:140.9.0esr-1
@@ -3755,7 +3755,7 @@ CVE-2026-32901
CVE-2026-32900
REJECTED
CVE-2026-32642 (Incorrect Authorization (CWE-863)vulnerability in Apache Artemis, Apac ...)
- TODO: check
+ NOT-FOR-US: Apache Artemis and Apache ActiveMQ Artemis
CVE-2026-32300 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
NOT-FOR-US: Connect-CMS
CVE-2026-32299 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
@@ -4020,7 +4020,7 @@ CVE-2026-30006 (XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via
CVE-2026-2298 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
NOT-FOR-US: Salesforce
CVE-2026-28809 (XML External Entity (XXE) vulnerability in esaml (and its forks) allow ...)
- TODO: check
+ NOT-FOR-US: esaml
CVE-2026-27131 (The Sprig Plugin for Craft CMS is a reactive Twig component framework ...)
NOT-FOR-US: Craft CMS plugin
CVE-2026-26829 (A NULL pointer dereference in the safe_atou64 function (src/misc.c) of ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c9052eaebc6a8d80cc53d6d0c9e46050a86c16d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c9052eaebc6a8d80cc53d6d0c9e46050a86c16d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/503a2225/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list