[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Mon May 4 09:08:19 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab26a041 by Salvatore Bonaccorso at 2026-05-04T10:07:46+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -73,13 +73,13 @@ CVE-2026-7706 (A vulnerability has been found in Open5GS up to 2.7.7. This issue
 CVE-2026-7705 (A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerabilit ...)
 	NOT-FOR-US: JD Cloud JDCOS
 CVE-2026-7372 (A stack overflow vulnerability exists in the WebCam Server Login funct ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-7371 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-7161 (An insufficient encryption vulnerability exists in the Device Authenti ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-6948 (Velociraptor versions prior to 0.76.4 contain a resource exhaustion vu ...)
-	TODO: check
+	NOT-FOR-US: Velociraptor
 CVE-2026-5335 (The Magic Export & Import WordPress plugin before 1.2.0 stores exporte ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-43864 (mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.)
@@ -101,19 +101,19 @@ CVE-2026-43859 (mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for t
 	- mutt <unfixed>
 	NOTE: Fixed by: https://gitlab.com/muttmua/mutt/-/commit/834c5a2ed0479e51e8662a31caed129f136f4805 (mutt-2-3-2-rel)
 CVE-2026-42370 (A stack overflow vulnerability exists in the WebCam Server Login funct ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-42369 (GV-VMS V20 is a Video Monitoring Software used to gather the feeds of  ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-42368 (A privilege escalation vulnerability exists in the Web Interface funct ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-42367 (A privilege escalation vulnerability exists in the Web Interface / ssi ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-42366 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-42365 (A guessable session cookie vulnerability exists in the Web Interface f ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-42364 (An os command injection vulnerability exists in the DdnsSetting.cgi fu ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2026-29200 (A critical IDOR vulnerability has been discovered in Comet Backup affe ...)
 	TODO: check
 CVE-2026-29199 (phpBB before 3.3.16 is vulnerable to Host Header Injection that can le ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab26a041b6f9969be8246b07f12ed09068df644c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab26a041b6f9969be8246b07f12ed09068df644c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260504/fe336bd6/attachment.htm>
