[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 13 06:48:45 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5518b411 by Salvatore Bonaccorso at 2026-05-13T07:46:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-44378
 	- botan3 <unfixed>
 	NOTE: https://github.com/randombit/botan/security/advisories/GHSA-7q2v-3g27-6g3j
 CVE-2026-8431 (An administrative user with access to configure webhooks can execute a ...)
-	TODO: check
+	NOT-FOR-US: MongoDB Ops Manager
 CVE-2026-8430 (SPIP versions prior to 4.4.14 contain a remote code execution vulnerab ...)
 	- spip <unfixed>
 CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a remote code execution vulnerab ...)
@@ -46,7 +46,7 @@ CVE-2026-8110 (Incorrect permissions assignment inthe agent ofIvanti Endpoint Ma
 CVE-2026-8109 (An exposed dangerous methodonthe Core Server ofIvanti Endpoint Manager ...)
 	NOT-FOR-US: Ivanti
 CVE-2026-8072 (Insecure generation of credentials in the local SAT (Technical Support ...)
-	TODO: check
+	NOT-FOR-US: Ingecon Sun EMS Board
 CVE-2026-8051 (OS command injection in Ivanti Virtual Traffic Manager before version  ...)
 	NOT-FOR-US: Ivanti
 CVE-2026-8043 (External control of a file name in Ivanti Xtraction before version 202 ...)
@@ -108,7 +108,7 @@ CVE-2026-6247 (The scratchblocks for WP plugin for WordPress is vulnerable to St
 CVE-2026-6237 (The Quick Table plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6001 (Authorization bypass through User-Controlled key vulnerability in ABIS ...)
-	TODO: check
+	NOT-FOR-US: BAPSIS
 CVE-2026-5715 (The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5693 (The Smart Appointment & Booking plugin for WordPress is vulnerable to  ...)
@@ -120,7 +120,7 @@ CVE-2026-5146 (Improper access control in the notification management endpoints
 CVE-2026-5061 (The consul-template library before version 0.42.0 is vulnerable to a s ...)
 	TODO: check
 CVE-2026-5029 (A remote code execution vulnerability exists inCode Runner MCP Server  ...)
-	TODO: check
+	NOT-FOR-US: Code Runner MCP Server
 CVE-2026-5028 (The Eight Day Week Print Workflow plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4920 (The Next Date plugin for WordPress is vulnerable to Stored Cross-Site  ...)
@@ -164,11 +164,11 @@ CVE-2026-44277 (A improper access control vulnerability in Fortinet FortiAuthent
 CVE-2026-44204 (Shelf is a platform for tracking physical assets. From 1.12 to before  ...)
 	TODO: check
 CVE-2026-44196 (Pingvin Share X is a secure and easy self-hosted file sharing platform ...)
-	TODO: check
+	NOT-FOR-US: Pingvin Share X
 CVE-2026-44184 (Cleanuparr is a tool for automating the cleanup of unwanted or blocked ...)
-	TODO: check
+	NOT-FOR-US: Cleanuparr
 CVE-2026-44183 (Cleanuparr is a tool for automating the cleanup of unwanted or blocked ...)
-	TODO: check
+	NOT-FOR-US: Cleanuparr
 CVE-2026-44167 (phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0 ...)
 	TODO: check
 CVE-2026-44166 (Pocketbase is an open source web backend written in go. Prior to 0.22. ...)
@@ -834,7 +834,7 @@ CVE-2026-45026 (WeGIA is a web manager for charitable institutions. In versions
 CVE-2026-45025 (WeGIA is a web manager for charitable institutions. In versions prior  ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-44695 (Outline is a service that allows for collaborative documentation. Prio ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2026-43914 (Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to ...)
 	- vaultwarden <itp> (bug #1067023)
 CVE-2026-43913 (Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5518b411cfe3ff5e07c3159bcb130daa782032f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5518b411cfe3ff5e07c3159bcb130daa782032f6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260513/1d11b48a/attachment.htm>

More information about the debian-security-tracker-commits mailing list