[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 17 15:43:57 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
452ffea2 by Salvatore Bonaccorso at 2026-05-17T16:43:31+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1331,7 +1331,7 @@ CVE-2026-40893 (Gotenberg is a Docker-powered stateless API for PDF files. Prior
 CVE-2026-38740 (Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Clearte ...)
 	NOT-FOR-US: Foscam VD1 Video Doorbell
 CVE-2026-2347 (Authorization bypass through User-Controlled key vulnerability in Akil ...)
-	TODO: check
+	NOT-FOR-US: E-Commerce Website
 CVE-2026-27886 (Strapi is an open source headless content management system. Strapi ve ...)
 	NOT-FOR-US: Strapi
 CVE-2026-27680 (Due to improper input handling under certain conditions, SAP NetWeaver ...)
@@ -3402,17 +3402,17 @@ CVE-2026-31221 (PyTorch-Lightning versions 2.6.0 and earlier contain an insecure
 CVE-2026-31220 (PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerabl ...)
 	NOT-FOR-US: PySyft (Syft Datasite/Server)
 CVE-2026-31219 (The _load_model() function in the neural_magic_training.py script of t ...)
-	TODO: check
+	NOT-FOR-US: nebuly-ai/optimate
 CVE-2026-31218 (The _load_model() function in the neural_magic_training.py script of t ...)
-	TODO: check
+	NOT-FOR-US: nebuly-ai/optimate
 CVE-2026-31217 (The _load_model() function in the neural_magic_training.py script of t ...)
-	TODO: check
+	NOT-FOR-US: nebuly-ai/optimate
 CVE-2026-31216 (The nexent v1.7.5.2 backend service contains an unauthorized arbitrary ...)
 	NOT-FOR-US: nexent
 CVE-2026-31215 (The nexent v1.7.5.2 backend service contains an unauthorized arbitrary ...)
 	NOT-FOR-US: nexent
 CVE-2026-31214 (The torch-checkpoint-shrink.py script in the ml-engineering project in ...)
-	TODO: check
+	NOT-FOR-US: ml-engineering
 CVE-2026-30810 (Server-Side Request Forgery vulnerability allows Privilege Escalation  ...)
 	NOT-FOR-US: Pandora FMS
 CVE-2026-30808 (Session Fixation vulnerability allows Session Hijacking via crafted se ...)
@@ -3424,11 +3424,11 @@ CVE-2026-30805 (Insecure Default Initialization of Resource vulnerability allows
 CVE-2026-2993 (The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2465 (Incorrect Authorization vulnerability in E-Kalite Software Hardware En ...)
-	TODO: check
+	NOT-FOR-US: Turboard
 CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29204 (Insufficient ownership check in `clientarea.php` allows an authenticat ...)
-	TODO: check
+	NOT-FOR-US: WebPros WHMCS
 CVE-2026-27851 (When safe filter is used with variable expansion, all following pipeli ...)
 	- dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
 	[bookworm] - dovecot <not-affected> (Vulnerable code introduced later)
@@ -3472,33 +3472,33 @@ CVE-2026-20914 (Null pointer dereference for some Intel(R) QAT software drivers
 CVE-2026-20905 (Improper input validation for some Intel(R) QAT software drivers for W ...)
 	TODO: check
 CVE-2026-20887 (Improper access control for some Intel Vision software for all version ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2026-20881 (Divide by zero for some Intel(R) QAT software drivers for Windows befo ...)
 	TODO: check
 CVE-2026-20879 (Out-of-bounds write for the Intel(R) Data Center Graphics Driver for V ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2026-20794 (Buffer overflow for the Intel(R) Data Center Graphics Driver for VMwar ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2026-20793 (Unchecked return value for some Intel(R) QAT software drivers for Wind ...)
 	TODO: check
 CVE-2026-20782 (Buffer overflow for some Intel(R) QAT software drivers for Windows bef ...)
 	TODO: check
 CVE-2026-20772 (Uncontrolled search path for some Intel(R) Connectivity Performance Su ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2026-20771 (Null pointer dereference for some Intel(R) QAT software drivers for Wi ...)
 	TODO: check
 CVE-2026-20767 (Improper input validation for some Intel(R) QAT software drivers for W ...)
 	TODO: check
 CVE-2026-20754 (Improper conditions check in some firmware for some Intel(R) NPU Drive ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2026-20753 (Integer overflow in the UEFI firmware for the Slim Bootloader may allo ...)
 	TODO: check
 CVE-2026-20751 (Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VM ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2026-20738 (Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 89 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2026-20718 (Incorrect default permissions for some Intel(R) NPU Driver software in ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2026-20717 (Improper input validation for some Intel(R) QAT software drivers for W ...)
 	TODO: check
 CVE-2026-20714 (Out-of-bounds write for some Intel(R) QAT software drivers for Windows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452ffea2e362580cc4a2d2c7f12de3d4c106984e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452ffea2e362580cc4a2d2c7f12de3d4c106984e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260517/90ba61ed/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list