[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 18 20:45:17 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0fad6b06 by Salvatore Bonaccorso at 2026-05-18T21:44:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,11 +12,11 @@ CVE-2026-8802 (A vulnerability was detected in opensourcepos Open Source Point o
CVE-2026-7498 (Improper neutralization of input during web page generation ('cross-si ...)
NOT-FOR-US: DernekWeb
CVE-2026-7304 (SGLangs multimodal generation runtime is vulnerable to unauthenticated ...)
- TODO: check
+ NOT-FOR-US: SGLang
CVE-2026-7302 (SGLangs multimodal generation runtime is vulnerable to an unauthentica ...)
- TODO: check
+ NOT-FOR-US: SGLang
CVE-2026-7301 (SGLangs multimodal generation runtime scheduler's ROUTER socket binds ...)
- TODO: check
+ NOT-FOR-US: SGLang
CVE-2026-6902 (A vulnerability in Command-Line Client in P4 Server prior to the 2025. ...)
NOT-FOR-US: Command-Line Client in P4 Server
CVE-2026-6347 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
@@ -44,13 +44,13 @@ CVE-2026-5163 (Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membe
CVE-2026-4643 (Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent s ...)
- mattermost-desktop <itp> (bug #831861)
CVE-2026-4320 (Authorization Bypass vulnerability in Creartia's ICMS software could a ...)
- TODO: check
+ NOT-FOR-US: Creartia ICMS
CVE-2026-4286 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to chec ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-4273 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to vali ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-45829 (A pre-authentication, code injection vulnerability in version 1.0.0 or ...)
- TODO: check
+ NOT-FOR-US: ChromaDB Python
CVE-2026-45495 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2026-45494 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
@@ -58,13 +58,13 @@ CVE-2026-45494 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
CVE-2026-45492 (Improper input validation in Microsoft Edge (Chromium-based) allows an ...)
NOT-FOR-US: Microsoft
CVE-2026-45243 (Summarize prior to 0.15.1 contains a missing authorization vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Summarize
CVE-2026-45242 (Summarize prior to 0.15.1 contains a path traversal vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Summarize
CVE-2026-45231 (DumbAssets through 1.0.11 contains a stored cross-site scripting vulne ...)
- TODO: check
+ NOT-FOR-US: DumbAssets
CVE-2026-45230 (DumbAssets through 1.0.11 contains a path traversal vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: DumbAssets
CVE-2026-42822 (Improper authentication in Azure Local Disconnected Operations allows ...)
NOT-FOR-US: Microsoft
CVE-2026-41949 (Dify version 1.14.1 and prior contain an authorization bypass vulnerab ...)
@@ -84,33 +84,33 @@ CVE-2026-3495 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to
CVE-2026-3471 (Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent a ...)
TODO: check
CVE-2026-3117 (Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to pr ...)
- TODO: check
+ NOT-FOR-US: Mattermost Plugins
CVE-2026-39079 (An issue in prestashop upsshipping all versions through at least 2.4.0 ...)
- TODO: check
+ NOT-FOR-US: prestashop
CVE-2026-38719 (OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpENer
CVE-2026-36438 (An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows ...)
NOT-FOR-US: Intelbras
CVE-2026-32849 (NetBSD prior to commit ec8451e contains a signed integer overflow vuln ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2026-32848 (NetBSD prior to commit ec8451e contains a race condition vulnerability ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2026-2325 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-29965 (HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: HSC MailInspector
CVE-2026-29964 (HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulne ...)
- TODO: check
+ NOT-FOR-US: HSC MailInspector
CVE-2026-29963 (HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to im ...)
- TODO: check
+ NOT-FOR-US: HSC MailInspector
CVE-2026-29962 (HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulne ...)
- TODO: check
+ NOT-FOR-US: HSC MailInspector
CVE-2026-28759 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-28732 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-26462 (Offline Hospital Management System 5.3.0 allows remote code execution ...)
- TODO: check
+ NOT-FOR-US: Offline Hospital Management System
CVE-2026-20685 (An attacker in a privileged network position may be able to leak sensi ...)
NOT-FOR-US: Apple
CVE-2026-0983 (Denial-of-service condition in M-Files Server versions before 26.5.160 ...)
@@ -118,7 +118,7 @@ CVE-2026-0983 (Denial-of-service condition in M-Files Server versions before 26.
CVE-2025-57282 (ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.)
TODO: check
CVE-2025-56352 (In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-1 ...)
- TODO: check
+ NOT-FOR-US: tinyMQTT
CVE-2026-8788 (Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric inje ...)
NOT-FOR-US: Net::Statsd::Lite Perl module
CVE-2026-8786 (A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affecte ...)
@@ -3863,7 +3863,7 @@ CVE-2026-20767 (Improper input validation for some Intel(R) QAT software drivers
CVE-2026-20754 (Improper conditions check in some firmware for some Intel(R) NPU Drive ...)
NOT-FOR-US: Intel
CVE-2026-20753 (Integer overflow in the UEFI firmware for the Slim Bootloader may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20751 (Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VM ...)
NOT-FOR-US: Intel
CVE-2026-20738 (Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 89 ...)
@@ -4646,35 +4646,35 @@ CVE-2025-8325 (The software fails to enforce role-based access controls for cert
CVE-2025-8154 (In Webhook API invocations, the component accepts user-supplied input ...)
NOT-FOR-US: WSO2
CVE-2025-65418 (docuFORM Managed Print Service Client 11.11c is vulnerable to a direct ...)
- TODO: check
+ NOT-FOR-US: docuFORM Managed Print Service Client
CVE-2025-65417 (docuFORM Managed Print Service Client 11.11c is vulnerable to a reflec ...)
- TODO: check
+ NOT-FOR-US: docuFORM Managed Print Service Client
CVE-2025-65416 (docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrar ...)
- TODO: check
+ NOT-FOR-US: docuFORM Managed Print Service Client
CVE-2025-65415 (docuFORM Managed Print Service Client 11.11c is vulnerable to a sessio ...)
- TODO: check
+ NOT-FOR-US: docuFORM Managed Print Service Client
CVE-2025-63750
REJECTED
CVE-2025-61314 (A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_or ...)
TODO: check
CVE-2025-61313 (A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_ma ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-61312 (A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pr ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-61311 (A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_al ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-61310 (A reflected cross-site scripted (XSS) vulnerability in the acc-menu_bi ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-61309 (A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_de ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-61308 (A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_ma ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-61307 (A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pa ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-61306 (A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_co ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-61305 (A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_fi ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2025-43992 (Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale version ...)
NOT-FOR-US: Dell / EMC
CVE-2025-10908 (Due to a lack of user account state validation during authentication, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fad6b06a8c742d111ac0b2b9c32ce9c229d2653
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fad6b06a8c742d111ac0b2b9c32ce9c229d2653
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/51b4a6ee/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list