[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed May 20 19:41:18 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6841690 by Salvatore Bonaccorso at 2026-05-20T20:38:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -278,7 +278,7 @@ CVE-2026-46586 (Improper Control of Generation of Code ('Code Injection'), Impro
 CVE-2026-45585 (Microsoft is aware of a security feature bypass vulnerability in Windo ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-45557 (Technitium DNS Server aggressively tries to fetch missing RRSIG record ...)
-	TODO: check
+	NOT-FOR-US: Technitium DNS Server
 CVE-2026-45442 (Missing Authorization vulnerability in Brainstorm Force Presto Player  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45434 (Improper Authentication vulnerability in Apache OFBiz via Password-Cha ...)
@@ -292,21 +292,21 @@ CVE-2026-44392 (Missing authorization vulnerability exists in Movable Type. Unde
 CVE-2026-44159 (Tyler Identity Local (TID-L) uses documented, default administrative c ...)
 	TODO: check
 CVE-2026-43634 (HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Hestia Control Panel
 CVE-2026-43633 (HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulner ...)
-	TODO: check
+	NOT-FOR-US: Hestia Control Panel
 CVE-2026-42526 (In the AWS Secrets Manager and SSM Parameter Store secrets backends of ...)
-	TODO: check
+	NOT-FOR-US: AWS Secrets Manager
 CVE-2026-42100 (Improper Handling of Syntactically Invalid Structure in Sparx Pro Clou ...)
-	TODO: check
+	NOT-FOR-US: Sparx Systems
 CVE-2026-42099 (Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_ ...)
-	TODO: check
+	NOT-FOR-US: Sparx Systems
 CVE-2026-42098 (Sparx Enterprise Architect software has a security feature that limits ...)
-	TODO: check
+	NOT-FOR-US: Sparx Systems
 CVE-2026-42097 (Sparx Pro Cloud Serverrequires authentication based on requested URL.  ...)
-	TODO: check
+	NOT-FOR-US: Sparx Systems
 CVE-2026-42096 (Sparx Pro Cloud Server is vulnerable to Broken Access Control within c ...)
-	TODO: check
+	NOT-FOR-US: Sparx Systems
 CVE-2026-41919 (Improper Neutralization of Special Elements used in an LDAP Query ('LD ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-41470 (LIVE555 before 2026.04.22 contains an authorization bypass vulnerabili ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6841690e3bfec9df4c5814a75dfaa29e726df37

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6841690e3bfec9df4c5814a75dfaa29e726df37
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/c14b89c2/attachment.htm>
