[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 20 20:15:35 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
caa5c789 by Salvatore Bonaccorso at 2026-05-20T21:15:24+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -468,9 +468,9 @@ CVE-2026-41470 (LIVE555 before 2026.04.22 contains an authorization bypass vulne
 CVE-2026-3985 (The Creative Mail \u2013 Easier WordPress & WooCommerce Email Marketin ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-39309 (Trilium Notes is a cross-platform, hierarchical note taking applicatio ...)
-	TODO: check
+	NOT-FOR-US: Trilium Notes
 CVE-2026-39250 (An authorization vulnerability exists in Innoshop 0.6.0. After logging ...)
-	TODO: check
+	NOT-FOR-US: Innoshop
 CVE-2026-37982 (A flaw was found in Keycloak. This authentication vulnerability allows ...)
 	- keycloak <itp> (bug #1088287)
 CVE-2026-37981 (A flaw was found in Keycloak. A broken access control vulnerability in ...)
@@ -480,15 +480,15 @@ CVE-2026-37979 (A flaw was found in Keycloak. This access control vulnerability
 CVE-2026-37978 (A flaw was found in Keycloak. A low-privilege administrator with the ' ...)
 	- keycloak <itp> (bug #1088287)
 CVE-2026-37281 (An OS command injection vulnerability in the /stream-to-vlc Express ro ...)
-	TODO: check
+	NOT-FOR-US: hitarth-gg Zenshin
 CVE-2026-36829 (An authentication bypass vulnerability exists in the embedded HTTP ser ...)
-	TODO: check
+	NOT-FOR-US: Panabit PAP-XM320
 CVE-2026-36828 (A command injection vulnerability exists in the /cgi-bin/tools/ajax_cm ...)
-	TODO: check
+	NOT-FOR-US: Panabit PAP-XM320
 CVE-2026-36827 (A command injection vulnerability exists in Panabit PAP-XM320 up to an ...)
-	TODO: check
+	NOT-FOR-US: Panabit PAP-XM320
 CVE-2026-35593 (Trilium Notes is an open-source, cross-platform hierarchical note taki ...)
-	TODO: check
+	NOT-FOR-US: Trilium Notes
 CVE-2026-35086 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-34970 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caa5c789448687bc9ba41f63fdbfdbcaa1516a82

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caa5c789448687bc9ba41f63fdbfdbcaa1516a82
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/c8c922e5/attachment.htm>

More information about the debian-security-tracker-commits mailing list