[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 20 20:44:57 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1aac113d by Salvatore Bonaccorso at 2026-05-20T21:44:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28,9 +28,9 @@ CVE-2026-8486 (Allocation of resources without limits or throttling vulnerabilit
 CVE-2026-8485 (Uncontrolled Memory Allocation vulnerability in Progress Software MOVE ...)
 	NOT-FOR-US: Progress Software
 CVE-2026-8469 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: phenixdigital phoenix_storybook
 CVE-2026-8467 (Code Injection vulnerability in phenixdigital phoenix_storybook allows ...)
-	TODO: check
+	NOT-FOR-US: phenixdigital phoenix_storybook
 CVE-2026-8342
 	REJECTED
 CVE-2026-7613 (The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable  ...)
@@ -40,13 +40,13 @@ CVE-2026-6728 (The Slider Revolution plugin for WordPress is vulnerable to Sensi
 CVE-2026-6405 (The Anomify AI \u2013 Anomaly Detection and Alerting plugin for WordPr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5783 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: CityPLus
 CVE-2026-5200 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Auto ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4293 (The affectedKieback & Peter DDC building controllersare vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Kieback & Peter DDC building controllers
 CVE-2026-47068 (Authorization Bypass Through User-Controlled Key vulnerability in phen ...)
-	TODO: check
+	NOT-FOR-US: phoenix_storybook
 CVE-2026-45584 (Heap-based buffer overflow in Microsoft Defender allows an unauthorize ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-45498 (Microsoft Defender Denial of Service Vulnerability)
@@ -56,13 +56,13 @@ CVE-2026-45443 (Missing Authorization vulnerability in ADD-ONS.ORG PDF for Eleme
 CVE-2026-44933 (`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot ...)
 	TODO: check
 CVE-2026-44926 (InfoScale CmdServer before 7.4.2 mishandles access control.)
-	TODO: check
+	NOT-FOR-US: InfoScale CmdServer
 CVE-2026-44925 (Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 O ...)
-	TODO: check
+	NOT-FOR-US: InfoScale
 CVE-2026-44924 (InfoScale VIOM 9.1.3 allows XSS.)
-	TODO: check
+	NOT-FOR-US: InfoScale
 CVE-2026-44923 (SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers  ...)
-	TODO: check
+	NOT-FOR-US: InfoScale
 CVE-2026-42834 (Improper link resolution before file access ('link following') in Azur ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-42383 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -70,7 +70,7 @@ CVE-2026-42383 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2026-41091 (Improper link resolution before file access ('link following') in Micr ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-39047 (Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: EPSON
 CVE-2026-35070 (Dell SmartFabric Storage Software, versions prior to 1.4.5, contains a ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-30691 (Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer  ...)
@@ -499,7 +499,7 @@ CVE-2026-35086 (Improper Control of Generation of Code ('Code Injection') vulner
 CVE-2026-34970 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
 	TODO: check
 CVE-2026-34883 (An issue was discovered in the Portrait Dell Color Management applicat ...)
-	TODO: check
+	NOT-FOR-US: Portrait
 CVE-2026-34754 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
 	TODO: check
 CVE-2026-34744 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
@@ -513,21 +513,21 @@ CVE-2026-34463 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. V
 CVE-2026-34390 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
 	TODO: check
 CVE-2026-34358 (CtrlPanel is open-source billing software for hosting providers. Versi ...)
-	TODO: check
+	NOT-FOR-US: CtrlPanel
 CVE-2026-34246 (CtrlPanel is open-source billing software for hosting providers. Versi ...)
-	TODO: check
+	NOT-FOR-US: CtrlPanel
 CVE-2026-34241 (CtrlPanel is open-source billing software for hosting providers. Versi ...)
-	TODO: check
+	NOT-FOR-US: CtrlPanel
 CVE-2026-34234 (CtrlPanel is open-source billing software for hosting providers. In ve ...)
-	TODO: check
+	NOT-FOR-US: CtrlPanel
 CVE-2026-34233 (CtrlPanel is open-source billing software for hosting providers. In ve ...)
-	TODO: check
+	NOT-FOR-US: CtrlPanel
 CVE-2026-34216 (CtrlPanel is open-source billing software for hosting providers. In ve ...)
-	TODO: check
+	NOT-FOR-US: CtrlPanel
 CVE-2026-34154 (Discourse is an open-source discussion platform. In versions prior to  ...)
 	NOT-FOR-US: Discourse
 CVE-2026-33741 (EspoCRM is an open source customer relationship management application ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2026-33642 (Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and b ...)
 	TODO: check
 CVE-2026-33637 (Faraday is an HTTP client library abstraction layer that provides a co ...)
@@ -557,7 +557,7 @@ CVE-2026-32738 (libheif is a HEIF and AVIF file format decoder and encoder. In v
 	NOTE: https://github.com/strukturag/libheif/security/advisories/GHSA-7f2h-cmpf-v9ww
 	NOTE: https://github.com/strukturag/libheif/commit/bdaa37728442800497ea224bd232ca25e2f9bdff (v1.22.0)
 CVE-2026-32134 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2026-31986 (Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.  Th ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-31910 (Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz.  Thi ...)
@@ -580,11 +580,11 @@ CVE-2026-31072 (The JSONSerializer and CBORSerializer in APScheduler (all versio
 	- apscheduler <unfixed>
 	NOTE: https://gist.github.com/nedlir/11fb77f35a59cbba73392a086b02a9c6
 CVE-2026-31071 (API endpoints in LalanaChami Pharmacy Management System (commit 5c3d02 ...)
-	TODO: check
+	NOT-FOR-US: LalanaChami Pharmacy Management System
 CVE-2026-31070 (The LalanaChami Pharmacy Management System (commit 5c3d028) allows una ...)
-	TODO: check
+	NOT-FOR-US: LalanaChami Pharmacy Management System
 CVE-2026-31069 (BillaBear (all versions prior to Jan 2026) contains a SQL Injection vu ...)
-	TODO: check
+	NOT-FOR-US: BillaBear
 CVE-2026-30118 (scalar/astro v0.1.13 was discovered to contain a Server-Side Request F ...)
 	TODO: check
 CVE-2026-30117 (scalar/astro v0.1.13 was discovered to contain an arbitrary file uploa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aac113dd65cc3d4a80a8aded0fce1d38ed9bf57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aac113dd65cc3d4a80a8aded0fce1d38ed9bf57
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/a77fcdc5/attachment.htm>

More information about the debian-security-tracker-commits mailing list