[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 20 22:28:22 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53762235 by Moritz Muehlenhoff at 2026-05-20T23:28:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -78,13 +78,13 @@ CVE-2026-39047 (Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a re
 CVE-2026-35070 (Dell SmartFabric Storage Software, versions prior to 1.4.5, contains a ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-30691 (Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer  ...)
-	TODO: check
+	NOT-FOR-US: @cyntler/react-doc-viewer
 CVE-2026-27424 (Missing Authorization vulnerability in WP Chill Image Photo Gallery Fi ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27405 (Missing Authorization vulnerability in Magepeople inc. WpBookingly all ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25602 (Insufficient Verification of Data Authenticity vulnerability in Mesalv ...)
-	TODO: check
+	NOT-FOR-US: Meona
 CVE-2026-24573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24425 (Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass ...)
@@ -92,9 +92,9 @@ CVE-2026-24425 (Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox
 CVE-2026-22554 (MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vu ...)
 	TODO: check
 CVE-2026-22315 (Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client L ...)
-	TODO: check
+	NOT-FOR-US: Meona
 CVE-2026-22314 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Meona
 CVE-2026-21836 (The HCL DominoIQ RAG feature isaffected bya Broken Access Control vuln ...)
 	NOT-FOR-US: HCL
 CVE-2026-20240 (In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12 ...)
@@ -104,17 +104,17 @@ CVE-2026-20239 (In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splun
 CVE-2026-20238 (In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that  ...)
 	NOT-FOR-US: Cisco
 CVE-2026-20223 (A vulnerability in the access validation of internal REST APIs of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20206 (A vulnerability in the BrowserBot component of Cisco ThousandEyes Ente ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20199 (A vulnerability in the SSL certificate handling of Cisco ThousandEyes  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20171 (A vulnerability in the Border Gateway Protocol (BGP) enforce-firs ...)
 	NOT-FOR-US: Cisco
 CVE-2026-0857 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Meona
 CVE-2026-0856 (Improper Access Control vulnerability in Mesalvo Meona Client Launcher ...)
-	TODO: check
+	NOT-FOR-US: Meona
 CVE-2025-32750 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of  ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-31985 (HCL BigFix Service Management (SM) is affected by a security misconfig ...)
@@ -122,7 +122,7 @@ CVE-2025-31985 (HCL BigFix Service Management (SM) is affected by a security mis
 CVE-2025-31973 (HCL BigFix Service Management (SM) is susceptible to  a Configuration  ...)
 	NOT-FOR-US: HCL
 CVE-2025-11954 (Cross-Site request forgery (CSRF) vulnerability in Sitemio Information ...)
-	TODO: check
+	NOT-FOR-US: Sitemio
 CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivat ...)
 	TODO: check
 CVE-2026-41073
@@ -273,7 +273,7 @@ CVE-2026-8711 (NGINX JavaScript has a vulnerability when the js_fetch_proxydirec
 	- libnginx-mod-js <unfixed>
 	NOTE: https://my.f5.com/manage/s/article/K000161307
 CVE-2026-8706 (Firefox for iOS hosted Reader mode on an unauthenticated local web ser ...)
-	TODO: check
+	NOT-FOR-US: Firefox for iOS
 CVE-2026-8685 (The Infility Global plugin for WordPress is vulnerable to SQL Injectio ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8627 (The Correct Prices plugin for WordPress is vulnerable to Reflected Cro ...)
@@ -385,7 +385,7 @@ CVE-2026-6095 (Improper Neutralization of Input During Web Page Generation ("Cro
 CVE-2026-6072 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for Wor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6009 (Java Deserialisation Vulnerability in Jaspersoft Reports Library leads ...)
-	TODO: check
+	- jasperreports <removed>
 CVE-2026-5804 (An improper authentication vulnerability was discovered in the Motorol ...)
 	NOT-FOR-US: Lenovo
 CVE-2026-5776 (The Email Encoder  WordPress plugin before 2.4.7 does not escape email ...)
@@ -465,7 +465,7 @@ CVE-2026-43634 (HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vul
 CVE-2026-43633 (HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulner ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2026-42526 (In the AWS Secrets Manager and SSM Parameter Store secrets backends of ...)
-	NOT-FOR-US: AWS Secrets Manager
+	NOT-FOR-US: Apache Airflow provider
 CVE-2026-42100 (Improper Handling of Syntactically Invalid Structure in Sparx Pro Clou ...)
 	NOT-FOR-US: Sparx Systems
 CVE-2026-42099 (Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_ ...)
@@ -620,7 +620,7 @@ CVE-2026-29220 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
 CVE-2026-29207 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-27173 (JWT tokens that were used by workers in Kubernetes Executors have been ...)
-	TODO: check
+	NOT-FOR-US: Apache Airflow provider
 CVE-2026-24215 (NVIDIA Triton Inference Server contains a vulnerability in the DALI ba ...)
 	NOT-FOR-US: NVIDIA
 CVE-2026-24214 (NVIDIA Triton Inference Server contains a vulnerability in the DALI ba ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5376223504197ef3e1390f0f7fb5417d3dfcef0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5376223504197ef3e1390f0f7fb5417d3dfcef0b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/e6f16a07/attachment.htm>

More information about the debian-security-tracker-commits mailing list