[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 31 22:03:22 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90a183d9 by Moritz Muehlenhoff at 2026-05-31T23:03:04+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -281,9 +281,9 @@ CVE-2026-46527 (cpp-httplib is a C++11 single-file header-only cross platform HT
 	- cpp-httplib <unfixed> (bug #1138578)
 	NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-hg3g-vrg8-578g
 CVE-2026-46385 (iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro arr ...)
-	TODO: check
+	NOT-FOR-US: iskorotkov/avro
 CVE-2026-46384 (iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro ...)
-	TODO: check
+	NOT-FOR-US: iskorotkov/avro
 CVE-2026-45700 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.26.0+dfsg-1
 	- freerdp2 <removed>
@@ -1677,7 +1677,7 @@ CVE-2026-47326 (Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memo
 CVE-2026-47136 (RustFS is a distributed object storage system built in Rust. Prior to  ...)
 	NOT-FOR-US: RustFS
 CVE-2026-47074 (Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (Ex ...)
-	TODO: check
+	NOT-FOR-US: ex_aws_sns
 CVE-2026-46685 (RustFS is a distributed object storage system built in Rust. Prior to  ...)
 	NOT-FOR-US: RustFS
 CVE-2026-46561 (pyLoad is a free and open-source download manager written in Python. P ...)
@@ -2649,7 +2649,7 @@ CVE-2026-42197 (RELATE is a web-based courseware package. Versions prior to comm
 CVE-2026-3173 (The Meta Field Block plugin for WordPress is vulnerable to Insecure Di ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-33552 (Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Acce ...)
-	TODO: check
+	NOT-FOR-US: Northern.tech Mender Enterprise Server
 CVE-2026-32999 (Insufficient character filtering in backup agent signing module on Com ...)
 	NOT-FOR-US: Comet Backup
 CVE-2026-32998 (This vulnerability in Veeam Service Provider Console allows for remote ...)
@@ -3232,7 +3232,7 @@ CVE-2026-3001 (The Gutenverse plugin for WordPress is vulnerable to Reflected Cr
 CVE-2026-38945 (Command injection in Raynet rvia version 12.6 Update 8 and previous ve ...)
 	NOT-FOR-US: Raynet
 CVE-2026-38931 (A stored cross-site scripting (XSS) vulnerability in the /admin/config ...)
-	TODO: check
+	NOT-FOR-US: simplephp
 CVE-2026-38930 (OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication  ...)
 	NOT-FOR-US: OpenRapid RapidCMS
 CVE-2026-38808 (SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote att ...)
@@ -3260,7 +3260,7 @@ CVE-2026-36538 (Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root
 CVE-2026-36045 (picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection vi ...)
 	NOT-FOR-US: PicoClaw
 CVE-2026-36044 (@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the s ...)
-	TODO: check
+	NOT-FOR-US: @pensar/apex
 CVE-2026-35090 (In Slican telephone exchanges it is possible to manage the control pan ...)
 	NOT-FOR-US: Slican telephone exchanges
 CVE-2026-35089 (In Slican telephone exchanges secure key is generated in a predictable ...)
@@ -5015,9 +5015,9 @@ CVE-2026-49000 (An insecure password scheme refers to vulnerabilities arising fr
 CVE-2026-48999 (Attackers carefully craft malicious scripts, such as JavaScript, and i ...)
 	NOT-FOR-US: ZTE
 CVE-2026-48593 (Uncontrolled Resource Consumption vulnerability in oban-bg oban_web (' ...)
-	TODO: check
+	NOT-FOR-US: oban_web
 CVE-2026-48592 (Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban. ...)
-	TODO: check
+	NOT-FOR-US: oban_web
 CVE-2026-47672 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
 	NOT-FOR-US: epa4all-client
 CVE-2026-45575 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a183d97917d4c32252b3c2cf47a14e56ab11a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a183d97917d4c32252b3c2cf47a14e56ab11a8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260531/5acafe19/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list