[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 04 Mar 2026 14:03:45 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2f7891b9 by Salvatore Bonaccorso at 2026-03-04T23:03:07+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2026-3520 (Multer is a node.js middleware for handling 
`multipart/form-data`
 CVE-2026-3439 (A post-authentication Stack-based Buffer Overflow vulnerability 
in Son ...)
        NOT-FOR-US: SonicWall
 CVE-2026-3125 (A Server-Side Request Forgery (SSRF) vulnerability was 
identified in t ...)
-       TODO: check
+       NOT-FOR-US: opennextjs/cloudflare package
 CVE-2026-3103 (A logic error in the remove_password() function in Checkmk 
GmbH's Chec ...)
        - check-mk <removed>
 CVE-2026-3094 (Delta Electronics CNCSoft-G2lacks proper validation of the 
user-suppli ...)
@@ -43,11 +43,11 @@ CVE-2026-3058 (The Seraphinite Accelerator plugin for 
WordPress is vulnerable to
 CVE-2026-3056 (The Seraphinite Accelerator plugin for WordPress is vulnerable 
to unau ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-2748 (SEPPmail Secure Email Gateway before version 15.0.1 improperly 
validat ...)
-       TODO: check
+       NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-2747 (SEPPmail Secure Email Gateway before version 15.0.1 decrypts 
inline PG ...)
-       TODO: check
+       NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-2746 (SEPPmail Secure Email Gateway before version 15.0.1 does not 
properly  ...)
-       TODO: check
+       NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-2355 (The My Calendar \u2013 Accessible Event Manager plugin for 
WordPress i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-29120 (The /root/anaconda-ks.cfg installation configuration file in 
Internati ...)
@@ -79,15 +79,15 @@ CVE-2026-28427 (OpenDeck is Linux software for your Elgato 
Stream Deck. Prior to
 CVE-2026-27446 (Missing Authentication for Critical Function (CWE-306) 
vulnerability i ...)
        TODO: check
 CVE-2026-27445 (SEPPmail Secure Email Gateway before version 15.0.1 does not 
properly  ...)
-       TODO: check
+       NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-27444 (SEPPmail Secure Email Gateway before version 15.0.1 
incorrectly interp ...)
-       TODO: check
+       NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-27443 (SEPPmail Secure Email Gateway before version 15.0.1 does not 
properly  ...)
-       TODO: check
+       NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-27442 (The GINA web interface in SEPPmail Secure Email Gateway before 
version ...)
-       TODO: check
+       NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-27441 (SEPPmail Secure Email Gateway before version 15.0.1 
insufficiently neu ...)
-       TODO: check
+       NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-26949 (Dell Device Management Agent (DDMA), versions prior to 26.02, 
contain  ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-26673 (An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 
0.1.00.050 ...)
@@ -95,7 +95,7 @@ CVE-2026-26673 (An issue in DJI Mavic Mini, Spark, Mavic Air, 
Mini, Mini SE 0.1.
 CVE-2026-26514 (An Argument Injection vulnerability exists in bird-lg-go 
before commit ...)
        TODO: check
 CVE-2026-26478 (A shell command injection vulnerability in Mobvoi Tichome Mini 
smart s ...)
-       TODO: check
+       NOT-FOR-US: Mobvoi Tichome Mini smart speaker
 CVE-2026-25907 (Dell PowerScale OneFS, version 9.13.0.0, contains an overly 
restrictiv ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-24732 (Files or Directories Accessible to External Parties, Incorrect 
Permiss ...)
@@ -241,7 +241,7 @@ CVE-2026-0847 (A vulnerability in NLTK versions up to and 
including 3.9.2 allows
 CVE-2025-70342 (erase-install prior to v40.4 commit 2c31239 writes swiftDialog 
credent ...)
        TODO: check
 CVE-2025-70341 (Insecure permissions in App-Auto-Patch v3.4.2 create a race 
condition  ...)
-       TODO: check
+       NOT-FOR-US: App-Auto-Patch
 CVE-2025-70226 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 
via the cu ...)
        NOT-FOR-US: D-Link
 CVE-2025-70223 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 
via the cu ...)
@@ -410,19 +410,19 @@ CVE-2026-27622 (OpenEXR provides the specification and 
reference implementation
 CVE-2026-27601 (Underscore.js is a utility-belt library for JavaScript. Prior 
to 1.13. ...)
        TODO: check
 CVE-2026-27600 (HomeBox is a home inventory and organization system. Prior to 
0.24.0-r ...)
-       TODO: check
+       NOT-FOR-US: HomeBox
 CVE-2026-27012 (OpenSTAManager is an open source management software for 
technical ass ...)
-       TODO: check
+       NOT-FOR-US: OpenSTAManager
 CVE-2026-26279 (Froxlor is open source server administration software. Prior 
to 2.3.4, ...)
        TODO: check
 CVE-2026-26272 (HomeBox is a home inventory and organization system. Prior to 
0.24.0-r ...)
-       TODO: check
+       NOT-FOR-US: HomeBox
 CVE-2026-26266 (AliasVault is a privacy-first password manager with built-in 
email ali ...)
-       TODO: check
+       NOT-FOR-US: AliasVault
 CVE-2026-25906 (Dell Optimizer, versions prior to 6.3.1, contain an Improper 
Link Reso ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-25590 (The GLPI Inventory Plugin handles network discovery, 
inventory, softwa ...)
-       TODO: check
+       NOT-FOR-US: GLPI Inventory Plugin
 CVE-2026-25146 (OpenEMR is a free and open source electronic health records 
and medica ...)
        NOT-FOR-US: OpenEMR
 CVE-2026-24898 (OpenEMR is a free and open source electronic health records 
and medica ...)
@@ -432,15 +432,15 @@ CVE-2026-24848 (OpenEMR is a free and open source 
electronic health records and
 CVE-2026-24502 (Dell Command | Intel vPro Out of Band, versions prior to 
4.7.0, contai ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-24415 (OpenSTAManager is an open source management software for 
technical ass ...)
-       TODO: check
+       NOT-FOR-US: OpenSTAManager
 CVE-2026-21866 (Dify is an open-source LLM app development platform. Prior to 
1.11.2,  ...)
-       TODO: check
+       NOT-FOR-US: Dify
 CVE-2026-1980 (The WPBookit plugin for WordPress is vulnerable to unauthorized 
data d ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-1945 (The WPBookit plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-1775 (The Labkotec LID-3300IP has an existing vulnerability in the 
ice detec ...)
-       TODO: check
+       NOT-FOR-US: Labkotec LID-3300IP
 CVE-2026-1713 (IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 
LTS, 9.3 ...)
        NOT-FOR-US: IBM
 CVE-2026-1651 (The Email Subscribers by Icegram Express plugin for WordPress 
is vulne ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f7891b942511425c47fe0b40b5a38b190b36d0c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f7891b942511425c47fe0b40b5a38b190b36d0c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to