[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 11 Mar 2026 14:00:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ee92dbd5 by Salvatore Bonaccorso at 2026-03-11T22:00:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2026-3954 (A weakness has been identified in OpenBMB XAgent 1.0.0. 
Affected by th ...)
-       TODO: check
+       NOT-FOR-US: OpenBMB XAgent
 CVE-2026-3951 (A security flaw has been discovered in LockerProject Locker 
0.0.0/0.0. ...)
-       TODO: check
+       NOT-FOR-US: LockerProject Locker
 CVE-2026-3950 (A vulnerability was identified in strukturag libheif up to 
1.21.2. Thi ...)
        TODO: check
 CVE-2026-3949 (A vulnerability was determined in strukturag libheif up to 
1.21.2. Thi ...)
        TODO: check
 CVE-2026-3946 (A vulnerability was detected in PHPEMS 11.0. The affected 
element is a ...)
-       TODO: check
+       NOT-FOR-US: PHPEMS
 CVE-2026-3944 (A vulnerability was determined in itsourcecode University 
Management S ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-3943 (A vulnerability was found in H3C ACG1000-AK230 up to 20260227. 
This af ...)
-       TODO: check
+       NOT-FOR-US: H3C
 CVE-2026-3906 (WordPress core is vulnerable to unauthorized access in versions 
6.9 th ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-3848 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
@@ -27,19 +27,19 @@ CVE-2026-3178 (The Name Directory plugin for WordPress is 
vulnerable to Stored C
 CVE-2026-3013 (Coppermine Photo Gallery in versions 1.6.09 through 1.6.27is 
vulnerabl ...)
        TODO: check
 CVE-2026-32234 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-32229 (In JetBrains Hub before 2026.1 possible on sign-in account 
mismatch wi ...)
        NOT-FOR-US: JetBrains
 CVE-2026-32098 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-32097 (PingPong is a platform for using large language models (LLMs) 
for teac ...)
-       TODO: check
+       NOT-FOR-US: PingPong
 CVE-2026-32096 (Plunk is an open-source email platform built on top of AWS 
SES. Prior  ...)
-       TODO: check
+       NOT-FOR-US: Plunk
 CVE-2026-32095 (Plunk is an open-source email platform built on top of AWS 
SES. Prior  ...)
-       TODO: check
+       NOT-FOR-US: Plunk
 CVE-2026-32094 (Shescape is a simple shell escape library for JavaScript. 
Prior to 2.1 ...)
-       TODO: check
+       NOT-FOR-US: Shescape
 CVE-2026-32063 (OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a 
command inj ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-32062 (OpenClaw versions2026.2.21-2 prior to 2026.2.22 and 
@openclaw/voice-ca ...)
@@ -51,13 +51,13 @@ CVE-2026-32060 (OpenClaw versions prior to 2026.2.14 
contain a path traversal vu
 CVE-2026-32059 (OpenClaw version 2026.2.22-2 prior to 2026.2.23 
tools.exec.safeBins va ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-31979 (Himmelblau is an interoperability suite for Microsoft Azure 
Entra ID a ...)
-       TODO: check
+       NOT-FOR-US: Himmelblau
 CVE-2026-31976 (xygeni-action is the GitHub Action for Xygeni Scanner. On 
March 3, 202 ...)
-       TODO: check
+       NOT-FOR-US: xygeni-action
 CVE-2026-31975 (Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for 
Claude C ...)
-       TODO: check
+       NOT-FOR-US: Cloud CLI (aka Claude Code UI)
 CVE-2026-31974 (OpenProject is an open-source, web-based project management 
software.  ...)
-       TODO: check
+       NOT-FOR-US: OpenProject
 CVE-2026-31961 (Quill provides simple mac binary signing and notarization from 
any pla ...)
        TODO: check
 CVE-2026-31960 (Quill provides simple mac binary signing and notarization from 
any pla ...)
@@ -67,11 +67,11 @@ CVE-2026-31959 (Quill provides simple mac binary signing 
and notarization from a
 CVE-2026-31958 (Tornado is a Python web framework and asynchronous networking 
library. ...)
        TODO: check
 CVE-2026-31957 (Himmelblau is an interoperability suite for Microsoft Azure 
Entra ID a ...)
-       TODO: check
+       NOT-FOR-US: Himmelblau
 CVE-2026-31954 (Emlog is an open source website building system. In 2.6.6 and 
earlier, ...)
        NOT-FOR-US: Emlog
 CVE-2026-31901 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-31900 (Black is the uncompromising Python code formatter. Black 
provides a Gi ...)
        TODO: check
 CVE-2026-31896 (WeGIA is a web manager for charitable institutions. Prior to 
version 3 ...)
@@ -81,25 +81,25 @@ CVE-2026-31895 (WeGIA is a web manager for charitable 
institutions. Prior to ver
 CVE-2026-31894 (WeGIA is a web manager for charitable institutions. In 3.6.5, 
The patc ...)
        NOT-FOR-US: WeGIA
 CVE-2026-31892 (Argo Workflows is an open source container-native workflow 
engine for  ...)
-       TODO: check
+       NOT-FOR-US: Argo Workflows
 CVE-2026-31889 (Shopware is an open commerce platform. Prior to 6.6.10.15 and 
6.7.8.1, ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-31888 (Shopware is an open commerce platform. Prior to 6.7.8.1 and 
6.6.10.15, ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-31887 (Shopware is an open commerce platform. Prior to 6.7.8.1 and 
6.6.10.15, ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-31881 (Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, 
an unau ...)
-       TODO: check
+       NOT-FOR-US: Runtipi
 CVE-2026-31879 (Frappe is a full-stack web application framework. Prior to 
14.100.2, 1 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-31878 (Frappe is a full-stack web application framework. Prior to 
14.100.1, 1 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-31877 (Frappe is a full-stack web application framework. Prior to 
15.84.0 and ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-31876 (Notesnook is a note-taking app focused on user privacy & ease 
of use.  ...)
-       TODO: check
+       NOT-FOR-US: Notesnook
 CVE-2026-31875 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-31874 (Taskosaur is an open source project management platform with 
conversat ...)
        TODO: check
 CVE-2026-31872 (Parse Server is an open source backend that can be deployed to 
any inf ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee92dbd5b437e049278adea570309061314910c9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee92dbd5b437e049278adea570309061314910c9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to