[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 19 May 2026 00:46:02 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9f8ad9df by Salvatore Bonaccorso at 2026-05-19T09:44:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,9 +7,9 @@ CVE-2026-8838 (Unsafe use of Python's eval() on server-received 
data in the vect
 CVE-2026-8830 (A flaw was found in Keycloak. An authenticated user can bypass 
configu ...)
        - keycloak <itp> (bug #1088287)
 CVE-2026-8814 (Versions of the package exifreader before 4.39.0 are vulnerable 
to Imp ...)
-       TODO: check
+       NOT-FOR-US: exifreader
 CVE-2026-8813 (This affects versions of the package exifreader before 4.39.0. 
A craft ...)
-       TODO: check
+       NOT-FOR-US: exifreader
 CVE-2026-4137 (In mlflow/mlflow versions prior to 3.11.0, the 
`get_or_create_nfs_tmp_ ...)
        NOT-FOR-US: mlflow
 CVE-2026-47311 (Heap-based buffer overflow vulnerability in Samsung Open 
Source Escarg ...)
@@ -39,45 +39,45 @@ CVE-2026-33565 (in OpenHarmony v6.0 and prior versions 
allow a local attacker ca
 CVE-2026-33514 (Discourse is an open-source discussion platform. In versions 
prior to  ...)
        NOT-FOR-US: Discourse
 CVE-2026-33234 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2026-33233 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2026-33232 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2026-33052 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. 
Version ...)
        TODO: check
 CVE-2026-32994 (The /api/v1/autotranslate.translateMessage endpoint in 
versions <8.5.0 ...)
        TODO: check
 CVE-2026-32323 (Mullvad VPN is a VPN client app for desktop and mobile. When 
using mac ...)
-       TODO: check
+       NOT-FOR-US: Mullvad VPN
 CVE-2026-32312 (GLPI is a free asset and IT management software package. In 
versions 1 ...)
        TODO: check
 CVE-2026-32244 (Discourse is an open-source discussion platform. In versions 
prior to  ...)
        NOT-FOR-US: Discourse
 CVE-2026-30950 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2026-28751 (in OpenHarmony v6.0 and prior versions allow a local attacker 
cause DO ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-28733 (in OpenHarmony v6.0 and prior versions allow a local attacker 
arbitrar ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-27964 (FacturaScripts is an open source accounting and invoicing 
software. Ve ...)
-       TODO: check
+       NOT-FOR-US: FacturaScripts
 CVE-2026-27892 (FacturaScripts is an open source accounting and invoicing 
software. In ...)
-       TODO: check
+       NOT-FOR-US: FacturaScripts
 CVE-2026-27891 (FacturaScripts is an open source accounting and invoicing 
software. Ve ...)
-       TODO: check
+       NOT-FOR-US: FacturaScripts
 CVE-2026-27781 (in OpenHarmony v6.0 and prior versions allow a local attacker 
cause DO ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-27766 (in OpenHarmony v6.0 and prior versions allow a local attacker 
cause in ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-27737 (BigBlueButton is an open-source virtual classroom. In versions 
prior t ...)
-       TODO: check
+       NOT-FOR-US: BigBlueButton
 CVE-2026-27648 (in OpenHarmony v6.0 and prior versions allow a remote attacker 
arbitra ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-27130 (Dokploy is a free, self-hostable Platform as a Service (PaaS). 
Version ...)
-       TODO: check
+       NOT-FOR-US: Dokploy
 CVE-2026-26978 (FreePBX is an open source IP PBX. In versions below 16.0.71 
and 17.0.6 ...)
-       TODO: check
+       NOT-FOR-US: FreePBX
 CVE-2026-25850 (in OpenHarmony v6.0 and prior versions allow a local attacker 
cause in ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-25781 (in OpenHarmony v6.0 and prior versions allow a local attacker 
cause DO ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f8ad9dfdf8aa6986e5e517215d53fb01417d92c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f8ad9dfdf8aa6986e5e517215d53fb01417d92c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to