[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aa47a736 by Moritz Muehlenhoff at 2026-05-19T16:34:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -70,7 +70,7 @@ CVE-2026-33232 (AutoGPT is a workflow automation platform for 
creating, deployin
 CVE-2026-33052 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. 
Version ...)
        - mantis <removed>
 CVE-2026-32994 (The /api/v1/autotranslate.translateMessage endpoint in 
versions <8.5.0 ...)
-       TODO: check
+       NOT-FOR-US: Rocket.Chat
 CVE-2026-32323 (Mullvad VPN is a VPN client app for desktop and mobile. When 
using mac ...)
        NOT-FOR-US: Mullvad VPN
 CVE-2026-32312 (GLPI is a free asset and IT management software package. In 
versions 1 ...)
@@ -107,19 +107,19 @@ CVE-2026-25850 (in OpenHarmony v6.0 and prior versions 
allow a local attacker ca
 CVE-2026-25781 (in OpenHarmony v6.0 and prior versions allow a local attacker 
cause DO ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-25244 (WebdriverIO is a test automation framework for unit, e2e and 
component ...)
-       TODO: check
+       NOT-FOR-US: WebdriverIO
 CVE-2026-25110 (in OpenHarmony v6.0 and prior versions allow a local attacker 
cause DO ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-24792 (in OpenHarmony v6.0 and prior versions allow a remote attacker 
arbitra ...)
        NOT-FOR-US: OpenHarmony
 CVE-2026-22810 (Joplin is an open source note-taking and to-do application 
that organi ...)
-       TODO: check
+       - joplin <itp> (bug #931306)
 CVE-2026-22069 (A local privilege escalation vulnerability exists in O+ 
Connect becaus ...)
        TODO: check
 CVE-2026-21789 (HCL Connections contains a broken access control vulnerability 
that ma ...)
        NOT-FOR-US: HCL
 CVE-2025-65954 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS 
server in t ...)
-       TODO: check
+       NOT-FOR-US: SimpleSAMLphp-casserver
 CVE-2025-15609 (The Fortis for WooCommerce WordPress plugin before 1.3.1 may 
leak sens ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-45137
@@ -243,7 +243,7 @@ CVE-2026-20685 (An attacker in a privileged network 
position may be able to leak
 CVE-2026-0983 (Denial-of-service condition in M-Files Server versions before 
26.5.160 ...)
        NOT-FOR-US: M-Files
 CVE-2025-57282 (ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command 
Injection.)
-       TODO: check
+       NOT-FOR-US: ngrok
 CVE-2025-56352 (In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 
(2024-02-1 ...)
        NOT-FOR-US: tinyMQTT
 CVE-2026-8788 (Net::Statsd::Lite versions through 0.10.0 for Perl allowed 
metric inje ...)
@@ -1058,7 +1058,7 @@ CVE-2026-0481 (Unrestricted IP address binding in the AMD 
Device Metrics Exporte
 CVE-2026-0438 (A System Management Mode (SMM) handler could perform a callout 
to code ...)
        TODO: check
 CVE-2026-0432 (Incorrect default permissions in the installation directory for 
the AM ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2026-0428 (Insufficient parameter sanitization in TEE SOC Driver could 
allow an a ...)
        NOT-FOR-US: AMD
 CVE-2026-0427 (Improper cleanup of shared register resources in GPU firmware 
could al ...)
@@ -1116,9 +1116,9 @@ CVE-2024-36332 (Improper isolation of GPU HW register 
space could allow a privil
 CVE-2024-36323 (Improper isolation of VCN-JPEG HW register space could allow a 
malicio ...)
        TODO: check
 CVE-2024-21962 (Improper Input Validation in the AMD RAID driver could allow 
an attack ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2024-21950 (An out of bounds read in the remote management firmware could 
allow a  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-31317 (Improper restriction of operations within the bounds of a 
memory buffe ...)
        TODO: check
 CVE-2023-31316 (Improperly preserved integrity of hardware configuration state 
during  ...)
@@ -1711,7 +1711,7 @@ CVE-2026-44503 (The RedirectHandler middleware in 
microsoft/kiota-java (com.micr
 CVE-2026-44501 (DataHub is an open-source metadata platform. Prior to 1.5.0.3, 
The Dat ...)
        NOT-FOR-US: DataHub
 CVE-2026-44484 (PyTorch Lightning is a deep learning framework to pretrain and 
finetun ...)
-       TODO: check
+       NOT-FOR-US: PyTorch Lightning
 CVE-2026-44482 (soundcloud-rpc is a SoundCloud Client with Discord Rich 
Presence, Dark ...)
        NOT-FOR-US: SoundCloud
 CVE-2026-44375 (Nerdbank.MessagePack is a NativeAOT-compatible MessagePack 
serializati ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa47a736e0cd8638f3fe51763a8b32247f959904

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa47a736e0cd8638f3fe51763a8b32247f959904
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits