[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend vmware rule

Moritz Muehlenhoff (@jmm) Wed, 10 Jun 2026 03:50:00 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d58fbd01 by Moritz Muehlenhoff at 2026-06-10T12:49:23+02:00
auto-nfu: Extend vmware rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -210,43 +210,43 @@ CVE-2026-44634 (SimpleBLE is a cross-platform library and 
bindings for Bluetooth
 CVE-2026-44505 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake 
protocol ba ...)
        NOT-FOR-US: Nimiq
 CVE-2026-41837 (Spring Data REST's Querydsl integration accepts arbitrary 
persistent p ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41732 (JsonPulsarHeaderMapper matched type headers against trusted 
packages u ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41731 (JsonKafkaHeaderMapper and the deprecated 
DefaultKafkaHeaderMapper matc ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41730 (Spring Data REST serializes the full exception cause chain 
into HTTP e ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41729 (Spring Data REST is vulnerable to SpEL expression injection 
through ma ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41728 (Spring Data REST's JSON Patch (application/json-patch+json) 
implementa ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41727 (Spring Kafka's retry topic infrastructure did not sufficiently 
validat ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41726 (When an application opts into DelegatingDeserializer, a 
producer can g ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41721 (Spring Data Commons contains a vulnerability that can lead to 
a Denial ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41719 (A SpEL Injection vulnerability exists in the Spring Data 
KeyValue if u ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41717 (Spring Data MongoDB contains a SpEL (Spring Expression 
Language) expre ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41716 (Spring Data's internal property-lookup cache accepts and 
permanently r ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41714 (Applications that configure their broker connection via 
RabbitConnecti ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41711 (Applications using Spring Data Commons may be vulnerable to a 
Denial o ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41706 (Spring Security's CookieRequestCache and 
CookieServerRequestCache stor ...)
        TODO: check
 CVE-2026-41701 (Correlation IDs for replies in the 
RabbitTemplate.sendAndReceive() wit ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41697 (Spring Data Relational does not properly escape binding values 
of exte ...)
        TODO: check
 CVE-2026-41696 (Spring Data MongoDB repository query methods annotated with 
@Query tha ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41695 (Spring Data Commons applications may be vulnerable to denial 
of servic ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41694 (Since Spring Security SAML decrypts SAML Responses as well as 
elements ...)
        TODO: check
 CVE-2026-41008 (Spring Security Authorization Server's authorization endpoint 
performs ...)
@@ -256,7 +256,7 @@ CVE-2026-41003 (An attacker able to influence values in 
RelyingPartyRegistration
 CVE-2026-40993 (An attacker with write permissions to the database table 
managed by Jd ...)
        TODO: check
 CVE-2026-40991 (When using spring-restdocs-webtestclient or 
spring-restdocs-restassure ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-40988 (An application using spring-security-saml2-service-provider 
and the RE ...)
        TODO: check
 CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly 
sanitise and ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -678,13 +678,22 @@
       - product: Micrometer
       - product: Reactor Netty
       - product: Spring AI
+      - product: Spring AMQP
       - product: Spring Boot
       - product: Spring Cloud Config
       - product: Spring Cloud Function
       - product: Spring Cloud Gateway
       - product: Spring Cloud Gateway Server Webflux
+      - product: Spring Data Commons
+      - product: Spring Data KeyValue
+      - product: Spring Data MongoDB
+      - product: Spring Data Relational
+      - product: Spring Data REST
+      - product: Spring for Apache Kafka
+      - product: Spring for Apache Pulsar
       - product: Spring HATEOAS
       - product: Spring LDAP
+      - product: Spring REST Docs
       - product: Spring Retry
       - product: VMware Cloud Foundation
       - product: VMware ESXi



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58fbd01641ddc4ad9c754ed3deb8b10a895cbc7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58fbd01641ddc4ad9c754ed3deb8b10a895cbc7
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend vmware rule

Reply via email to