Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
997dd291 by Moritz Muehlenhoff at 2026-06-12T17:54:45+02:00
auto-nfu: Extend vmware rule
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -548,35 +548,35 @@ CVE-2026-42542 (TDengine is an open source, time-series
database optimized for I
CVE-2026-42462 (Fedify is a TypeScript library for building federated server
apps powe ...)
NOT-FOR-US: Fedify
CVE-2026-41856 (The Spring GraphQL annotation detection mechanism for
@Controller data ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41700 (Spring for GraphQL applications that have enabled the
WebSocket transp ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41699 (Spring for GraphQL applications are vulnerable to Unsafe
Deserializati ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41001 (Spring Boot's ArtemisEmbeddedConfigurationFactory uses a
fixed, static ...)
NOT-FOR-US: VMware
CVE-2026-41000 (Wss4jSecurityInterceptor did not consistently wire Apache
WSS4J Replay ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40999 (When WS-Addressing is used with non-anonymous ReplyTo or
FaultTo addre ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40998 (Jaxp13XPathTemplate evaluated XPath expressions for
StreamSource and S ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40997 (Several Spring WS integration paths with Spring Security could
surface ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40996 (Wss4jSecurityInterceptor defaulted
allowRSA15KeyTransportAlgorithm to ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40995 (X509AuthenticationProvider could issue a fully authenticated
X509Authe ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40994 (Wss4jSecurityInterceptor initialized its BSP (WS-I Basic
Security Prof ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40992 (Spring Boot's Mail auto-configuration does not enable hostname
verific ...)
NOT-FOR-US: VMware
CVE-2026-40987 (A malicious or compromised FTP/SFTP/SMB server can write
arbitrary fil ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40986 (Spring Web Flow's JavaScript RemotingHandler renders the body
of an er ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40985 (Applications that configure the WebFlowELExpressionParser are
vulnerab ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-3553 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is
vulnerable to ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -695,10 +695,14 @@
- product: Spring Data REST
- product: Spring for Apache Kafka
- product: Spring for Apache Pulsar
+ - product: Spring for GraphQL
- product: Spring HATEOAS
+ - product: Spring Integration
- product: Spring LDAP
- product: Spring REST Docs
- product: Spring Retry
+ - product: Spring Web Flow
+ - product: Spring Web Services
- product: VMware Cloud Foundation
- product: VMware ESXi
- product: VMware NSX
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997dd29168b8fc1a9bece9cbaf75d5b24169af5b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997dd29168b8fc1a9bece9cbaf75d5b24169af5b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
