[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 12 Jun 2026 12:52:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a71a313c by Salvatore Bonaccorso at 2026-06-12T21:51:54+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,41 +9,41 @@ CVE-2026-9638 (Crypt::PBKDF2 versions before 0.261630 for 
Perl generate insecure
 CVE-2026-9266 (A Missing Required Cryptographic Step vulnerability has been 
identifie ...)
        NOT-FOR-US: Moxa
 CVE-2026-8828 (A lack of authorization validation in version 1.0.0 or later of 
the Ch ...)
-       TODO: check
+       NOT-FOR-US: Chroma ChromaDB
 CVE-2026-8694 (Improper access control in Devolutions PowerShell Universal 
2026.1.7 a ...)
        NOT-FOR-US: Devolutions
 CVE-2026-7387 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x 
<= 10. ...)
        TODO: check
 CVE-2026-7368 (The Yarbo cloud does not enforce per-device or per-user 
authorization. ...)
-       TODO: check
+       NOT-FOR-US: Yarbo
 CVE-2026-7184 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x 
<= 10. ...)
        TODO: check
 CVE-2026-6961 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x 
<= 10. ...)
        TODO: check
 CVE-2026-6853 (Improper restriction of excessive authentication attempts 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Pause+ Mobile App
 CVE-2026-6739 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x 
<= 10. ...)
        TODO: check
 CVE-2026-6689 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x 
<= 10. ...)
        TODO: check
 CVE-2026-6211 (Unrestricted upload of file with dangerous type vulnerability 
in Globa ...)
-       TODO: check
+       NOT-FOR-US: WEOLL
 CVE-2026-6046 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x 
<= 10. ...)
        TODO: check
 CVE-2026-5792 (Authentication bypass by spoofing vulnerability in Hedef Media 
Promoti ...)
-       TODO: check
+       NOT-FOR-US: Related Marketing Cloud (RMC)
 CVE-2026-54133 (jmespath.php allows users to use JMESPath, software for 
declaratively  ...)
-       TODO: check
+       NOT-FOR-US: jmespath.php (not same as ruby-jmespath, PHP implementation)
 CVE-2026-54102
        REJECTED
 CVE-2026-54101
        REJECTED
 CVE-2026-53982 (Capgo Console prior to 12.28.2 contains a denial-of-service 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Capgo Console
 CVE-2026-53981 (Cap-go prior to 12.128.2 contains an account takeover 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-53787 (Amasty Order Attributes for Magento 2 before version 4.0.0 
contains an ...)
-       TODO: check
+       NOT-FOR-US: Amasty Order Attributes for Magento 2
 CVE-2026-53726 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-53725 (Parse Server is an open source backend that can be deployed to 
any inf ...)
@@ -51,11 +51,11 @@ CVE-2026-53725 (Parse Server is an open source backend that 
can be deployed to a
 CVE-2026-53724 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-53722 (Nuxt is an open-source web development framework for Vue.js. 
Prior to  ...)
-       TODO: check
+       NOT-FOR-US: Nuxt
 CVE-2026-53721 (Nuxt is an open-source web development framework for Vue.js. 
From vers ...)
-       TODO: check
+       NOT-FOR-US: Nuxt
 CVE-2026-53568 (Frappe is a full-stack web application framework. Prior to 
versions 15 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-53408 (Improper Authorization in Handler for Custom URL Scheme in 
Zoom Workpl ...)
        NOT-FOR-US: Zoom
 CVE-2026-53407 (Improper Authorization in Handler for Custom URL Scheme in 
Zoom Workpl ...)
@@ -85,35 +85,35 @@ CVE-2026-50623 (An authentication bypass vulnerability 
exists in the OAuth2 Toke
 CVE-2026-50560 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-50244 (The Naxclow platform exposes a registration endpoint that 
accepts sign ...)
-       TODO: check
+       NOT-FOR-US: Naxclow platform
 CVE-2026-50108 (The Naxclow platform API that returns device relay 
registration detail ...)
-       TODO: check
+       NOT-FOR-US: Naxclow platform
 CVE-2026-50101 (Naxclow devices use a server-side, per-device relay credential 
that ne ...)
-       TODO: check
+       NOT-FOR-US: Naxclow
 CVE-2026-50099 (During WiFi association, Naxclow device firmware prints the 
host netwo ...)
-       TODO: check
+       NOT-FOR-US: Naxclow
 CVE-2026-50091 (Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and 
white-label c ...)
-       TODO: check
+       NOT-FOR-US: Aqara Home Android (com.lumiunited.aqarahome)
 CVE-2026-50090 (The Aqara Cloud OAuth Authorization Endpoint 
(open-cn.aqara.com/oauth/ ...)
-       TODO: check
+       NOT-FOR-US: Aqara Cloud OAuth Authorization Endpoint
 CVE-2026-50089 (The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an 
open redi ...)
-       TODO: check
+       NOT-FOR-US: Aqara
 CVE-2026-50088 (The Aqara Developer Portal (developer.aqara.com) and shared 
test envir ...)
-       TODO: check
+       NOT-FOR-US: Aqara
 CVE-2026-50087 (The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a 
cross-orig ...)
-       TODO: check
+       NOT-FOR-US: Aqara
 CVE-2026-50086 (The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes 
bidirectional ...)
-       TODO: check
+       NOT-FOR-US: Aqara
 CVE-2026-50085 (The Aqara Board service (op-test.aqara.com) accepts arbitrary 
MQTT com ...)
-       TODO: check
+       NOT-FOR-US: Aqara
 CVE-2026-50084 (The Aqara Cloud Production API 
(open-cn.aqara.com/v3.0/open/api) would ...)
-       TODO: check
+       NOT-FOR-US: Aqara
 CVE-2026-50083 (The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a 
hardcoded OAut ...)
-       TODO: check
+       NOT-FOR-US: Aqara
 CVE-2026-50082 (The Aqara Cloud Developer Portal (developer.aqara.com) issued 
a develo ...)
-       TODO: check
+       NOT-FOR-US: Aqara
 CVE-2026-50026 (Frappe is a full-stack web application framework. Prior to 
versions 15 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50020 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-50011 (Netty is a network application framework for development of 
protocol s ...)
@@ -125,19 +125,19 @@ CVE-2026-50009 (Netty is a network application framework 
for development of prot
 CVE-2026-50008 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-49993 (Nuxt is an open-source web development framework for Vue.js. 
In @nuxt/ ...)
-       TODO: check
+       NOT-FOR-US: Nuxt
 CVE-2026-49875 (Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory 
classes  ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49347 (Quest Bot is an opensource Discord Bot. Prior to version 
1.1.8, any us ...)
-       TODO: check
+       NOT-FOR-US: Quest Bot
 CVE-2026-48914 (A flaw was found in QEMU's virtio-blk device. The issue arises 
because ...)
        TODO: check
 CVE-2026-48748 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-48558 (SimpleHelp versions 5.5.15 and prior and 6.0 pre-release 
versions cont ...)
-       TODO: check
+       NOT-FOR-US: SimpleHelp
 CVE-2026-48485 (Quest Bot is an opensource Discord Bot. Prior to version 
1.1.6, the la ...)
-       TODO: check
+       NOT-FOR-US: Quest Bot
 CVE-2026-48059 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-48043 (Netty is a network application framework for development of 
protocol s ...)
@@ -147,7 +147,7 @@ CVE-2026-48006 (Netty is a network application framework 
for development of prot
 CVE-2026-47965 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier 
are aff ...)
        NOT-FOR-US: Adobe
 CVE-2026-47739 (Frappe is a full-stack web application framework. Prior to 
versions 15 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-47691 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-47248 (Parse Server is an open source backend that can be deployed to 
any inf ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a71a313cb17535a32d9a206efb99cdbaf4bc2775

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a71a313cb17535a32d9a206efb99cdbaf4bc2775
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to