[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 12 Jun 2026 13:39:58 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9dc7bbd5 by Salvatore Bonaccorso at 2026-06-12T22:39:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -169,79 +169,79 @@ CVE-2026-47244 (Netty is a network application framework 
for development of prot
        - netty <unfixed>
        NOTE: 
https://github.com/netty/netty/security/advisories/GHSA-5x3r-wrvg-rp6q
 CVE-2026-47236 (Solidtime is an open-source time-tracking app. Prior to 
version 0.12.2 ...)
-       TODO: check
+       NOT-FOR-US: Solidtime
 CVE-2026-47225 (Typesense is a fast, typo-tolerant search engine. Prior to 
versions 29 ...)
-       TODO: check
+       NOT-FOR-US: Typesense
 CVE-2026-47224 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
-       TODO: check
+       NOT-FOR-US: NanaZip
 CVE-2026-47223 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
-       TODO: check
+       NOT-FOR-US: NanaZip
 CVE-2026-47222 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
-       TODO: check
+       NOT-FOR-US: NanaZip
 CVE-2026-47216 (Typesense is a fast, typo-tolerant search engine. Prior to 
versions 29 ...)
-       TODO: check
+       NOT-FOR-US: Typesense
 CVE-2026-47210 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-47209 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-47208 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-47200 (Nuxt is an open-source web development framework for Vue.js. 
In Nuxt v ...)
-       TODO: check
+       NOT-FOR-US: Nuxt
 CVE-2026-47197 (Quest Bot is an opensource Discord Bot. Prior to version 
1.1.6, a mode ...)
-       TODO: check
+       NOT-FOR-US: Quest Bot
 CVE-2026-47196 (Quest Bot is an opensource Discord Bot. Prior to version 
1.1.6, the au ...)
-       TODO: check
+       NOT-FOR-US: Quest Bot
 CVE-2026-47195 (Quest Bot is an opensource Discord Bot. Prior to version 
1.1.6, the pu ...)
-       TODO: check
+       NOT-FOR-US: Quest Bot
 CVE-2026-47190 (IPAM is the IP address Manager for Cluster API Provider 
Metal3. Prior  ...)
-       TODO: check
+       NOT-FOR-US: IPAM (metal3-io/ip-address-manager)
 CVE-2026-47182 (Frappe is a full-stack web application framework. Prior to 
version 16. ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-47141 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-47140 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-47139 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-47138 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-47137 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-47135 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-47131 (vm2 is an open source vm/sandbox for Node.js. Prior to version 
3.11.4, ...)
-       TODO: check
+       NOT-FOR-US: Node.js vm2
 CVE-2026-46690 (unbounded_spsc is an "unbounded" extension of 
bounded_spsc_queue. In v ...)
-       TODO: check
+       NOT-FOR-US: unbounded_spsc
 CVE-2026-46342 (Nuxt is an open-source web development framework for Vue.js. 
In Nuxt v ...)
-       TODO: check
+       NOT-FOR-US: Nuxt
 CVE-2026-46340 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-45833 (A code injection vulnerability in version 0.4.17 or later of 
the Chrom ...)
-       TODO: check
+       NOT-FOR-US: ChromaDB Python
 CVE-2026-45832 (All V1 collection-level endpoints in ChromaDB's Python project 
pass No ...)
-       TODO: check
+       NOT-FOR-US: ChromaDB Python
 CVE-2026-45831 (The SimpleRBACAuthorizationProvider authorization provider in 
versions ...)
-       TODO: check
+       NOT-FOR-US: ChromaDB Python
 CVE-2026-45830 (A lack of authorization validation in version 0.4.17 or later 
of the C ...)
-       TODO: check
+       NOT-FOR-US: ChromaDB Python
 CVE-2026-45674 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-45673 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-45670 (Nuxt is an open-source web development framework for Vue.js. 
In @nuxt/ ...)
-       TODO: check
+       NOT-FOR-US: Nuxt
 CVE-2026-45669 (Nuxt is an open-source web development framework for Vue.js. 
From vers ...)
-       TODO: check
+       NOT-FOR-US: Nuxt
 CVE-2026-45536 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-45416 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-44976 (Frappe is a full-stack web application framework. Prior to 
version 16. ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-44975 (Frappe is a full-stack web application framework. Prior to 
versions 15 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-44967 (OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. 
Prior to ...)
        TODO: check
 CVE-2026-44894 (Netty is a network application framework for development of 
protocol s ...)
@@ -249,65 +249,65 @@ CVE-2026-44894 (Netty is a network application framework 
for development of prot
 CVE-2026-44893 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-44208 (Frappe is a full-stack web application framework. Prior to 
versions 15 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-44207 (Frappe is a full-stack web application framework. Prior to 
versions 15 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-44206 (Frappe is a full-stack web application framework. Prior to 
versions 15 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-44205 (Frappe is a full-stack web application framework. Prior to 
version 15. ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-42947 (A flaw in Naxclow's platform\u2019s onboarding workflow allows 
an atta ...)
-       TODO: check
+       NOT-FOR-US: Naxclow
 CVE-2026-42932 (Naxclow device identifiers use fixed manufacturing prefixes 
combined w ...)
-       TODO: check
+       NOT-FOR-US: Naxclow
 CVE-2026-42306 (Moby is an open source container framework. In Docker Engine 
prior to  ...)
        TODO: check
 CVE-2026-41581 (Frappe is a full-stack web application framework. Prior to 
versions 15 ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-41568 (Moby is an open source container framework. In Docker Engine 
prior to  ...)
        TODO: check
 CVE-2026-40677 (The use of insecure HTTP transport within AMD optional tools 
could all ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2026-3840 (A vulnerability in Kedro version 1.2.0 allows an attacker to 
exploit p ...)
-       TODO: check
+       NOT-FOR-US: Kedro
 CVE-2026-3433 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x 
<= 10. ...)
        TODO: check
 CVE-2026-28742 (Naxclow devices use a uniform request-signing scheme based on 
a hard-c ...)
-       TODO: check
+       NOT-FOR-US: Naxclow
 CVE-2026-1836 (The system stores the username and password from the login form 
after  ...)
        TODO: check
 CVE-2026-12143 (form-data is a library for creating readable 
multipart/form-data strea ...)
        TODO: check
 CVE-2026-12066 (A security flaw has been discovered in PbootCMS up to 3.2.12. 
This vul ...)
-       TODO: check
+       NOT-FOR-US: PbootCMS
 CVE-2026-12065 (A vulnerability was identified in Groww Stock, Mutual Fund, 
Gold App u ...)
        TODO: check
 CVE-2026-12058 (The connection confirmation pop-up of a specific feature in 
the PcSuit ...)
-       TODO: check
+       NOT-FOR-US: Vivo
 CVE-2026-12043 (Improper handling of HPACK dynamic table size updates in the 
AWS Commo ...)
        NOT-FOR-US: Amazon
 CVE-2026-11967 (MobaXterm Personal Edition (Portable), in its 26.3 version 
(Build 5154 ...)
-       TODO: check
+       NOT-FOR-US: MobaXterm Personal Edition (Portable)
 CVE-2026-11879 (MobaXterm Personal Edition (Portable), in its 26.3 version 
(Build 5154 ...)
-       TODO: check
+       NOT-FOR-US: MobaXterm Personal Edition (Portable)
 CVE-2026-11849 (The iRM-IEI Remote Management developed by IEI Integration 
Corp has a  ...)
-       TODO: check
+       NOT-FOR-US: iRM-IEI Remote Management
 CVE-2026-11848 (TheiRM-IEI Remote Management developed by IEI Integration Corp 
has a M ...)
-       TODO: check
+       NOT-FOR-US: iRM-IEI Remote Management
 CVE-2026-11847 (The  iVEC-IEI Virtualization Edge Computer developed by IEI 
Integratio ...)
-       TODO: check
+       NOT-FOR-US: iVEC-IEI Virtualization Edge Computer
 CVE-2026-11846 (The iVEC-IEI Virtualization Edge Computer developed by IEI 
Integration ...)
-       TODO: check
+       NOT-FOR-US: iVEC-IEI Virtualization Edge Computer
 CVE-2026-11845 (TheiVEC-IEI Virtualization Edge Computer developed by IEI 
Integration  ...)
-       TODO: check
+       NOT-FOR-US: iVEC-IEI Virtualization Edge Computer
 CVE-2026-11844 (The iVEC-IEI Virtualization Edge Computer developed by IEI 
Integration ...)
-       TODO: check
+       NOT-FOR-US: iVEC-IEI Virtualization Edge Computer
 CVE-2026-11535 (An unauthorized access vulnerability exists in the PcSuite 
APP. The vu ...)
-       TODO: check
+       NOT-FOR-US: PcSuite APP
 CVE-2026-10715 (Camaleon CMS 2.9.2 contains an improper authorization 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Camaleon CMS
 CVE-2026-10557 (The Yarbo Android and iOS applications contain hard-coded MQTT 
broker  ...)
-       TODO: check
+       NOT-FOR-US: Yarbo
 CVE-2017-20240 (Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable 
to timi ...)
        - libcrypt-pbkdf2-perl <unfixed> (bug #1139867)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40929601/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc7bbd557923a8f974f7d5119cd80a337cd0f1b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc7bbd557923a8f974f7d5119cd80a337cd0f1b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to