[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Apr 1 21:51:26 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99a55288 by Salvatore Bonaccorso at 2026-04-01T22:50:57+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-5261 (A vulnerability was identified in Shandong Hoteam InforCenter PLM
 CVE-2026-5259 (A vulnerability was determined in AutohomeCorp frostmourne up to 1.0.  ...)
 	NOT-FOR-US: AutohomeCorp frostmourne
 CVE-2026-5199 (A writer role user in an attacker-controlled namespace could signal, d ...)
-	TODO: check
+	NOT-FOR-US: Temporal
 CVE-2026-5175 (Improper access control in the multi-factor authentication (MFA) manag ...)
 	NOT-FOR-US: Devolutions
 CVE-2026-4989 (Improper input validation in the gateway health check feature in Devol ...)
@@ -37,9 +37,9 @@ CVE-2026-35092 (A flaw was found in Corosync. An integer overflow vulnerability
 CVE-2026-35091 (A flaw was found in Corosync. A remote unauthenticated attacker can ex ...)
 	TODO: check
 CVE-2026-35000 (ChangeDetection.io versions prior to 0.54.7 contain a protection bypas ...)
-	TODO: check
+	NOT-FOR-US: ChangeDetection.io
 CVE-2026-34999 (OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentica ...)
-	TODO: check
+	NOT-FOR-US: OpenViking
 CVE-2026-34889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-34875 (An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1. ...)
@@ -49,11 +49,11 @@ CVE-2026-34874 (An issue was discovered in Mbed TLS through 3.6.5 and 4.x throug
 CVE-2026-34871 (An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0  ...)
 	TODO: check
 CVE-2026-34751 (Payload is a free and open source headless content management system.  ...)
-	TODO: check
+	NOT-FOR-US: Payload CMS
 CVE-2026-34604 (Tina is a headless content management system. Prior to version 2.2.2,  ...)
-	TODO: check
+	NOT-FOR-US: Tina CMS
 CVE-2026-34603 (Tina is a headless content management system. Prior to version 2.2.2,  ...)
-	TODO: check
+	NOT-FOR-US: Tina CMS
 CVE-2026-34510 (OpenClaw before 2026.3.22 contains a path traversal vulnerability in W ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-34447 (Open Neural Network Exchange (ONNX) is an open standard for machine le ...)
@@ -65,13 +65,13 @@ CVE-2026-34445 (Open Neural Network Exchange (ONNX) is an open standard for mach
 CVE-2026-34430 (ByteDance Deer-Flow versions prior to commit 92c7a20 containa sandbox  ...)
 	TODO: check
 CVE-2026-34397 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
-	TODO: check
+	NOT-FOR-US: Himmelblau
 CVE-2026-34376 (PdfDing is a selfhosted PDF manager, viewer and editor offering a seam ...)
-	TODO: check
+	NOT-FOR-US: PdfDing
 CVE-2026-34236 (Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. F ...)
 	TODO: check
 CVE-2026-34222 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-34159 (llama.cpp is an inference of several LLM models in C/C++. Prior to ver ...)
 	TODO: check
 CVE-2026-34076 (Clerk JavaScript is the official JavaScript repository for Clerk authe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a552880b1e7a732c5a3f1f30e886ca2a3f7397

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a552880b1e7a732c5a3f1f30e886ca2a3f7397
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260401/e2670fb1/attachment.htm>
