[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8ba4932 by Moritz Muehlenhoff at 2026-04-29T17:05:15+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -133,9 +133,9 @@ CVE-2026-41911 (OpenClaw before 2026.4.8 contains a filesystem policy bypass vul
 CVE-2026-41910 (OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channe ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-41649 (Outline is a service that allows for collaborative documentation. The  ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2026-41446 (Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0. ...)
-	TODO: check
+	NOT-FOR-US: Snap
 CVE-2026-41408 (OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-41407 (OpenClaw before 2026.4.2 contains a timing side channel vulnerability  ...)
@@ -205,13 +205,13 @@ CVE-2026-41374 (OpenClaw before 2026.3.31 performs Discord audio preflight trans
 CVE-2026-41373 (OpenClaw before 2026.3.31 contains an incomplete host-env-security-pol ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-3893 (The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,   ...)
-	TODO: check
+	NOT-FOR-US: Carlson VASCO-B GNSS Receiver
 CVE-2026-37750 (A reflected Cross-Site Scripting (XSS) vulnerability in School Managem ...)
-	TODO: check
+	NOT-FOR-US: School Management System
 CVE-2026-35155 (Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insuffic ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-33467 (Improper Verification of Cryptographic Signature (CWE-347) in Elastic  ...)
-	TODO: check
+	NOT-FOR-US: Elastic Package Registry
 CVE-2026-24231 (NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl()  ...)
 	NOT-FOR-US: NVIDIA
 CVE-2026-24222 (NVIDIA NeMoClaw contains a vulnerability in the sandbox environment in ...)
@@ -500,15 +500,15 @@ CVE-2026-38651 (Authentication Bypass vulnerability exists in Netmaker versions
 CVE-2026-27760 (OpenCATS prior to commit 3002a29 contains a PHP code injection vulnera ...)
 	TODO: check
 CVE-2025-67223 (The Aranda File Server (AFS) component in Aranda Software Aranda Servi ...)
-	TODO: check
+	NOT-FOR-US: Aranda Service Desk
 CVE-2025-60889 (Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 ...)
-	TODO: check
+	NOT-FOR-US: StellarGroup HPX
 CVE-2025-60887 (An issue was discovered in Cista v0.15 and below. Insecure deserializa ...)
-	TODO: check
+	NOT-FOR-US: Cista
 CVE-2025-48431 (Mismatched Memory Management Routines vulnerability in Apache Thrift c ...)
 	TODO: check
 CVE-2025-10539 (Due to improper TLS certificate validation in the DeskTime Time Tracki ...)
-	TODO: check
+	NOT-FOR-US: DeskTime Time Tracking App
 CVE-2024-54013 (Penetration Testing engineers at Amazon have identified a security fla ...)
 	TODO: check
 CVE-2024-54012 (Penetration Testing engineers at Amazon discovered a vulnerability whe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ba49324414df496132a787d879b6496e4cd7d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ba49324414df496132a787d879b6496e4cd7d2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/af2546e9/attachment.htm>