[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 30 22:38:17 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86e82ec0 by Salvatore Bonaccorso at 2026-06-30T23:37:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,7 +32,7 @@ CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi
 	- wpa <unfixed>
 	NOTE: https://w1.fi/security/2026-1/missing-ml-parsing-validation.txt
 CVE-2026-58373 (CVAT before 2.69.0 contains an improper authorization vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2026-58372 (SeaweedFS before 4.34 contains a path traversal vulnerability in the S ...)
 	TODO: check
 CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter verbatim i ...)
@@ -42,9 +42,9 @@ CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass
 CVE-2026-58369 (Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name ...)
 	TODO: check
 CVE-2026-58176 (RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflo ...)
-	TODO: check
+	NOT-FOR-US: RuoYi-Vue-Plus
 CVE-2026-58174 (Hermes WebUI before 0.51.521 validates the workspace of an imported se ...)
-	TODO: check
+	NOT-FOR-US: Hermes WebUI
 CVE-2026-58173 (Vibe-Trading before 0.1.10 contains a path traversal vulnerability tha ...)
 	TODO: check
 CVE-2026-58172 (Ocelot through 24.1.0, fixed in commit f156fd4, contains a security co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e82ec02b2bb1342efa0046ea20ae1bc05f5f33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e82ec02b2bb1342efa0046ea20ae1bc05f5f33
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/ed936faa/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list