[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 11 09:08:15 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7cff454 by Salvatore Bonaccorso at 2026-03-11T10:07:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,9 +19,9 @@ CVE-2026-3222 (The WP Maps plugin for WordPress is vulnerable to time-based blin
 CVE-2026-31844 (An authenticated SQL Injection vulnerability (CWE-89) exists in the Ko ...)
 	- koha <itp> (bug #702134)
 CVE-2026-31838 (Istio is an open platform to connect, manage, and secure microservices ...)
-	TODO: check
+	NOT-FOR-US: Istio
 CVE-2026-31837 (Istio is an open platform to connect, manage, and secure microservices ...)
-	TODO: check
+	NOT-FOR-US: Istio
 CVE-2026-31834 (Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A  ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2026-31833 (Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An ...)
@@ -29,13 +29,13 @@ CVE-2026-31833 (Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2
 CVE-2026-31832 (Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A  ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2026-31830 (sigstore-ruby is a pure Ruby implementation of the sigstore verify com ...)
-	TODO: check
+	NOT-FOR-US: sigstore-ruby (Ruby implementation of sigstore)
 CVE-2026-31829 (Flowise is a drag & drop user interface to build a customized large la ...)
 	NOT-FOR-US: Flowise
 CVE-2026-31828 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-31827 (Alienbin is an anonymous code and text sharing web service. In 1.0.0 a ...)
-	TODO: check
+	NOT-FOR-US: Alienbin
 CVE-2026-31826 (pypdf is a free and open-source pure-python PDF library. Prior to 6.8. ...)
 	TODO: check
 CVE-2026-31825 (Sylius is an Open Source eCommerce Framework on Symfony. Sylius API fi ...)
@@ -53,7 +53,7 @@ CVE-2026-31820 (Sylius is an Open Source eCommerce Framework on Symfony. An auth
 CVE-2026-31819 (Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitc ...)
 	NOT-FOR-US: Sylius
 CVE-2026-31817 (OliveTin gives access to predefined shell commands from a web interfac ...)
-	TODO: check
+	NOT-FOR-US: OliveTin
 CVE-2026-31815 (Unicorn adds modern reactive component functionality to your Django te ...)
 	TODO: check
 CVE-2026-31812 (Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ...)
@@ -95,7 +95,7 @@ CVE-2026-30947 (Parse Server is an open source backend that can be deployed to a
 CVE-2026-30946 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-30837 (Elysia is a Typescript framework for request validation, type inferenc ...)
-	TODO: check
+	NOT-FOR-US: Elysia
 CVE-2026-2918 (The Happy Addons for Elementor plugin for WordPress is vulnerable to I ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2917 (The Happy Addons for Elementor plugin for WordPress is vulnerable to I ...)
@@ -117,11 +117,11 @@ CVE-2026-2358 (The WP ULike plugin for WordPress is vulnerable to Stored Cross-S
 CVE-2026-2324 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29793 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
-	TODO: check
+	NOT-FOR-US: Feathersjs
 CVE-2026-29792 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
-	TODO: check
+	NOT-FOR-US: Feathersjs
 CVE-2026-29515 (MiCode FileExplorer contains an authentication bypass vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: MiCode FileExplorer
 CVE-2026-28807 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	TODO: check
 CVE-2026-28806 (Improper Authorization vulnerability in nerves-hub nerves_hub_web allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7cff45484efd187c95bc2a0491899cfb4dd9dc4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7cff45484efd187c95bc2a0491899cfb4dd9dc4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/4efc3dc2/attachment.htm>

More information about the debian-security-tracker-commits mailing list