[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 11 21:00:38 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee92dbd5 by Salvatore Bonaccorso at 2026-03-11T22:00:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2026-3954 (A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by th ...)
-	TODO: check
+	NOT-FOR-US: OpenBMB XAgent
 CVE-2026-3951 (A security flaw has been discovered in LockerProject Locker 0.0.0/0.0. ...)
-	TODO: check
+	NOT-FOR-US: LockerProject Locker
 CVE-2026-3950 (A vulnerability was identified in strukturag libheif up to 1.21.2. Thi ...)
 	TODO: check
 CVE-2026-3949 (A vulnerability was determined in strukturag libheif up to 1.21.2. Thi ...)
 	TODO: check
 CVE-2026-3946 (A vulnerability was detected in PHPEMS 11.0. The affected element is a ...)
-	TODO: check
+	NOT-FOR-US: PHPEMS
 CVE-2026-3944 (A vulnerability was determined in itsourcecode University Management S ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-3943 (A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This af ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2026-3906 (WordPress core is vulnerable to unauthorized access in versions 6.9 th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3848 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
@@ -27,19 +27,19 @@ CVE-2026-3178 (The Name Directory plugin for WordPress is vulnerable to Stored C
 CVE-2026-3013 (Coppermine Photo Gallery in versions 1.6.09 through 1.6.27is vulnerabl ...)
 	TODO: check
 CVE-2026-32234 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-32229 (In JetBrains Hub before 2026.1 possible on sign-in account mismatch wi ...)
 	NOT-FOR-US: JetBrains
 CVE-2026-32098 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-32097 (PingPong is a platform for using large language models (LLMs) for teac ...)
-	TODO: check
+	NOT-FOR-US: PingPong
 CVE-2026-32096 (Plunk is an open-source email platform built on top of AWS SES. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Plunk
 CVE-2026-32095 (Plunk is an open-source email platform built on top of AWS SES. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Plunk
 CVE-2026-32094 (Shescape is a simple shell escape library for JavaScript. Prior to 2.1 ...)
-	TODO: check
+	NOT-FOR-US: Shescape
 CVE-2026-32063 (OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command inj ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-32062 (OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-ca ...)
@@ -51,13 +51,13 @@ CVE-2026-32060 (OpenClaw versions prior to 2026.2.14 contain a path traversal vu
 CVE-2026-32059 (OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins va ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-31979 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
-	TODO: check
+	NOT-FOR-US: Himmelblau
 CVE-2026-31976 (xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 202 ...)
-	TODO: check
+	NOT-FOR-US: xygeni-action
 CVE-2026-31975 (Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude C ...)
-	TODO: check
+	NOT-FOR-US: Cloud CLI (aka Claude Code UI)
 CVE-2026-31974 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-31961 (Quill provides simple mac binary signing and notarization from any pla ...)
 	TODO: check
 CVE-2026-31960 (Quill provides simple mac binary signing and notarization from any pla ...)
@@ -67,11 +67,11 @@ CVE-2026-31959 (Quill provides simple mac binary signing and notarization from a
 CVE-2026-31958 (Tornado is a Python web framework and asynchronous networking library. ...)
 	TODO: check
 CVE-2026-31957 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
-	TODO: check
+	NOT-FOR-US: Himmelblau
 CVE-2026-31954 (Emlog is an open source website building system. In 2.6.6 and earlier, ...)
 	NOT-FOR-US: Emlog
 CVE-2026-31901 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-31900 (Black is the uncompromising Python code formatter. Black provides a Gi ...)
 	TODO: check
 CVE-2026-31896 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
@@ -81,25 +81,25 @@ CVE-2026-31895 (WeGIA is a web manager for charitable institutions. Prior to ver
 CVE-2026-31894 (WeGIA is a web manager for charitable institutions. In 3.6.5, The patc ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-31892 (Argo Workflows is an open source container-native workflow engine for  ...)
-	TODO: check
+	NOT-FOR-US: Argo Workflows
 CVE-2026-31889 (Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2026-31888 (Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2026-31887 (Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2026-31881 (Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unau ...)
-	TODO: check
+	NOT-FOR-US: Runtipi
 CVE-2026-31879 (Frappe is a full-stack web application framework. Prior to 14.100.2, 1 ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-31878 (Frappe is a full-stack web application framework. Prior to 14.100.1, 1 ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-31877 (Frappe is a full-stack web application framework. Prior to 15.84.0 and ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-31876 (Notesnook is a note-taking app focused on user privacy & ease of use.  ...)
-	TODO: check
+	NOT-FOR-US: Notesnook
 CVE-2026-31875 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-31874 (Taskosaur is an open source project management platform with conversat ...)
 	TODO: check
 CVE-2026-31872 (Parse Server is an open source backend that can be deployed to any inf ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee92dbd5b437e049278adea570309061314910c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee92dbd5b437e049278adea570309061314910c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/47adaf12/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list