[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 25 11:39:22 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d4c6531 by Salvatore Bonaccorso at 2026-03-25T12:38:45+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2026-4777 (A security flaw has been discovered in SourceCodester Sales and I
 CVE-2026-4766 (The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4433 (An SSH misconfigurations exists in Tenable OT that led to the potentia ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2026-3912 (Injection vulnerabilities due to validation/sanitisation of user-suppl ...)
 	NOT-FOR-US: TIBCO
 CVE-2026-33253 (SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows se ...)
-	TODO: check
+	NOT-FOR-US: SANYO DENKI
 CVE-2026-33215 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
 	TODO: check
 CVE-2026-32326 (SHARP routers do not perform authentication for some web APIs. The dev ...)
@@ -281,7 +281,7 @@ CVE-2026-4775 (A flaw was found in the libtiff library. A remote attacker could
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2450768
 	TODO: check details
 CVE-2026-4649 (Apache Artemis before version 2.52.0 is affected by an authentication  ...)
-	TODO: check
+	NOT-FOR-US: Apache Artemis as used in KNIME Business Hub
 CVE-2026-33769 (Astro is a web framework. From version 2.10.10 to before version 5.18. ...)
 	NOT-FOR-US: Astro
 CVE-2026-33768 (Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel ...)
@@ -958,7 +958,7 @@ CVE-2026-33282 (Ella Core is a 5G core designed for private networks. Versions p
 CVE-2026-33281 (Ella Core is a 5G core designed for private networks. Versions prior t ...)
 	NOT-FOR-US: Ella Core
 CVE-2026-33252 (The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4. ...)
-	TODO: check
+	NOT-FOR-US: Go MCP SDK
 CVE-2026-33242 (Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a P ...)
 	NOT-FOR-US: Salvo
 CVE-2026-33241 (Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form d ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d4c653152df610a565ce76382d96d3799f61305

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d4c653152df610a565ce76382d96d3799f61305
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260325/f52e2b91/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list