[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 14 09:12:36 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a4c9d76 by Salvatore Bonaccorso at 2026-05-14T10:12:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2026-8496 (A cross-site scripting (XSS) vulnerability exists in Alinto SOGo,
 CVE-2026-8466 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	TODO: check
 CVE-2026-8369 (Improper Input Validation in the NAT64 translator in The OpenThread Au ...)
-	TODO: check
+	NOT-FOR-US: OpenThread
 CVE-2026-8367 (aria2c accepts a server certificate with incorrect Extended Key Usage  ...)
 	TODO: check
 CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was not updated when  CVE-2021-4 ...)
@@ -92,29 +92,29 @@ CVE-2026-46419 (Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 bef
 CVE-2026-45740 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
 	TODO: check
 CVE-2026-45714 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authent ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2026-45708 (CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin w ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2026-45411 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is p ...)
-	TODO: check
+	NOT-FOR-US: Node vm2
 CVE-2026-45229 (Quark Drive before 0.8.5 contains a mass assignment vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Quark Drive
 CVE-2026-45228 (Quark Drive before 0.8.5 contains a stored cross-site scripting vulner ...)
-	TODO: check
+	NOT-FOR-US: Quark Drive
 CVE-2026-45158 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
 	TODO: check
 CVE-2026-45109 (Next.js is a React framework for building full-stack web applications. ...)
 	NOT-FOR-US: Next.js
 CVE-2026-45055 (CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6 ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2026-45054 (CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin  ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2026-45053 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authent ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2026-45033 (GitHub Copilot CLI brings AI-powered coding assistance directly to you ...)
 	TODO: check
 CVE-2026-45028 (Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM  ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image handling ...)
 	TODO: check
 CVE-2026-44665 (fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input d ...)
@@ -154,31 +154,31 @@ CVE-2026-44470 (The Claude Desktop app gives you Claude Code with a graphical in
 CVE-2026-44467 (The Claude Desktop app gives you Claude Code with a graphical interfac ...)
 	TODO: check
 CVE-2026-44459 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-44458 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-44457 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-44456 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-44455 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-44448 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-44447 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-44446 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-44445 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-44442 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-44441 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-44440 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-44439 (PlaywrightCapture is a simple replacement for splash using playwright. ...)
-	TODO: check
+	NOT-FOR-US: PlaywrightCapture
 CVE-2026-44437 (The Angular SSR is a server-rise rendering tool for Angular applicatio ...)
 	TODO: check
 CVE-2026-44432 (urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7 ...)
@@ -194,17 +194,17 @@ CVE-2026-44424 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api
 CVE-2026-44423 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessi ...)
 	TODO: check
 CVE-2026-44418 (EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlie ...)
-	TODO: check
+	NOT-FOR-US: EcclesiaCRM
 CVE-2026-44381 (MISP is an open source threat intelligence and sharing platform. Prior ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-44380 (MISP is an open source threat intelligence and sharing platform. Prior ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-44379 (MISP is an open source threat intelligence and sharing platform. Prior ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-44377 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authent ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2026-44376 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthe ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2026-44373 (Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, a ...)
 	TODO: check
 CVE-2026-44372 (Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, a ...)
@@ -214,9 +214,9 @@ CVE-2026-44369 (CVAT is an open source interactive video and image annotation to
 CVE-2026-44368 (PyQuorum is a cryptographic library for secret sharing and key managem ...)
 	TODO: check
 CVE-2026-44364 (MISP modules are autonomous modules that can be used to extend MISP fo ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-44363 (MISP modules are autonomous modules that can be used to extend MISP fo ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-44351 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6 ...)
 	TODO: check
 CVE-2026-44295 (protobufjs-cli is the command line add-on for protobuf.js. Prior to 1. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4c9d762e79aa6ebe5fe914dcda630b9b9d7cf7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4c9d762e79aa6ebe5fe914dcda630b9b9d7cf7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/33878270/attachment.htm>

More information about the debian-security-tracker-commits mailing list