[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 17 14:45:08 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0d8c5dc by Moritz Muehlenhoff at 2026-05-17T15:43:09+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2697,11 +2697,11 @@ CVE-2025-65087 (An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum
 CVE-2025-65086 (An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobal ...)
 	NOT-FOR-US: Ashlar-Vellum
 CVE-2025-62627 (An untrusted pointer dereference in the ionic cloud driver for VMWare  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-62624 (A heap-based buffer overflow in the ionic cloud driver for VMware ESXi ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-62623 (A heap-based buffer overflow in the ionic cloud driver for VMware ESXi ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-61972 (Missing lock bit protection for NBIO registers could allow a local adm ...)
 	TODO: check
 CVE-2025-61971 (Missing lock bit protection for NBIO registers could allow a local adm ...)
@@ -2715,7 +2715,7 @@ CVE-2025-14033 (The ilGhera Support System for WooCommerce plugin for WordPress
 CVE-2025-11159 (Hitachi Vantara Pentaho Data Integration & Analytics of all versions c ...)
 	NOT-FOR-US: Hitachi Vantana
 CVE-2024-36315 (Improper enforcement of the LFENCE serialization property may allow an ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2026-44378
 	[experimental] - botan3 3.12.0+dfsg-1
 	- botan3 <unfixed>
@@ -3007,7 +3007,7 @@ CVE-2026-42177 (linux-entra-sso is a browser plugin for Linux to SSO on Microsof
 	- linux-entra-sso 1.8.1-1
 	NOTE: https://github.com/siemens/linux-entra-sso/security/advisories/GHSA-52rj-42vh-2rxc
 CVE-2026-42175 (requests-hardened is a library that overrides the default behaviors of ...)
-	TODO: check
+	NOT-FOR-US: requests-hardened
 CVE-2026-42141 (Xibo is an open source digital signage platform with a web content man ...)
 	NOT-FOR-US: Xibo
 CVE-2026-42048 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
@@ -3333,7 +3333,7 @@ CVE-2026-33112 (Deserialization of untrusted data in Microsoft Office SharePoint
 CVE-2026-33110 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-32687 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Postgrex.Notifications.listen
 CVE-2026-32684 (The application does not impose strict enough restrictions on director ...)
 	NOT-FOR-US: Hikvision
 CVE-2026-32209 (Improper access control in Windows Filtering Platform (WFP) allows an  ...)
@@ -3363,7 +3363,7 @@ CVE-2026-31241 (The mem0 1.0.0 server lacks authentication and authorization con
 CVE-2026-31240 (The mem0 1.0.0 server lacks authentication and authorization controls  ...)
 	NOT-FOR-US: mem0
 CVE-2026-31239 (The mamba language model framework thru 2.2.6 is vulnerable to insecur ...)
-	TODO: check
+	NOT-FOR-US: mamba
 CVE-2026-31238 (The Ludwig framework thru 0.10.4 is vulnerable to insecure deserializa ...)
 	NOT-FOR-US: Ludwig framework
 CVE-2026-31237 (The Ludwig framework thru 0.10.4 is vulnerable to insecure deserializa ...)
@@ -3371,7 +3371,7 @@ CVE-2026-31237 (The Ludwig framework thru 0.10.4 is vulnerable to insecure deser
 CVE-2026-31236 (The llm CLI tool thru 0.27.1 contains a critical code injection vulner ...)
 	TODO: check
 CVE-2026-31235 (The imgaug library thru 0.4.0 contains an insecure deserialization vul ...)
-	TODO: check
+	NOT-FOR-US: imgaug
 CVE-2026-31234 (Horovod thru 0.28.1 contains an insecure deserialization vulnerability ...)
 	NOT-FOR-US: Horovod
 CVE-2026-31233 (Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE- ...)
@@ -3391,15 +3391,15 @@ CVE-2026-31226 (The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c717
 CVE-2026-31225 (The superduper project thru v0.10.0 contains a critical remote code ex ...)
 	NOT-FOR-US: superduper
 CVE-2026-31224 (The snorkel library thru v0.10.0 contains an insecure deserialization  ...)
-	TODO: check
+	NOT-FOR-US: snorkel
 CVE-2026-31223 (The snorkel library thru v0.10.0 contains a critical insecure deserial ...)
-	TODO: check
+	NOT-FOR-US: snorkel
 CVE-2026-31222 (The snorkel library thru v0.10.0 contains an insecure deserialization  ...)
-	TODO: check
+	NOT-FOR-US: snorkel
 CVE-2026-31221 (PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deser ...)
 	TODO: check
 CVE-2026-31220 (PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerabl ...)
-	NOT-FOR-US: PySyft (Syft Datasite/Server)
+	NOT-FOR-US: PySyft (Syft Datasite/Server)C
 CVE-2026-31219 (The _load_model() function in the neural_magic_training.py script of t ...)
 	TODO: check
 CVE-2026-31218 (The _load_model() function in the neural_magic_training.py script of t ...)
@@ -3505,7 +3505,7 @@ CVE-2026-20714 (Out-of-bounds write for some Intel(R) QAT software drivers for W
 CVE-2026-1934 (The Motors \u2013 Car Dealership & Classified Listings plugin for Word ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-70842 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in th ...)
-	TODO: check
+	NOT-FOR-US: FluentCMS
 CVE-2025-6577 (Improper neutralization of special elements used in an SQL command ('S ...)
 	TODO: check
 CVE-2025-67604 (A use of potentially dangerous function vulnerability in Fortinet Fort ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0d8c5dc969471fa930bea4527132b4ccc833a11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0d8c5dc969471fa930bea4527132b4ccc833a11
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260517/3242ce8d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list