[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 18 20:32:28 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6640c4c by Salvatore Bonaccorso at 2026-05-18T21:32:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,11 +6,11 @@ CVE-2026-8836 (A vulnerability was found in lwIP up to 2.2.1. Affected is the fu
 	NOTE: https://savannah.nongnu.org/bugs/?68194
 	NOTE: https://cgit.git.savannah.gnu.org/cgit/lwip.git/commit/?id=0c957ec03054eb6c8205e9c9d1d05d90ada3898c
 CVE-2026-8803 (A flaw has been found in opensourcepos Open Source Point of Sale up to ...)
-	TODO: check
+	NOT-FOR-US: opensourcepos Open Source Point of Sale
 CVE-2026-8802 (A vulnerability was detected in opensourcepos Open Source Point of Sal ...)
-	TODO: check
+	NOT-FOR-US: opensourcepos Open Source Point of Sale
 CVE-2026-7498 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: DernekWeb
 CVE-2026-7304 (SGLangs multimodal generation runtime is vulnerable to unauthenticated ...)
 	TODO: check
 CVE-2026-7302 (SGLangs multimodal generation runtime is vulnerable to an unauthentica ...)
@@ -18,7 +18,7 @@ CVE-2026-7302 (SGLangs multimodal generation runtime is vulnerable to an unauthe
 CVE-2026-7301 (SGLangs multimodal generation runtime scheduler's ROUTER socket binds  ...)
 	TODO: check
 CVE-2026-6902 (A vulnerability in Command-Line Client in P4 Server prior to the 2025. ...)
-	TODO: check
+	NOT-FOR-US: Command-Line Client in P4 Server
 CVE-2026-6347 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-6346 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
@@ -28,9 +28,9 @@ CVE-2026-6345 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x
 CVE-2026-6343 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-6342 (Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to ap ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Plugins
 CVE-2026-6341 (Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to ha ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Plugins
 CVE-2026-6340 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-6339 (Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validat ...)
@@ -68,15 +68,15 @@ CVE-2026-45230 (DumbAssets through 1.0.11 contains a path traversal vulnerabilit
 CVE-2026-42822 (Improper authentication in Azure Local Disconnected Operations allows  ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-41949 (Dify version 1.14.1 and prior contain an authorization bypass vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2026-41948 (Dify version 1.14.1 and prior contain a path traversal vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2026-41947 (Dify version 1.14.1 and prior contains an authorization bypass vulnera ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2026-41119 (Dell Live Optics Windows and Personal Edition collectors contain an im ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-41085 (Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privile ...)
-	TODO: check
+	NOT-FOR-US: Thermo Fisher Scientific Torrent Suite Dx
 CVE-2026-3637 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-3495 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to esca ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6640c4c54a3cb9506b3c277872cc01ee2cb428f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6640c4c54a3cb9506b3c277872cc01ee2cb428f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/2b5c80a3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list