Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
02948789 by Salvatore Bonaccorso at 2026-05-17T08:50:03+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -371,7 +371,7 @@ CVE-2026-42458 (Magento Long Term Support (LTS) is an 
unofficial, community-driv
 CVE-2026-42207 (Magento Long Term Support (LTS) is an unofficial, 
community-driven pro ...)
        NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2026-42155 (Magento Long Term Support (LTS) is an unofficial, 
community-driven pro ...)
-       TODO: check
+       NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2026-41971 (Permission control vulnerability in the security control 
module.Impact ...)
        NOT-FOR-US: Huawei
 CVE-2026-41970 (Out-of-bounds write vulnerability in the distributed file 
system modul ...)
@@ -397,9 +397,9 @@ CVE-2026-41961 (Permission control vulnerability in 
contacts.Impact: Successful
 CVE-2026-41960 (Permission control vulnerability in calls.Impact: Successful 
exploitat ...)
        NOT-FOR-US: Huawei
 CVE-2026-41553 (PDF Export Module used inDHTMLX'sproducts Gantt and Scheduler 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: DHTMLX
 CVE-2026-41552 (PDF Export Module used in DHTMLX's products Gantt and 
Scheduler is vul ...)
-       TODO: check
+       NOT-FOR-US: DHTMLX
 CVE-2026-41258 (OpenMRS is an open source electronic medical record system 
platform. F ...)
        TODO: check
 CVE-2026-41181 (Traefik is an HTTP reverse proxy and load balancer. Prior to 
2.11.44,  ...)
@@ -571,7 +571,7 @@ CVE-2026-42327 (rust-openssl provides OpenSSL bindings for 
the Rust programming
        - rust-openssl <unfixed> (bug #1136787)
        NOTE: 
https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xp3w-r5p5-63rr
 CVE-2026-41702 (VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-3290 (Timing limitations of the HRNG in RS9116 when power save mode 
is enabl ...)
        NOT-FOR-US: Silicon Labs
 CVE-2026-2652 (A vulnerability in mlflow/mlflow versions 3.9.0 and earlier 
allows una ...)
@@ -1297,15 +1297,15 @@ CVE-2026-42281 (MagicMirror\xb2 is an open source 
modular smart mirror platform.
 CVE-2026-42186 (OpenBao is an open source identity-based secrets management 
system. Pr ...)
        - openbao <itp> (bug #1069794)
 CVE-2026-42159 (Flowsint is an open-source OSINT graph exploration tool 
designed for c ...)
-       TODO: check
+       NOT-FOR-US: Flowsint
 CVE-2026-41937 (Vvveb before 1.0.8.3 contains an unrestricted file upload 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Vvveb
 CVE-2026-41935 (Vvveb before 1.0.8.3 contains an uncontrolled recursion 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Vvveb
 CVE-2026-41933 (Vvveb before 1.0.8.3 contains a directory listing information 
disclosu ...)
-       TODO: check
+       NOT-FOR-US: Vvveb
 CVE-2026-41932 (Vvveb before 1.0.8.3 contains a stored cross-site scripting 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Vvveb
 CVE-2026-41888 (Distribution is a toolkit to pack, ship, store, and deliver 
container  ...)
        TODO: check
 CVE-2026-41615 (Exposure of sensitive information to an unauthorized actor in 
Microsof ...)
@@ -1853,21 +1853,21 @@ CVE-2026-42266 (jupyterlab is an extensible environment 
for interactive and repr
 CVE-2026-42063 (A vulnerability exists in iControl SOAP where an authenticated 
attacke ...)
        NOT-FOR-US: F5
 CVE-2026-42062 (ELECOM wireless LAN access point devices contain an OS command 
injecti ...)
-       TODO: check
+       NOT-FOR-US: ELECOM
 CVE-2026-42058 (An authenticated attacker's undisclosed requests to BIG-IP 
iControl RE ...)
        NOT-FOR-US: F5
 CVE-2026-42032 (CKAN is an open-source DMS (data management system) for 
powering data  ...)
-       TODO: check
+       NOT-FOR-US: CKAN
 CVE-2026-42031 (CKAN is an open-source DMS (data management system) for 
powering data  ...)
-       TODO: check
+       NOT-FOR-US: CKAN
 CVE-2026-41959 (Incorrect permission assignment vulnerabilities exist in 
BIG-IP and BI ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-41957 (An authenticated remote code execution vulnerability through 
undisclos ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-41956 (When a classification profile is configured on a UDP virtual 
server, u ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-41954 (Sensitive information disclosure vulnerability exists in the 
undisclos ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-41953 (A vulnerability exists in BIG-IP systems where a highly 
privileged, au ...)
        NOT-FOR-US: F5
 CVE-2026-41410
@@ -2551,13 +2551,13 @@ CVE-2026-42196 (django-s3file is a lightweight file 
upload input for Django and
 CVE-2026-42191 (OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP 
(OpenTelemetr ...)
        TODO: check
 CVE-2026-42158 (Flowsint is an open-source OSINT graph exploration tool 
designed for c ...)
-       TODO: check
+       NOT-FOR-US: Flowsint
 CVE-2026-42157 (Flowsint is an open-source OSINT graph exploration tool 
designed for c ...)
-       TODO: check
+       NOT-FOR-US: Flowsint
 CVE-2026-42156 (Flowsint is an open-source OSINT graph exploration tool 
designed for c ...)
-       TODO: check
+       NOT-FOR-US: Flowsint
 CVE-2026-41901 (Thymeleaf is a server-side Java template engine for web and 
standalone ...)
-       TODO: check
+       NOT-FOR-US: Thymeleaf
 CVE-2026-41195 (mosparo is the modern solution to protect your online forms 
from spam. ...)
        TODO: check
 CVE-2026-40902 (PhpSpreadsheet is a pure PHP library for reading and writing 
spreadshe ...)
@@ -2986,16 +2986,16 @@ CVE-2026-42177 (linux-entra-sso is a browser plugin for 
Linux to SSO on Microsof
 CVE-2026-42175 (requests-hardened is a library that overrides the default 
behaviors of ...)
        TODO: check
 CVE-2026-42141 (Xibo is an open source digital signage platform with a web 
content man ...)
-       TODO: check
+       NOT-FOR-US: Xibo
 CVE-2026-42048 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-42045 (LobeHub is a work-and-lifestyle space to find, build, and 
collaborate  ...)
-       TODO: check
+       NOT-FOR-US: LobeHub
 CVE-2026-42006 (An attacker can cause uncontrolled memory usage with excessive 
bracing ...)
        - dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
 CVE-2026-41895 (changedetection.io is a free open source web page change 
detection too ...)
-       TODO: check
+       NOT-FOR-US: changedetection.io
 CVE-2026-41713 (A malicious user could craft input that is stored in 
conversation memo ...)
        NOT-FOR-US: VMware
 CVE-2026-41712 (Spring AI's chat memory component contained a problematic 
default that ...)
@@ -3013,7 +3013,7 @@ CVE-2026-41610 (Improper neutralization of input during 
web page generation ('cr
 CVE-2026-41551 (A vulnerability has been identified in ROS# (All versions < 
V2.2.2). A ...)
        NOT-FOR-US: Siemens
 CVE-2026-41513 (Horilla is an HR and CRM software. In 1.5.0, the notification 
endpoint ...)
-       TODO: check
+       NOT-FOR-US: Horilla
 CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat.  
This issue  ...)
        - tomcat11 11.0.22-1
        - tomcat10 <unfixed>
@@ -3710,11 +3710,11 @@ CVE-2026-42188 (Geyser is a bridge between Minecraft: 
Bedrock Edition and Minecr
 CVE-2026-42046 (libcaca is a colour ASCII art library. In 0.99.beta20 and 
earlier, an  ...)
        TODO: check
 CVE-2026-41872 ("Kura Sushi Official App" provided by EPG, Inc. is vulnerable 
to impro ...)
-       TODO: check
+       NOT-FOR-US: Kura Sushi Official App
 CVE-2026-41530 (The automatic folder creation feature of Lhaz and Lhaz+ 
provided by Ch ...)
-       TODO: check
+       NOT-FOR-US: Lhaz
 CVE-2026-41489 (Pi-hole is a DNS sinkhole that protects devices from unwanted 
content  ...)
-       TODO: check
+       NOT-FOR-US: Pi-Hole
 CVE-2026-40137 (SAP TAF_APPLAUNCHER within Business Server Pages allows an 
unauthentic ...)
        NOT-FOR-US: SAP
 CVE-2026-40136 (SAP Financial Consolidation allows an authenticated attacker 
to discon ...)
@@ -4148,7 +4148,7 @@ CVE-2026-42313 (pyLoad is a free and open-source download 
manager written in Pyt
 CVE-2026-42312 (pyLoad is a free and open-source download manager written in 
Python. P ...)
        - pyload <itp> (bug #1001980)
 CVE-2026-41951 (Path traversal vulnerability exists in GROWI v7.5.0 and 
earlier, which ...)
-       TODO: check
+       NOT-FOR-US: GROWI
 CVE-2026-41431 (Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser 
ships a  ...)
        TODO: check
 CVE-2026-41257 (jq is a command-line JSON processor. In 1.8.1 and earlier, the 
jq byte ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02948789499c8d8a4992213a1c0a1bd8d636d96a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02948789499c8d8a4992213a1c0a1bd8d636d96a
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to