Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7ea3244e by Salvatore Bonaccorso at 2026-05-29T22:05:26+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -199,11 +199,11 @@ CVE-2026-45555 (Roslyn CodeLens MCP Server is a 
Roslyn-based MCP server providin
 CVE-2026-45551 (Group-Office is an enterprise customer relationship management 
and gro ...)
        NOT-FOR-US: Group-Office
 CVE-2026-45312 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) 
engine. ...)
-       TODO: check
+       NOT-FOR-US: RAGFlow
 CVE-2026-45043 (RustFS is a distributed object storage system built in Rust. 
Prior to  ...)
-       TODO: check
+       NOT-FOR-US: RustFS
 CVE-2026-44962 (Plesk contains an XPath injection vulnerability in the APS 
Application ...)
-       TODO: check
+       NOT-FOR-US: Plesk
 CVE-2026-44698 (Home Assistant is open source home automation software that 
puts local ...)
        TODO: check
 CVE-2026-44697 (Klever-Go is the Go implementation of the Klever blockchain 
protocol.  ...)
@@ -961,9 +961,9 @@ CVE-2026-45410 (TREK is a collaborative travel planner. 
Prior to 3.0.18, early r
 CVE-2026-45403 (AnythingLLM is an application that turns pieces of content 
into contex ...)
        NOT-FOR-US: AnythingLLM
 CVE-2026-45366 (typescript-utcp is a typescript implementation of UTCP. Prior 
to 1.1.2 ...)
-       TODO: check
+       NOT-FOR-US: typescript-utcp
 CVE-2026-45364 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-45344 (LinkAce is a self-hosted archive to collect website links. 
Prior to 2. ...)
        NOT-FOR-US: LinkAce
 CVE-2026-45343 (LinkAce is a self-hosted archive to collect website links. 
Prior to 2. ...)
@@ -1366,7 +1366,7 @@ CVE-2026-45297 (OpenReplay is a self-hosted session 
replay suite. Prior to 1.26.
 CVE-2026-45296 (OpenReplay is a self-hosted session replay suite. Prior to 
1.26.0, Ope ...)
        NOT-FOR-US: OpenReplay
 CVE-2026-45292 (opentelemetry-java is the Java implementation of the 
OpenTelemetry API ...)
-       TODO: check
+       NOT-FOR-US: opentelemetry-java
 CVE-2026-45261 (GitButler is a modern Git-based version control interface for 
AI-power ...)
        NOT-FOR-US: GitButler
 CVE-2026-45078 (Synapse is an open source Matrix homeserver implementation. 
Prior to 1 ...)
@@ -1390,7 +1390,7 @@ CVE-2026-45039 (RustFS is a distributed object storage 
system built in Rust. Pri
 CVE-2026-45021 (Kuma is a modern Envoy-based service mesh that can run on 
every cloud  ...)
        NOT-FOR-US: Kuma
 CVE-2026-45017 (Python Liquid is a Python engine for the Liquid template 
language. Pri ...)
-       TODO: check
+       NOT-FOR-US: Python Liquid
 CVE-2026-44798 (Nautobot is a Network Source of Truth and Network Automation 
Platform. ...)
        TODO: check
 CVE-2026-44797 (Nautobot is a Network Source of Truth and Network Automation 
Platform. ...)
@@ -2244,7 +2244,7 @@ CVE-2026-46402 (Microsoft UFO open-source framework for 
intelligent automation a
 CVE-2026-45322 (Microsoft UFO open-source framework for intelligent automation 
across  ...)
        NOT-FOR-US: Microsoft UFO
 CVE-2026-45152 (uniget is a universal installer and updater for (container) 
tools. Pri ...)
-       TODO: check
+       NOT-FOR-US: uniget
 CVE-2026-45136 (claude-code-cache-fix is a cache optimization proxy for Claude 
Code. F ...)
        NOT-FOR-US: claude-code-cache-fix
 CVE-2026-45134 (LangSmith Client SDKs provide SDK's for interacting with the 
LangSmith ...)
@@ -2256,13 +2256,13 @@ CVE-2026-45104 (MapServer is a system for developing 
web-based GIS applications.
 CVE-2026-45102 (OneUptime is an open-source monitoring and observability 
platform. Pri ...)
        NOT-FOR-US: OneUptime
 CVE-2026-45083 (The Goobi viewer is a web application that allows digitised 
material t ...)
-       TODO: check
+       NOT-FOR-US: Goobi viewer
 CVE-2026-44888 (Pi.Alert is a WIFI / LAN intruder detector with web service 
monitoring ...)
-       TODO: check
+       NOT-FOR-US: Pi.Alert
 CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder detector with web service 
monitoring ...)
-       TODO: check
+       NOT-FOR-US: Pi.Alert
 CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service 
monitoring ...)
-       TODO: check
+       NOT-FOR-US: Pi.Alert
 CVE-2026-44724 (systeminformation is a System and OS information library for 
node.js.  ...)
        TODO: check
 CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and 
assessment pl ...)
@@ -2574,9 +2574,9 @@ CVE-2026-45081 (Frappe HR is an open-source human 
resources management solution
 CVE-2026-45061 (Budibase is an open-source low-code platform. Prior to 
3.35.10, the Pl ...)
        NOT-FOR-US: Budibase
 CVE-2026-45047 (bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the 
apiHandl ...)
-       TODO: check
+       NOT-FOR-US: bird-lg-go
 CVE-2026-45046 (Gryph provides a security layer for AI coding agents. Prior to 
0.7.0,  ...)
-       TODO: check
+       NOT-FOR-US: Gryph
 CVE-2026-45027 (WeGIA is a web manager for charitable institutions. In 
versions prior  ...)
        NOT-FOR-US: WeGIA
 CVE-2026-45022 (go-git is an extensible git implementation library written in 
pure Go. ...)
@@ -2591,7 +2591,7 @@ CVE-2026-44972 (GuardDog is a CLI tool to identify 
malicious PyPI packages. From
 CVE-2026-44971 (GuardDog is a CLI tool to identify malicious PyPI packages. 
From 1.0.0 ...)
        NOT-FOR-US: GuardDog
 CVE-2026-44902 (opentelemetry-js is the OpenTelemetry JavaScript Client. Prior 
to 0.21 ...)
-       TODO: check
+       NOT-FOR-US: opentelemetry-js
 CVE-2026-44839 (RabbitMQ is a messaging and streaming broker. From 3.7.0 to 
before 4.1 ...)
        TODO: check
 CVE-2026-44838 (RabbitMQ is a messaging and streaming broker. From 4.2.0 to 
before 4.2 ...)
@@ -4665,7 +4665,7 @@ CVE-2026-44985 (Dozzle is a realtime log viewer for 
docker containers. Prior to
 CVE-2026-44983 (smallbitvec is a growable bit-vector for Rust, optimized for 
size. Fro ...)
        TODO: check
 CVE-2026-44966 (Velocity.js is a JavaScript implementation of the Apache 
Velocity temp ...)
-       TODO: check
+       NOT-FOR-US: Velocity.js
 CVE-2026-44905 (Vanetza is an open-source implementation of the ETSI C-ITS 
protocol su ...)
        NOT-FOR-US: Vanetza
 CVE-2026-44903 (Prometheus is an open-source monitoring system and time series 
databas ...)
@@ -4681,13 +4681,13 @@ CVE-2026-44897 (Mistune is a Python Markdown parser 
with renderers and plugins.
 CVE-2026-44896 (Mistune is a Python Markdown parser with renderers and 
plugins. In 3.2 ...)
        TODO: check
 CVE-2026-44895 (GitLab MCP Server lets an AI agent talk directly to GitLab. 
Prior to 0 ...)
-       TODO: check
+       NOT-FOR-US: GitLab MCP Server
 CVE-2026-44847 (MaxKB is an open-source AI assistant for enterprise. Prior to 
2.9.0, M ...)
        NOT-FOR-US: MaxKB
 CVE-2026-44844 (eml_parser serves as a python module for parsing eml files and 
returni ...)
-       TODO: check
+       NOT-FOR-US: eml_parser Python module
 CVE-2026-44843 (LangChain is a framework for building agents and LLM-powered 
applicati ...)
-       TODO: check
+       NOT-FOR-US: LangChain
 CVE-2026-44837 (view_component is a framework for building reusable, testable, 
and enc ...)
        TODO: check
 CVE-2026-44836 (view_component is a framework for building reusable, testable, 
and enc ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea3244e212feafcdb8b249d6dc23acec6ee3ad9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea3244e212feafcdb8b249d6dc23acec6ee3ad9
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to