Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d2478659 by Salvatore Bonaccorso at 2026-06-18T10:50:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2026-9860 (The Offload, AI & Optimize with Cloudflare 
Images plugin for Word
 CVE-2026-9199 (The Equalize Digital Accessibility Checker \u2013 WCAG, ADA, 
EAA and S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-8050 (In SignalRGB versions prior to 1.3.7.0, seven of the thirteen 
IOCTL ha ...)
-       TODO: check
+       NOT-FOR-US: SignalRGB
 CVE-2026-8049 (In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device 
object ...)
-       TODO: check
+       NOT-FOR-US: SignalRGB
 CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions; latest commit 
459cabdbeb9 ...)
        NOT-FOR-US: Nur-Alam39 bus-ticket
 CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to 
properly v ...)
@@ -37,9 +37,9 @@ CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit 
ff45d3b, fails to reco
        NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
        NOTE: Fixed by: 
https://github.com/tinyproxy/tinyproxy/commit/623bfc093df009296f0b85d40bc677ef9d5c09bb
 CVE-2026-54386 (marimo before 0.23.9 contains a reflected cross-site scripting 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: marimo
 CVE-2026-53676 (ThingsBoard contains a prototype pollution vulnerability which 
may lea ...)
-       TODO: check
+       NOT-FOR-US: ThingsBoard
 CVE-2026-50268 (Steeltoe is an open source project that provides a collection 
of libra ...)
        NOT-FOR-US: Steeltoe
 CVE-2026-50267 (Steeltoe is an open source project that provides a collection 
of libra ...)
@@ -57,15 +57,15 @@ CVE-2026-50194 (Steeltoe is an open source project that 
provides a collection of
 CVE-2026-50107 (When NGINX Plus or NGINX Open Source is configured as the data 
plane f ...)
        TODO: check
 CVE-2026-49133 (Typemill before 2.24.0 contains a path traversal vulnerability 
that al ...)
-       TODO: check
+       NOT-FOR-US: Typemill
 CVE-2026-48997 (e107 is a content management system (CMS). Versions  2.3.5 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: e107 CMS
 CVE-2026-48991 (XianYuLauncher is a Minecraft Java Edition launcher. In 
versions prior ...)
        NOT-FOR-US: XianYuLauncher
 CVE-2026-48990 (joserfc is a Python library that provides an implementation of 
several ...)
        TODO: check
 CVE-2026-48989 (Windows-MCP is an open-source project that integrates AI 
agents with W ...)
-       TODO: check
+       NOT-FOR-US: Windows-MCP
 CVE-2026-48988 (markdown-it is a Markdown parser. Versions 14.1.1 and below 
contain a  ...)
        TODO: check
 CVE-2026-48979 (PHP Standard Library (PSL) is set of APIs covering async, 
collections, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2478659fc30da1c75536e480a32094555779d34

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2478659fc30da1c75536e480a32094555779d34
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to