Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2a50b1d by Salvatore Bonaccorso at 2026-06-25T22:17:38+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -119,21 +119,21 @@ CVE-2026-56786 (RTKLIB through 2.4.3 contains an
out-of-bounds write vulnerabili
- rtklib <unfixed>
NOTE: https://github.com/tomojitakasu/RTKLIB/issues/799
CVE-2026-56779 (MaxKB before 2.10.0 contains a server-side request forgery
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: MaxKB
CVE-2026-56774 (Kanboard through 1.2.52, fixed in commit 928c68a,
UserViewController:: ...)
TODO: check
CVE-2026-56772 (NewsBlur before 14.5.0 contains a broken access control
vulnerability ...)
- TODO: check
+ NOT-FOR-US: NewsBlur
CVE-2026-56771 (NewsBlur before version 14.5.0 contains a server-side request
forgery ...)
- TODO: check
+ NOT-FOR-US: NewsBlur
CVE-2026-56770 (libais through 0.15 VdmStream::AddLine uses an unchecked
sentinel valu ...)
TODO: check
CVE-2026-56769 (Huly Platform through 0.7.423, fixed in commit 68cbf8a
contains an aut ...)
- TODO: check
+ NOT-FOR-US: Huly Platform
CVE-2026-56768 (Seahub before 13.0.23 does not enforce
SHARE_LINK_LOGIN_REQUIRED on GE ...)
- TODO: check
+ NOT-FOR-US: Seahub
CVE-2026-56767 (Maxun before 0.0.42 contains a cross-tenant insecure direct
object ref ...)
- TODO: check
+ NOT-FOR-US: Maxun
CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack
buffer ov ...)
TODO: check
CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This
potential ...)
@@ -193,25 +193,25 @@ CVE-2026-55697 (pnpm is a package manager. Prior to
10.34.2 and 11.5.3, pnpm can
CVE-2026-55693 (Vim is an open source, command line text editor. Prior to
9.2.0653, th ...)
TODO: check
CVE-2026-55667 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-55487 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the
generic pe ...)
TODO: check
CVE-2026-55477 (3X-UI is a web control panel for managing Xray-core servers.
Prior to ...)
- TODO: check
+ NOT-FOR-US: 3X-UI
CVE-2026-55439 (Halo is an open source website building tool. Prior to 2.24.3,
a path ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2026-55413 (ToolJet is the open-source foundation am AI-native platform
for buildi ...)
- TODO: check
+ NOT-FOR-US: ToolJet
CVE-2026-55412 (ToolJet is the open-source foundation am AI-native platform
for buildi ...)
- TODO: check
+ NOT-FOR-US: ToolJet
CVE-2026-55411 (ToolJet is the open-source foundation am AI-native platform
for buildi ...)
- TODO: check
+ NOT-FOR-US: ToolJet
CVE-2026-55180 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm
and pacqu ...)
TODO: check
CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy
downloads an ...)
TODO: check
CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage
(S3), fil ...)
- TODO: check
+ NOT-FOR-US: SeaweedFS
CVE-2026-54849 (Unauthenticated SQL Injection in Premmerce Wishlist for
WooCommerce <= ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-54848 (Insertion of Sensitive Information Into Sent Data
vulnerability in Saa ...)
@@ -245,55 +245,55 @@ CVE-2026-54821 (Subscriber Sensitive Data Exposure in
Visual Link Preview <= 2.3
CVE-2026-54679 (jq is a command-line JSON processor. Prior to 1.8.2, on 32bit
system, ...)
TODO: check
CVE-2026-54573 (Outline is a service that allows for collaborative
documentation. Prio ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2026-54448 (Trivy is a security scanner. Prior to 0.71.0, when Trivy scans
a Helm ...)
TODO: check
CVE-2026-54250 (K3s is a fully conformant production-ready Kubernetes
distribution. Pr ...)
- TODO: check
+ NOT-FOR-US: K3s
CVE-2026-54097 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54096 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54094 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54093 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54092 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54091 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54090 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54089 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54088 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54040 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-54037 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-54036 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-54033 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-54030 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-54029 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-54027 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-54025 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-54024 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-53925 (Glances is an open-source system cross-platform monitoring
tool. From ...)
TODO: check
CVE-2026-50573 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm
install` ...)
TODO: check
CVE-2026-50549 (Cursor is a code editor built for programming with AI. Prior
to 3.0, C ...)
- TODO: check
+ NOT-FOR-US: Cursor
CVE-2026-50548 (Cursor is a code editor built for programming with AI. Prior
to 3.0, C ...)
- TODO: check
+ NOT-FOR-US: Cursor
CVE-2026-50021 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's
tarball ...)
TODO: check
CVE-2026-50017 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm
can send ...)
@@ -367,7 +367,7 @@ CVE-2026-46607 (Glances is an open-source system
cross-platform monitoring tool.
CVE-2026-46606 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
TODO: check
CVE-2026-45233 (HTMLy CMS through 3.1.1 contains a path traversal
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: HTMLy CMS
CVE-2026-41120 (Dell Wyse Management Suite, versions prior to WMS 5.5 HF1,
contain an ...)
NOT-FOR-US: Dell / EMC
CVE-2026-2815 (Incorrect use of the PUF key for user key generation in
EFR32xG27 resu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a50b1d0dec588dc90215ddb6cd166122219d6c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a50b1d0dec588dc90215ddb6cd166122219d6c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits