Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e2a50b1d by Salvatore Bonaccorso at 2026-06-25T22:17:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119,21 +119,21 @@ CVE-2026-56786 (RTKLIB through 2.4.3 contains an 
out-of-bounds write vulnerabili
        - rtklib <unfixed>
        NOTE: https://github.com/tomojitakasu/RTKLIB/issues/799
 CVE-2026-56779 (MaxKB before 2.10.0 contains a server-side request forgery 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: MaxKB
 CVE-2026-56774 (Kanboard through 1.2.52, fixed in commit 928c68a, 
UserViewController:: ...)
        TODO: check
 CVE-2026-56772 (NewsBlur before 14.5.0 contains a broken access control 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: NewsBlur
 CVE-2026-56771 (NewsBlur before version 14.5.0 contains a server-side request 
forgery  ...)
-       TODO: check
+       NOT-FOR-US: NewsBlur
 CVE-2026-56770 (libais through 0.15 VdmStream::AddLine uses an unchecked 
sentinel valu ...)
        TODO: check
 CVE-2026-56769 (Huly Platform through 0.7.423, fixed in commit 68cbf8a 
contains an aut ...)
-       TODO: check
+       NOT-FOR-US: Huly Platform
 CVE-2026-56768 (Seahub before 13.0.23 does not enforce 
SHARE_LINK_LOGIN_REQUIRED on GE ...)
-       TODO: check
+       NOT-FOR-US: Seahub
 CVE-2026-56767 (Maxun before 0.0.42 contains a cross-tenant insecure direct 
object ref ...)
-       TODO: check
+       NOT-FOR-US: Maxun
 CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack 
buffer ov ...)
        TODO: check
 CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This 
potential ...)
@@ -193,25 +193,25 @@ CVE-2026-55697 (pnpm is a package manager. Prior to 
10.34.2 and 11.5.3, pnpm can
 CVE-2026-55693 (Vim is an open source, command line text editor. Prior to 
9.2.0653, th ...)
        TODO: check
 CVE-2026-55667 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-55487 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the 
generic pe ...)
        TODO: check
 CVE-2026-55477 (3X-UI is a web control panel for managing Xray-core servers. 
Prior to  ...)
-       TODO: check
+       NOT-FOR-US: 3X-UI
 CVE-2026-55439 (Halo is an open source website building tool. Prior to 2.24.3, 
a path  ...)
-       TODO: check
+       NOT-FOR-US: Halo
 CVE-2026-55413 (ToolJet is the open-source foundation am AI-native platform 
for buildi ...)
-       TODO: check
+       NOT-FOR-US: ToolJet
 CVE-2026-55412 (ToolJet is the open-source foundation am AI-native platform 
for buildi ...)
-       TODO: check
+       NOT-FOR-US: ToolJet
 CVE-2026-55411 (ToolJet is the open-source foundation am AI-native platform 
for buildi ...)
-       TODO: check
+       NOT-FOR-US: ToolJet
 CVE-2026-55180 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm 
and pacqu ...)
        TODO: check
 CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy 
downloads an  ...)
        TODO: check
 CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage 
(S3), fil ...)
-       TODO: check
+       NOT-FOR-US: SeaweedFS
 CVE-2026-54849 (Unauthenticated SQL Injection in Premmerce Wishlist for 
WooCommerce <= ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54848 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Saa ...)
@@ -245,55 +245,55 @@ CVE-2026-54821 (Subscriber Sensitive Data Exposure in 
Visual Link Preview <= 2.3
 CVE-2026-54679 (jq is a command-line JSON processor. Prior to 1.8.2, on 32bit 
system,  ...)
        TODO: check
 CVE-2026-54573 (Outline is a service that allows for collaborative 
documentation. Prio ...)
-       TODO: check
+       NOT-FOR-US: Outline
 CVE-2026-54448 (Trivy is a security scanner. Prior to 0.71.0, when Trivy scans 
a Helm  ...)
        TODO: check
 CVE-2026-54250 (K3s is a fully conformant production-ready Kubernetes 
distribution. Pr ...)
-       TODO: check
+       NOT-FOR-US: K3s
 CVE-2026-54097 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54096 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54094 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54093 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54092 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54091 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54090 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54089 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54088 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54040 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-54037 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-54036 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-54033 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-54030 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-54029 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-54027 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-54025 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-54024 (LibreChat is an enhanced ChatGPT clone that supports multiple 
AI provi ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2026-53925 (Glances is an open-source system cross-platform monitoring 
tool. From  ...)
        TODO: check
 CVE-2026-50573 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm 
install` ...)
        TODO: check
 CVE-2026-50549 (Cursor is a code editor built for programming with AI. Prior 
to 3.0, C ...)
-       TODO: check
+       NOT-FOR-US: Cursor
 CVE-2026-50548 (Cursor is a code editor built for programming with AI. Prior 
to 3.0, C ...)
-       TODO: check
+       NOT-FOR-US: Cursor
 CVE-2026-50021 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's 
tarball ...)
        TODO: check
 CVE-2026-50017 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm 
can send  ...)
@@ -367,7 +367,7 @@ CVE-2026-46607 (Glances is an open-source system 
cross-platform monitoring tool.
 CVE-2026-46606 (Glances is an open-source system cross-platform monitoring 
tool. Prior ...)
        TODO: check
 CVE-2026-45233 (HTMLy CMS through 3.1.1 contains a path traversal 
vulnerability that a ...)
-       TODO: check
+       NOT-FOR-US: HTMLy CMS
 CVE-2026-41120 (Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, 
contain an  ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-2815 (Incorrect use of the PUF key for user key generation in 
EFR32xG27 resu ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a50b1d0dec588dc90215ddb6cd166122219d6c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a50b1d0dec588dc90215ddb6cd166122219d6c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to