Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf90d389 by Salvatore Bonaccorso at 2026-06-25T22:19:01+02:00
Add new issues for pnpm, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -186,19 +186,19 @@ CVE-2026-55892 (Vim is an open source, command line text
editor. Prior to 9.2.06
NOTE: https://github.com/vim/vim/security/advisories/GHSA-qm9w-fmpj-879h
NOTE: Fixed by:
https://github.com/vim/vim/commit/8325b193bba5f01e7a7d8241fc8633d93dff996b
(v9.2.0662)
CVE-2026-55700 (pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm
stage downl ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55699 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3,
Manifest bin o ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55698 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm
can persi ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55697 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm
can insta ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55693 (Vim is an open source, command line text editor. Prior to
9.2.0653, th ...)
TODO: check
CVE-2026-55667 (File Browser is a file managing interface for uploading,
deleting, pre ...)
NOT-FOR-US: File Browser
CVE-2026-55487 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the
generic pe ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55477 (3X-UI is a web control panel for managing Xray-core servers.
Prior to ...)
NOT-FOR-US: 3X-UI
CVE-2026-55439 (Halo is an open source website building tool. Prior to 2.24.3,
a path ...)
@@ -210,7 +210,7 @@ CVE-2026-55412 (ToolJet is the open-source foundation am
AI-native platform for
CVE-2026-55411 (ToolJet is the open-source foundation am AI-native platform
for buildi ...)
NOT-FOR-US: ToolJet
CVE-2026-55180 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm
and pacqu ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy
downloads an ...)
TODO: check
CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage
(S3), fil ...)
@@ -292,21 +292,21 @@ CVE-2026-54024 (LibreChat is an enhanced ChatGPT clone
that supports multiple AI
CVE-2026-53925 (Glances is an open-source system cross-platform monitoring
tool. From ...)
TODO: check
CVE-2026-50573 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm
install` ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50549 (Cursor is a code editor built for programming with AI. Prior
to 3.0, C ...)
NOT-FOR-US: Cursor
CVE-2026-50548 (Cursor is a code editor built for programming with AI. Prior
to 3.0, C ...)
NOT-FOR-US: Cursor
CVE-2026-50021 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's
tarball ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50017 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm
can send ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50016 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm
allows a ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50015 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's
patch a ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-50014 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm
passes th ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-4930 (SYMCRYPTO is the SiXG301's host side hardware engine accessed
by PSA c ...)
NOT-FOR-US: Silicon Labs
CVE-2026-4526 (In EmberZNet v9.0.2 and earlier, malformed global ZCL messages
can tri ...)
@@ -318,7 +318,7 @@ CVE-2026-49506 (Dell Wyse Management Suite, versions prior
to WMS 5.5 HF1, conta
CVE-2026-49319 (Remote Keyless Entry System (RKES), using the 433 MHz key fob
bearing ...)
TODO: check
CVE-2026-48995 (pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a
malicious co ...)
- TODO: check
+ - pnpm <itp> (bug #985669)
CVE-2026-48946 (The K2 frontend article-attachment upload path accepts files
whose ext ...)
NOT-FOR-US: Joomla
CVE-2026-48945 (The K2 article gallery upload path accepts a zip/tar archive,
extracts ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf90d3890e6ffffa0551030c896bfec2be104ea0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf90d3890e6ffffa0551030c896bfec2be104ea0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits