Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf90d389 by Salvatore Bonaccorso at 2026-06-25T22:19:01+02:00
Add new issues for pnpm, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -186,19 +186,19 @@ CVE-2026-55892 (Vim is an open source, command line text 
editor. Prior to 9.2.06
        NOTE: https://github.com/vim/vim/security/advisories/GHSA-qm9w-fmpj-879h
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/8325b193bba5f01e7a7d8241fc8633d93dff996b 
(v9.2.0662)
 CVE-2026-55700 (pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm 
stage downl ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-55699 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, 
Manifest bin o ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-55698 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm 
can persi ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-55697 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm 
can insta ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-55693 (Vim is an open source, command line text editor. Prior to 
9.2.0653, th ...)
        TODO: check
 CVE-2026-55667 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
        NOT-FOR-US: File Browser
 CVE-2026-55487 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the 
generic pe ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-55477 (3X-UI is a web control panel for managing Xray-core servers. 
Prior to  ...)
        NOT-FOR-US: 3X-UI
 CVE-2026-55439 (Halo is an open source website building tool. Prior to 2.24.3, 
a path  ...)
@@ -210,7 +210,7 @@ CVE-2026-55412 (ToolJet is the open-source foundation am 
AI-native platform for
 CVE-2026-55411 (ToolJet is the open-source foundation am AI-native platform 
for buildi ...)
        NOT-FOR-US: ToolJet
 CVE-2026-55180 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm 
and pacqu ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy 
downloads an  ...)
        TODO: check
 CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage 
(S3), fil ...)
@@ -292,21 +292,21 @@ CVE-2026-54024 (LibreChat is an enhanced ChatGPT clone 
that supports multiple AI
 CVE-2026-53925 (Glances is an open-source system cross-platform monitoring 
tool. From  ...)
        TODO: check
 CVE-2026-50573 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm 
install` ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-50549 (Cursor is a code editor built for programming with AI. Prior 
to 3.0, C ...)
        NOT-FOR-US: Cursor
 CVE-2026-50548 (Cursor is a code editor built for programming with AI. Prior 
to 3.0, C ...)
        NOT-FOR-US: Cursor
 CVE-2026-50021 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's 
tarball ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-50017 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm 
can send  ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-50016 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm 
allows a  ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-50015 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's 
patch a ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-50014 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm 
passes th ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-4930 (SYMCRYPTO is the SiXG301's host side hardware engine accessed 
by PSA c ...)
        NOT-FOR-US: Silicon Labs
 CVE-2026-4526 (In EmberZNet v9.0.2 and earlier, malformed global ZCL messages 
can tri ...)
@@ -318,7 +318,7 @@ CVE-2026-49506 (Dell Wyse Management Suite, versions prior 
to WMS 5.5 HF1, conta
 CVE-2026-49319 (Remote Keyless Entry System (RKES), using the 433 MHz key fob 
bearing  ...)
        TODO: check
 CVE-2026-48995 (pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a 
malicious co ...)
-       TODO: check
+       - pnpm <itp> (bug #985669)
 CVE-2026-48946 (The K2 frontend article-attachment upload path accepts files 
whose ext ...)
        NOT-FOR-US: Joomla
 CVE-2026-48945 (The K2 article gallery upload path accepts a zip/tar archive, 
extracts ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf90d3890e6ffffa0551030c896bfec2be104ea0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf90d3890e6ffffa0551030c896bfec2be104ea0
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to