Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2041421d by Salvatore Bonaccorso at 2026-06-26T21:56:52+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -187,11 +187,11 @@ CVE-2026-57231 (Podman is a tool for managing OCI 
containers and pods. From 1.8.
 CVE-2026-56876 (extract-zip does not validate symlink targets when extracting 
zip arch ...)
        TODO: check
 CVE-2026-56823 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2026-56773 (Teable's v2 REST API controller lacks @Permissions metadata on 
ORPC en ...)
-       TODO: check
+       NOT-FOR-US: teableio teable
 CVE-2026-56663 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2026-56072 (Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 
8.5.3 versio ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56070 (Unauthenticated SQL Injection in Advance Product Search <= 
1.4.4 versi ...)
@@ -313,7 +313,7 @@ CVE-2026-54820 (Unauthenticated SQL Injection in JetBooking 
<= 4.0.4.1 versions.
 CVE-2026-54753 (Nx is a monorepo solution for TypeScript and polyglot 
codebases. From  ...)
        TODO: check
 CVE-2026-54636 (Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron 
plugin utili ...)
-       TODO: check
+       NOT-FOR-US: Dokku
 CVE-2026-54557 (mise manages dev tools like node, python, cmake, and 
terraform. Prior  ...)
        TODO: check
 CVE-2026-54341 (Dragonfly is an in-memory data store built for modern 
application work ...)
@@ -331,7 +331,7 @@ CVE-2026-48743 (Envoy is an open source edge and service 
proxy designed for clou
 CVE-2026-48706 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
        - envoyproxy <itp> (bug #987544)
 CVE-2026-48529 (GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 
until 1 ...)
-       TODO: check
+       NOT-FOR-US: GitHub MCP Server
 CVE-2026-48497 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
        - envoyproxy <itp> (bug #987544)
 CVE-2026-48090 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
@@ -351,7 +351,7 @@ CVE-2026-47221 (Envoy is an open source edge and service 
proxy designed for clou
 CVE-2026-47220 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
        - envoyproxy <itp> (bug #987544)
 CVE-2026-47214 (Docling simplifies document processing by parsing diverse 
formats and  ...)
-       TODO: check
+       NOT-FOR-US: Docling
 CVE-2026-47207 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
        - envoyproxy <itp> (bug #987544)
 CVE-2026-47206 (Dragonfly is an in-memory data store built for modern 
application work ...)
@@ -361,21 +361,21 @@ CVE-2026-47205 (Envoy is an open source edge and service 
proxy designed for clou
 CVE-2026-47204 (Envoy is an open source edge and service proxy designed for 
cloud-nati ...)
        - envoyproxy <itp> (bug #987544)
 CVE-2026-45408 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name 
validati ...)
-       TODO: check
+       NOT-FOR-US: Dokku
 CVE-2026-45407 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth 
command  ...)
-       TODO: check
+       NOT-FOR-US: Dokku
 CVE-2026-45406 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the 
openresty-vhosts  ...)
-       TODO: check
+       NOT-FOR-US: Dokku
 CVE-2026-45405 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the 
git:from-archive  ...)
-       TODO: check
+       NOT-FOR-US: Dokku
 CVE-2026-45257 (The KTLS receive path decrypted each record in place, assuming 
that th ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2026-45256 (When used to deliver a signal to a specific thread, 
thr_kill2(2) calle ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2026-45195 (Kernel software installed and running inside a Host VM may 
post improp ...)
        NOT-FOR-US: Imagination Technologies
 CVE-2026-44018 (Docling simplifies document processing by parsing diverse 
formats and  ...)
-       TODO: check
+       NOT-FOR-US: Docling
 CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore 
v2.16.0 ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 
11.5.x <= 1 ...)
@@ -857,7 +857,7 @@ CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, 
contains a stack buf
 CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This 
potential ...)
        TODO: check
 CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA 
CORPORAT ...)
-       TODO: check
+       NOT-FOR-US: Dynabook Inc.
 CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based 
buffer ove ...)
        TODO: check
 CVE-2026-56122 (Winstone Servlet Engine through 0.9.10 contains a path 
traversal vulne ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041421ddbd191f4f55609929e48ed4684741e80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041421ddbd191f4f55609929e48ed4684741e80
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to