Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2041421d by Salvatore Bonaccorso at 2026-06-26T21:56:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -187,11 +187,11 @@ CVE-2026-57231 (Podman is a tool for managing OCI
containers and pods. From 1.8.
CVE-2026-56876 (extract-zip does not validate symlink targets when extracting
zip arch ...)
TODO: check
CVE-2026-56823 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2026-56773 (Teable's v2 REST API controller lacks @Permissions metadata on
ORPC en ...)
- TODO: check
+ NOT-FOR-US: teableio teable
CVE-2026-56663 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2026-56072 (Unauthenticated Cross Site Scripting (XSS) in WoodMart <=
8.5.3 versio ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-56070 (Unauthenticated SQL Injection in Advance Product Search <=
1.4.4 versi ...)
@@ -313,7 +313,7 @@ CVE-2026-54820 (Unauthenticated SQL Injection in JetBooking
<= 4.0.4.1 versions.
CVE-2026-54753 (Nx is a monorepo solution for TypeScript and polyglot
codebases. From ...)
TODO: check
CVE-2026-54636 (Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron
plugin utili ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-54557 (mise manages dev tools like node, python, cmake, and
terraform. Prior ...)
TODO: check
CVE-2026-54341 (Dragonfly is an in-memory data store built for modern
application work ...)
@@ -331,7 +331,7 @@ CVE-2026-48743 (Envoy is an open source edge and service
proxy designed for clou
CVE-2026-48706 (Envoy is an open source edge and service proxy designed for
cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-48529 (GitHub MCP Server is GitHub's official MCP Server. From 0.22.0
until 1 ...)
- TODO: check
+ NOT-FOR-US: GitHub MCP Server
CVE-2026-48497 (Envoy is an open source edge and service proxy designed for
cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-48090 (Envoy is an open source edge and service proxy designed for
cloud-nati ...)
@@ -351,7 +351,7 @@ CVE-2026-47221 (Envoy is an open source edge and service
proxy designed for clou
CVE-2026-47220 (Envoy is an open source edge and service proxy designed for
cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-47214 (Docling simplifies document processing by parsing diverse
formats and ...)
- TODO: check
+ NOT-FOR-US: Docling
CVE-2026-47207 (Envoy is an open source edge and service proxy designed for
cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-47206 (Dragonfly is an in-memory data store built for modern
application work ...)
@@ -361,21 +361,21 @@ CVE-2026-47205 (Envoy is an open source edge and service
proxy designed for clou
CVE-2026-47204 (Envoy is an open source edge and service proxy designed for
cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-45408 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name
validati ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-45407 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth
command ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-45406 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the
openresty-vhosts ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-45405 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the
git:from-archive ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-45257 (The KTLS receive path decrypted each record in place, assuming
that th ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-45256 (When used to deliver a signal to a specific thread,
thr_kill2(2) calle ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-45195 (Kernel software installed and running inside a Host VM may
post improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-44018 (Docling simplifies document processing by parsing diverse
formats and ...)
- TODO: check
+ NOT-FOR-US: Docling
CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore
v2.16.0 ...)
NOT-FOR-US: Dell / EMC
CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3,
11.5.x <= 1 ...)
@@ -857,7 +857,7 @@ CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2,
contains a stack buf
CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This
potential ...)
TODO: check
CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA
CORPORAT ...)
- TODO: check
+ NOT-FOR-US: Dynabook Inc.
CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based
buffer ove ...)
TODO: check
CVE-2026-56122 (Winstone Servlet Engine through 0.9.10 contains a path
traversal vulne ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041421ddbd191f4f55609929e48ed4684741e80
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041421ddbd191f4f55609929e48ed4684741e80
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits