Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
00c0e483 by Moritz Muehlenhoff at 2026-06-29T22:27:28+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,41 +23,41 @@ CVE-2026-57965 (A flaw was found in spice-vdagent. A 
malicious or compromised SP
        - spice-vdagent <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2493581
 CVE-2026-57960 (Hi.Events through 1.9.0 public check-in list endpoints use 
short_id as ...)
-       TODO: check
+       NOT-FOR-US: Hi.Events
 CVE-2026-57959 (Hi.Events through 1.9.0 contains a promo code validation 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Hi.Events
 CVE-2026-57958 (Mixpost through 2.6.0 contains a reflected cross-site 
scripting vulner ...)
-       TODO: check
+       NOT-FOR-US: Mixpost
 CVE-2026-57957 (Papermark through 0.22.0 contains a cross-origin resource 
sharing (COR ...)
-       TODO: check
+       NOT-FOR-US: Papermark
 CVE-2026-57956 (SigNoz through 0.130.1 contains a broken access control 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: SigNoz
 CVE-2026-57955 (SigNoz through 0.130.1 contains a SQL injection vulnerability 
that all ...)
-       TODO: check
+       NOT-FOR-US: SigNoz
 CVE-2026-57954 (Elide through 7.1.17 fails to enforce @ReadPermission on 
client-suppli ...)
-       TODO: check
+       NOT-FOR-US: Elide
 CVE-2026-57953 (Mythic before 3.4.0.60 contains an authorization bypass 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Mythic
 CVE-2026-57952 (Mythic before 3.4.0.60 contains an authorization bypass 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Mythic
 CVE-2026-57951 (Mythic before 3.4.0.60 contains a broken hasura permission 
filter on t ...)
-       TODO: check
+       NOT-FOR-US: Mythic
 CVE-2026-57950 (ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 
contains a brok ...)
-       TODO: check
+       NOT-FOR-US: ruoyi-vue-pro
 CVE-2026-57949 (ruoyi-vue-pro through 2026.05, fixed in commit c779a47, 
contains a mis ...)
-       TODO: check
+       NOT-FOR-US: ruoyi-vue-pro
 CVE-2026-57948 (Pinpoint through version 3.1.0 contains an insecure session 
management ...)
-       TODO: check
+       NOT-FOR-US: Pinpoint
 CVE-2026-57947 (Pinpoint through 3.1.0 contains a server-side request forgery 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Pinpoint
 CVE-2026-57946 (Invidious before version 2.20260626.0 contains a broken access 
control ...)
-       TODO: check
+       NOT-FOR-US: Invidious
 CVE-2026-57945 (PhotoPrism before 260601-a7d098548 contains a broken access 
control vu ...)
-       TODO: check
+       NOT-FOR-US: PhotoPrism
 CVE-2026-57943 (LibrePhotos before 1.0.0 contains a broken object level 
authorization  ...)
-       TODO: check
+       NOT-FOR-US: LibrePhotos
 CVE-2026-57942 (LibreTranslate through 1.9.7, fixed in commit 397fd22, 
contains an IP  ...)
-       TODO: check
+       NOT-FOR-US: LibreTranslate
 CVE-2026-57676 (Authorization Bypass Through User-Controlled Key vulnerability 
in Matt ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57525
@@ -105,7 +105,7 @@ CVE-2026-56783 (Parseable before 2.9.2 contains an 
information disclosure vulner
 CVE-2026-56782 (Gorse before 0.5.10 contains an authentication bypass 
vulnerability in ...)
        TODO: check
 CVE-2026-56781 (Teable before 2026-06-15T04-43-24Z.1912 contains an improper 
access co ...)
-       TODO: check
+       NOT-FOR-US: Modoboa
 CVE-2026-56780 (Modoboa before 2.9.0 contains an insecure direct object 
reference vuln ...)
        TODO: check
 CVE-2026-56457 (HCL DevOps Deploy / HCL Launch is susceptible to an exposure 
of sensit ...)
@@ -135,15 +135,15 @@ CVE-2026-41991 (GNU gzip contains a vulnerability in the 
gzexe utility related t
 CVE-2026-41052 (Improper privilege handling could be used by users withProject 
Owner r ...)
        TODO: check
 CVE-2026-40524 (FrontAccounting before 2.4.20 contains a SQL injection 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: FrontAccounting
 CVE-2026-40523 (FrontAccounting before 2.4.20 contains a SQL injection 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: FrontAccounting
 CVE-2026-40522 (FrontAccounting before 2.4.20 contains a SQL injection 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: FrontAccounting
 CVE-2026-40521 (FrontAccounting before 2.4.20 contains a path traversal 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: FrontAccounting
 CVE-2026-36848 (Gigamon GVOS v5.16.1 and below is vulnerable to Directory 
Traversal in ...)
-       TODO: check
+       NOT-FOR-US: Gigamon GVOS
 CVE-2026-25707 (A relative path traversal bug problem when processing 
repository metad ...)
        TODO: check
 CVE-2026-22078 (Because O+ Connect's IPC service does not authenticate 
clients, extern ...)
@@ -251,19 +251,19 @@ CVE-2026-13549 (A security flaw has been discovered in 
CodeAstro Complaint Manag
 CVE-2026-13548 (A vulnerability was identified in itsourcecode Hospital 
Management Sys ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-13547 (A vulnerability was determined in Hanwang e-Face General 
Management Pl ...)
-       TODO: check
+       NOT-FOR-US: Hanwang e-Face
 CVE-2026-13546 (A vulnerability was found in Feehi CMS up to 2.1.1. This 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Feehi CMS
 CVE-2026-13545 (A vulnerability has been found in D-Link DCS-935L 1.10.01. 
This affect ...)
        NOT-FOR-US: D-Link
 CVE-2026-13437 (Insertion of sensitive information into sent data in the AI 
Agent job  ...)
        NOT-FOR-US: Devolutions
 CVE-2026-13165 (SzafirHost verifies the downloaded native library archive with 
one Jar ...)
-       TODO: check
+       NOT-FOR-US: SzafirHost
 CVE-2026-12912 (A flaw was found in libtiff. A remote attacker could exploit 
this vuln ...)
        TODO: check
 CVE-2026-12856 (A flaw was found in the vscode-java extension, which provides 
Java lan ...)
-       TODO: check
+       NOT-FOR-US: vscode-java
 CVE-2026-12672
        REJECTED
 CVE-2026-12616 (The /v1/upload/sbom endpoint extracts the iss claim from the 
attacker- ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00c0e48306baf262bde8bc8a57892b5960245ce7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00c0e48306baf262bde8bc8a57892b5960245ce7
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to