Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
806033c0 by Salvatore Bonaccorso at 2026-07-01T09:45:15+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,17 +41,17 @@ CVE-2026-58519 (Improper neutralization of input during web 
page generation ('cr
 CVE-2026-58518 (Cross-Site request forgery (CSRF) vulnerability in The 
Wikimedia Found ...)
        TODO: check
 CVE-2026-58450 (Invoice Ninja through 5.13.26 contains an open redirect 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Invoice Ninja
 CVE-2026-58449 (txtai through 9.10.0, fixed in commit 11b32da, exposes an API 
/reindex ...)
-       TODO: check
+       NOT-FOR-US: txtai
 CVE-2026-58448 (yudao-cloud before 2026.06 contains a broken access control 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: yudao-cloud
 CVE-2026-58447 (Invidious through 2.20260626.0, fixed in commit 77ad416, 
contains a br ...)
-       TODO: check
+       NOT-FOR-US: Invidious
 CVE-2026-58446 (Presenton before 0.8.8-beta bundles an MCP server that, on 
server/Dock ...)
-       TODO: check
+       NOT-FOR-US: Presenton
 CVE-2026-57995 (phpMyFAQ before 4.1.5 contains a privilege escalation 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: phpMyFAQ
 CVE-2026-57963 (An attacker who can send HTML chat messages (via Matrix or 
XMPP) can i ...)
        TODO: check
 CVE-2026-57962 (A malicious LDAP server, which a Thunderbird user is 
configured to que ...)
@@ -61,15 +61,15 @@ CVE-2026-57585 (MessagePack is the serializer 
implementation for Python msgpack.
 CVE-2026-57204 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.13 ...)
        TODO: check
 CVE-2026-56777 (n8n before 2.25.7 and 2.26.x before 2.26.2 contains an 
abstract syntax ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56700 (Grav CMS before 2.0.0-beta.2 contains multiple code-execution 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-56415 (Storage Concentrator (SC & SCVM) contains a command injection 
vulnerab ...)
        TODO: check
 CVE-2026-56413 (Storage Concentrator (SC & SCVM) contains a command injection 
vulnerab ...)
        TODO: check
 CVE-2026-56399 (Open WebUI before 0.6.27 contains a server-side request 
forgery vulner ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-56377 (ImageMagick before 7.1.2-24 contains an incorrect policy check 
that al ...)
        TODO: check
 CVE-2026-56369 (ImageMagick before 7.1.2-22 contains an information disclosure 
vulnera ...)
@@ -83,9 +83,9 @@ CVE-2026-56363 (ImageMagick before 7.1.2-22 contains a 
division by zero vulnerab
 CVE-2026-56361 (ImageMagick before 7.1.2-19 contains an off-by-one error in 
morphology ...)
        TODO: check
 CVE-2026-56356 (n8n contains a stored cross-site scripting vulnerability in 
the Chat T ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56350 (n8n before 2.8.0 contains an authentication bypass 
vulnerability allow ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56334 (Capgo before 12.128.2 lacks an UPDATE row-level security 
policy for th ...)
        NOT-FOR-US: Cap-go
 CVE-2026-56333 (Capgo before 12.128.2 contains a server-side validation bypass 
vulnera ...)
@@ -157,15 +157,15 @@ CVE-2026-54500 (Oj (Optimized JSON) is a JSON parser and 
Object marshaller packa
 CVE-2026-52868 (An unauthenticated attacker can read worklist records from a 
directory ...)
        TODO: check
 CVE-2026-52198 (Buffer Overflow vulnerability in UTT nv518G 
nv518GV3v3.2.7-210919-1613 ...)
-       TODO: check
+       NOT-FOR-US: UTT
 CVE-2026-52197 (An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a 
remote at ...)
-       TODO: check
+       NOT-FOR-US: UTT
 CVE-2026-52196 (Buffer Overflow vulnerability in UTT nv518G 
nv518GV3v3.2.7-210919-1613 ...)
-       TODO: check
+       NOT-FOR-US: UTT
 CVE-2026-52195 (Buffer Overflow vulnerability in UTT nv518G 
nv518GV3v3.2.7-210919-1613 ...)
-       TODO: check
+       NOT-FOR-US: UTT
 CVE-2026-52193 (Buffer Overflow vulnerability in UTT nv518G 
nv518GV3v3.2.7-210919-1613 ...)
-       TODO: check
+       NOT-FOR-US: UTT
 CVE-2026-50254 (An unauthenticated remote attacker can repeatedly send a 
single crafte ...)
        TODO: check
 CVE-2026-50110 (Storage Concentrator (SC & SCVM) contains hardcoded 
credentials for nu ...)
@@ -319,7 +319,7 @@ CVE-2026-10129 (IBM Langflow OSS 1.0.0 through 1.9.3 
contains a Server-Side Requ
 CVE-2026-10109 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is 
vulnerable ...)
        NOT-FOR-US: IBM
 CVE-2025-71381 (Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its 
CORS middl ...)
-       TODO: check
+       NOT-FOR-US: Hono
 CVE-2025-71374 (picklescan before 0.0.29 fails to detect the built-in python 
profile.P ...)
        NOT-FOR-US: picklescan
 CVE-2025-71371 (picklescan before 0.0.29 fails to detect malicious pickle 
files using  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806033c03a82f643af5216b926f022fe9c6bb2c3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806033c03a82f643af5216b926f022fe9c6bb2c3
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to