Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
806033c0 by Salvatore Bonaccorso at 2026-07-01T09:45:15+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,17 +41,17 @@ CVE-2026-58519 (Improper neutralization of input during web
page generation ('cr
CVE-2026-58518 (Cross-Site request forgery (CSRF) vulnerability in The
Wikimedia Found ...)
TODO: check
CVE-2026-58450 (Invoice Ninja through 5.13.26 contains an open redirect
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Invoice Ninja
CVE-2026-58449 (txtai through 9.10.0, fixed in commit 11b32da, exposes an API
/reindex ...)
- TODO: check
+ NOT-FOR-US: txtai
CVE-2026-58448 (yudao-cloud before 2026.06 contains a broken access control
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: yudao-cloud
CVE-2026-58447 (Invidious through 2.20260626.0, fixed in commit 77ad416,
contains a br ...)
- TODO: check
+ NOT-FOR-US: Invidious
CVE-2026-58446 (Presenton before 0.8.8-beta bundles an MCP server that, on
server/Dock ...)
- TODO: check
+ NOT-FOR-US: Presenton
CVE-2026-57995 (phpMyFAQ before 4.1.5 contains a privilege escalation
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-57963 (An attacker who can send HTML chat messages (via Matrix or
XMPP) can i ...)
TODO: check
CVE-2026-57962 (A malicious LDAP server, which a Thunderbird user is
configured to que ...)
@@ -61,15 +61,15 @@ CVE-2026-57585 (MessagePack is the serializer
implementation for Python msgpack.
CVE-2026-57204 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.13 ...)
TODO: check
CVE-2026-56777 (n8n before 2.25.7 and 2.26.x before 2.26.2 contains an
abstract syntax ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56700 (Grav CMS before 2.0.0-beta.2 contains multiple code-execution
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-56415 (Storage Concentrator (SC & SCVM) contains a command injection
vulnerab ...)
TODO: check
CVE-2026-56413 (Storage Concentrator (SC & SCVM) contains a command injection
vulnerab ...)
TODO: check
CVE-2026-56399 (Open WebUI before 0.6.27 contains a server-side request
forgery vulner ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-56377 (ImageMagick before 7.1.2-24 contains an incorrect policy check
that al ...)
TODO: check
CVE-2026-56369 (ImageMagick before 7.1.2-22 contains an information disclosure
vulnera ...)
@@ -83,9 +83,9 @@ CVE-2026-56363 (ImageMagick before 7.1.2-22 contains a
division by zero vulnerab
CVE-2026-56361 (ImageMagick before 7.1.2-19 contains an off-by-one error in
morphology ...)
TODO: check
CVE-2026-56356 (n8n contains a stored cross-site scripting vulnerability in
the Chat T ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56350 (n8n before 2.8.0 contains an authentication bypass
vulnerability allow ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56334 (Capgo before 12.128.2 lacks an UPDATE row-level security
policy for th ...)
NOT-FOR-US: Cap-go
CVE-2026-56333 (Capgo before 12.128.2 contains a server-side validation bypass
vulnera ...)
@@ -157,15 +157,15 @@ CVE-2026-54500 (Oj (Optimized JSON) is a JSON parser and
Object marshaller packa
CVE-2026-52868 (An unauthenticated attacker can read worklist records from a
directory ...)
TODO: check
CVE-2026-52198 (Buffer Overflow vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-1613 ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2026-52197 (An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a
remote at ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2026-52196 (Buffer Overflow vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-1613 ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2026-52195 (Buffer Overflow vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-1613 ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2026-52193 (Buffer Overflow vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-1613 ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2026-50254 (An unauthenticated remote attacker can repeatedly send a
single crafte ...)
TODO: check
CVE-2026-50110 (Storage Concentrator (SC & SCVM) contains hardcoded
credentials for nu ...)
@@ -319,7 +319,7 @@ CVE-2026-10129 (IBM Langflow OSS 1.0.0 through 1.9.3
contains a Server-Side Requ
CVE-2026-10109 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
NOT-FOR-US: IBM
CVE-2025-71381 (Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its
CORS middl ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2025-71374 (picklescan before 0.0.29 fails to detect the built-in python
profile.P ...)
NOT-FOR-US: picklescan
CVE-2025-71371 (picklescan before 0.0.29 fails to detect malicious pickle
files using ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806033c03a82f643af5216b926f022fe9c6bb2c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806033c03a82f643af5216b926f022fe9c6bb2c3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits