Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3ef4e51e by Salvatore Bonaccorso at 2026-07-09T10:26:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -78,9 +78,9 @@ CVE-2026-59804 (Midscene Bridge Server through 1.10.3, fixed 
in commit 86f4118,
 CVE-2026-59803 (rpcx through 1.9.3, fixed in commit 047aec1, contains a 
denial-of-serv ...)
        TODO: check
 CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI schemes in URL 
push paylo ...)
-       TODO: check
+       NOT-FOR-US: PasswordPusher
 CVE-2026-59723 (Cline is an autonomous coding agent as an SDK, IDE extension, 
or CLI a ...)
-       TODO: check
+       NOT-FOR-US: Cline
 CVE-2026-58525 (Improper access control in Microsoft Edge (Chromium-based) 
allows an u ...)
        NOT-FOR-US: Microsoft
 CVE-2026-58501 (Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, 
Settings.forbid ...)
@@ -88,9 +88,9 @@ CVE-2026-58501 (Zeep is a Python SOAP client. From 4.0.0 
before 4.3.3, Settings.
 CVE-2026-58494 (Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 
36.0.12, 45.0 ...)
        TODO: check
 CVE-2026-58192 (Appium is a cross-platform automation framework for all kinds 
of apps, ...)
-       TODO: check
+       NOT-FOR-US: Appium
 CVE-2026-58191 (Appium is a cross-platform automation framework for all kinds 
of apps, ...)
-       TODO: check
+       NOT-FOR-US: Appium
 CVE-2026-57481 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-57480 (Parse Server is an open source backend that can be deployed to 
any inf ...)
@@ -108,15 +108,15 @@ CVE-2026-55778 (Parse Server is an open source backend 
that can be deployed to a
 CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache 
templates wi ...)
        TODO: check
 CVE-2026-55596 (Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 
until 5 ...)
-       TODO: check
+       NOT-FOR-US: Plate
 CVE-2026-55575 (LiquidJS is a Shopify / GitHub Pages compatible template 
engine in pur ...)
-       TODO: check
+       NOT-FOR-US: LiquidJS
 CVE-2026-55542 (Snipe-IT is an IT asset/license management system. Prior to 
version 8. ...)
        TODO: check
 CVE-2026-55471 (HAPI FHIR is a complete implementation of the HL7 FHIR 
standard for he ...)
-       TODO: check
+       NOT-FOR-US: HAPI FHIR
 CVE-2026-55470 (HAPI FHIR is a complete implementation of the HL7 FHIR 
standard for he ...)
-       TODO: check
+       NOT-FOR-US: HAPI FHIR
 CVE-2026-55404 (yt-dlp and youtube-dl are command-line audio/video 
downloaders. Prior  ...)
        TODO: check
 CVE-2026-55206 (py7zr is a Python-based library and utility to support 7zip 
archive co ...)
@@ -124,31 +124,31 @@ CVE-2026-55206 (py7zr is a Python-based library and 
utility to support 7zip arch
 CVE-2026-55195 (py7zr is a Python-based library and utility to support 7zip 
archive co ...)
        TODO: check
 CVE-2026-54784 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54783 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54782 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54781 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54780 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54779 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54778 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54777 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54776 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54775 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54774 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54773 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54772 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2026-54591 (AsyncSSH is a Python package which provides an asynchronous 
client and ...)
        TODO: check
 CVE-2026-54590 (AsyncSSH is a Python package which provides an asynchronous 
client and ...)
@@ -532,7 +532,7 @@ CVE-2026-59703 (repomix contains a local file inclusion 
vulnerability in the git
 CVE-2026-59702 (repomix contains a server-side request forgery vulnerability 
in the PO ...)
        NOT-FOR-US: repomix
 CVE-2026-59262 (AFFiNE's histories GraphQL field fails to validate Doc.Read 
permission ...)
-       TODO: check
+       NOT-FOR-US: AFFiNE
 CVE-2026-59261 (OpenClaw before 2026.5.28 contains a credential exposure 
vulnerability ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-59257 (n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 
2.28.1 conta ...)
@@ -614,41 +614,41 @@ CVE-2026-56362 (ImageMagick before 7.1.2-15 contains a 
heap-buffer-overflow read
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77
        TODO: chedk fixing commit
 CVE-2026-56360 (n8n before versions 1.123.18 and 2.6.2 fails to verify 
HMAC-SHA256 sig ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56359 (n8n before 2.8.0 contains a cross-site scripting vulnerability 
in the  ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56298 (Capgo before 12.128.2 fails to strip EXIF metadata from images 
uploade ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56297 (FreeRDP before 3.22.0 contains a use-after-free vulnerability 
in dvcma ...)
        TODO: check
 CVE-2026-56293 (Capgo before 12.128.2 contains an authorization flaw in 
transfer_app() ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56284 (Capgo (Cap-go/capgo) before 12.128.2 contains an information 
disclosur ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56283 (Capgo before 12.128.2 contains an html injection vulnerability 
in the  ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56273 (Flowise before 3.1.0 contains a path traversal vulnerability 
in Faiss  ...)
        NOT-FOR-US: Flowise
 CVE-2026-56250 (Capgo before 12.128.2 allows upload-scoped API keys to modify 
the muta ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56246 (Capgo before 12.128.2 contains a broken access control 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56226 (Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase 
PostgREST RP ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56220 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56217 (Capgo before 12.128.2 contains a policy bypass vulnerability 
in app_ve ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56086 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, 
LTS2026 r ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-55874 (SeaweedFS is a distributed storage system. Prior to 4.34, the 
S3 API g ...)
-       TODO: check
+       NOT-FOR-US: SeaweedFS
 CVE-2026-55873 (SeaweedFS is a distributed storage system. In versions 4.08 
through 4. ...)
-       TODO: check
+       NOT-FOR-US: SeaweedFS
 CVE-2026-55761 (Portainer Community Edition is a lightweight service delivery 
platform ...)
        TODO: check
 CVE-2026-55668 (File Browser provides a web file managing interface. Prior to 
2.63.16, ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-54652 (Frigate is an open source network video recorder. In version 
0.17.1, t ...)
        TODO: check
 CVE-2026-54344 (ToolJet is an open-source low-code platform for building 
internal tool ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ef4e51e5f95cb0a2567444fd683edbc997b9157

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ef4e51e5f95cb0a2567444fd683edbc997b9157
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to