Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
376fae58 by Salvatore Bonaccorso at 2026-07-10T11:35:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2026-58123 (Hermes WebUI before 0.51.788 contains an
unauthenticated remote
CVE-2026-58122 (Hermes WebUI before 0.51.307 contains an authentication bypass
vulnera ...)
NOT-FOR-US: Hermes WebUI
CVE-2026-57501 (Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance
and spl ...)
- TODO: check
+ NOT-FOR-US: Zen
CVE-2026-57054 (A Use of Incorrectly-Resolved Name or Reference vulnerability
in the U ...)
NOT-FOR-US: Juniper
CVE-2026-57032 (An Improper Handling of Undefined Parameters vulnerability in
the pack ...)
@@ -73,33 +73,33 @@ CVE-2026-57020 (An Improper Check for Unusual or
Exceptional Conditions vulnerab
CVE-2026-57019 (An Improper Validation of Specified Quantity in Input
vulnerability in ...)
NOT-FOR-US: Juniper
CVE-2026-55865 (Python Liquid is a Python engine for the Liquid template
language. Pri ...)
- TODO: check
+ NOT-FOR-US: Python Liquid
CVE-2026-55689 (OpenFGA is an authorization/permission engine built for
developers. Pr ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2026-55616
REJECTED
CVE-2026-55615 (Langroid is a framework for building
large-language-model-powered appl ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2026-55605 (DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting
in vers ...)
- TODO: check
+ NOT-FOR-US: DeepSeek MCP Server
CVE-2026-55604 (DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting
in vers ...)
- TODO: check
+ NOT-FOR-US: DeepSeek MCP Server
CVE-2026-55424 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
NOT-FOR-US: Discourse
CVE-2026-55212 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-55208 (Pimcore Studio Backend Bundle is the backend bundle for
Pimcore Studio ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-55207 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-55170 (OpenFGA is an authorization/permission engine built for
developers. Pr ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2026-54771 (Langroid is a framework for building
large-language-model-powered appl ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2026-54769 (Langroid is a framework for building
large-language-model-powered appl ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2026-54760 (Langroid is a framework for building
large-language-model-powered appl ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2026-53963 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
NOT-FOR-US: Discourse
CVE-2026-53962 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
@@ -107,17 +107,17 @@ CVE-2026-53962 (Discourse is an open-source discussion
platform. Prior to 2026.6
CVE-2026-53961 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
NOT-FOR-US: Discourse
CVE-2026-51926 (An issue in docuForm GmbH FSM Client v.11.11c allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2026-51925 (A Local File Inclusion (LFI) vulnerability exists in docuForm
GmbH Cli ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2026-51924 (An issue in docuForm GmbH Client v.11.11c allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2026-51923 (An Insecure Direct Object Reference (IDOR) vulnerability
exists in doc ...)
- TODO: check
+ NOT-FOR-US: docuForm
CVE-2026-50181 (Langroid is a framework for building
large-language-model-powered appl ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2026-50180 (Langroid is a framework for building
large-language-model-powered appl ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2026-49256 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
NOT-FOR-US: Discourse
CVE-2026-46413 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
@@ -852,7 +852,7 @@ CVE-2026-53624 (Fiber is an Express inspired web framework
written in Go. Prior
CVE-2026-52200 (An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows
a remot ...)
NOT-FOR-US: Generic OEM UZ801_v2.1 4G LTE Router
CVE-2026-51535 (In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion
(Denial of Ser ...)
- TODO: check
+ NOT-FOR-US: OpENer
CVE-2026-49866 (libp2p is a JavaScript Implementation of libp2p networking
stack. Prio ...)
TODO: check
CVE-2026-48492 (Snipe-IT is an IT asset/license management system. Prior to
version 8. ...)
@@ -1359,17 +1359,17 @@ CVE-2026-55874 (SeaweedFS is a distributed storage
system. Prior to 4.34, the S3
CVE-2026-55873 (SeaweedFS is a distributed storage system. In versions 4.08
through 4. ...)
NOT-FOR-US: SeaweedFS
CVE-2026-55761 (Portainer Community Edition is a lightweight service delivery
platform ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2026-55668 (File Browser provides a web file managing interface. Prior to
2.63.16, ...)
NOT-FOR-US: File Browser
CVE-2026-54652 (Frigate is an open source network video recorder. In version
0.17.1, t ...)
- TODO: check
+ NOT-FOR-US: Frigate
CVE-2026-54344 (ToolJet is an open-source low-code platform for building
internal tool ...)
- TODO: check
+ NOT-FOR-US: ToolJet
CVE-2026-54061 (Dgraph is an open source distributed GraphQL database. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Dgraph
CVE-2026-53951 (Copier is a library and CLI app for rendering project
templates. In ve ...)
- TODO: check
+ NOT-FOR-US: Copier is a library and CLI app
CVE-2026-53482 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
NOT-FOR-US: Dell / EMC
CVE-2026-53480 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/376fae588e53e4452ca844f5bb44cd6891d7baff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/376fae588e53e4452ca844f5bb44cd6891d7baff
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits