Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
83b92f9f by Salvatore Bonaccorso at 2026-07-16T09:31:24+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,43 +1,43 @@
 CVE-2026-63175 (PlaywrightCapture stored capture-specific configuration and 
runtime da ...)
-       TODO: check
+       NOT-FOR-US: PlaywrightCapture
 CVE-2026-62361 (listmonk is a standalone, self-hosted, newsletter and mailing 
list man ...)
-       TODO: check
+       NOT-FOR-US: listmonk
 CVE-2026-62355 (TDengine is an open source, time-series database optimized for 
Interne ...)
-       TODO: check
+       NOT-FOR-US: TDengine
 CVE-2026-62353 (TDengine is a time-series database optimized for Internet of 
Things de ...)
-       TODO: check
+       NOT-FOR-US: TDengine
 CVE-2026-62351 (TDengine is a time-series database optimized for Internet of 
Things de ...)
-       TODO: check
+       NOT-FOR-US: TDengine
 CVE-2026-62350 (TDengine is an open source, time-series database optimized for 
Interne ...)
-       TODO: check
+       NOT-FOR-US: TDengine
 CVE-2026-62349 (TDengine is an open source, time-series database optimized for 
Interne ...)
-       TODO: check
+       NOT-FOR-US: TDengine
 CVE-2026-62348 (TDengine is a time-series database optimized for Internet of 
Things de ...)
-       TODO: check
+       NOT-FOR-US: TDengine
 CVE-2026-62314 (Anubis is a Web AI Firewall Utility that challenges users' 
connections ...)
-       TODO: check
+       NOT-FOR-US: Anubis
 CVE-2026-62312 (9Router is an AI router & token saver. Prior to 0.5.2, 9Router 
allows  ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-59950 (The MCP Python SDK, called mcp on PyPI, is a Python 
implementation of  ...)
-       TODO: check
+       NOT-FOR-US: MCP Python SDK
 CVE-2026-56743 (Cilium is a networking, observability, and security solution. 
From 1.1 ...)
        TODO: check
 CVE-2026-56742 (Cilium is a networking, observability, and security solution. 
Prior to ...)
        TODO: check
 CVE-2026-56679 (9Router is an AI router & token saver. Prior to 0.5.4, the 
PATCH /api/ ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-56678 (9Router is an AI router & token saver. Prior to 0.5.6, the 
Kiro API-ke ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-55652 (Wekan is open source kanban built with Meteor. Prior to 9.46, 
header-l ...)
        TODO: check
 CVE-2026-55608 (n8n-MCP is an MCP server that provides AI assistants access to 
n8n nod ...)
        NOT-FOR-US: n8n
 CVE-2026-55576 (MaaAssistantArknights is a one-click tool for daily Arknights 
tasks. I ...)
-       TODO: check
+       NOT-FOR-US: MaaAssistantArknights
 CVE-2026-55445 (Qinglong is a timed task management platform supporting 
Python3, JavaS ...)
-       TODO: check
+       NOT-FOR-US: Qinglong
 CVE-2026-55410 (NocoBase is an AI-powered no-code/low-code platform for 
building busin ...)
-       TODO: check
+       NOT-FOR-US: NocoBase
 CVE-2026-55399 (CVE-2026-55399 is a resource exhaustion vulnerability in the 
Secure Ac ...)
        NOT-FOR-US: Absolute Software
 CVE-2026-55398 (CVE-2026-55398 is a memory management vulnerability in Secure 
Access c ...)
@@ -45,7 +45,7 @@ CVE-2026-55398 (CVE-2026-55398 is a memory management 
vulnerability in Secure Ac
 CVE-2026-55234 (Wekan is open source kanban built with Meteor. Prior to 9.37, 
Wekan DD ...)
        TODO: check
 CVE-2026-54458 (WWBN AVideo is an open source video platform. Versions prior 
to 29.0 c ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2026-54052 (n8n-MCP is an MCP server that provides AI assistants access to 
n8n nod ...)
        NOT-FOR-US: n8n
 CVE-2026-53447 (Wekan is open source kanban built with Meteor. Prior to 9.35, 
the Weka ...)
@@ -65,19 +65,19 @@ CVE-2026-52891 (Wekan is open source kanban built with 
Meteor. Prior to 9.07, We
 CVE-2026-52890 (Wekan is open source kanban built with Meteor. Prior to 9.31, 
Wekan al ...)
        TODO: check
 CVE-2026-52888 (NocoBase is an AI-powered no-code/low-code platform for 
building busin ...)
-       TODO: check
+       NOT-FOR-US: NocoBase
 CVE-2026-52887 (NocoBase is an AI-powered no-code/low-code platform for 
building busin ...)
-       TODO: check
+       NOT-FOR-US: NocoBase
 CVE-2026-52870 (The MCP Python SDK, called mcp on PyPI, is a Python 
implementation of  ...)
-       TODO: check
+       NOT-FOR-US: MCP Python SDK
 CVE-2026-52869 (The MCP Python SDK, called mcp on PyPI, is a Python 
implementation of  ...)
-       TODO: check
+       NOT-FOR-US: MCP Python SDK
 CVE-2026-51380 (Buffer Overflow vulnerability in Tenda AC10 v3 (firmware 
V03.03.16.09) ...)
        NOT-FOR-US: Tenda
 CVE-2026-50183 (WWBN AVideo is an open source video platform. Versions 29.0 
and below  ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2026-50182 (WWBN AVideo is an open source video platform. Versions prior 
to 29.0 c ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2026-50144 (ncnn is a high-performance neural network inference framework 
optimize ...)
        TODO: check
 CVE-2026-50124 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
@@ -433,23 +433,23 @@ CVE-2026-59762 (When an HTTP/2 profile is configured on a 
virtual server, undisc
 CVE-2026-59259 (n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a 
permission ...)
        NOT-FOR-US: n8n
 CVE-2026-59258 (immich before 3.0.3 contains a broken access control 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: immich
 CVE-2026-59255 (BloodHound through 9.4.0, fixed in commit 8f79035, contains a 
missing  ...)
-       TODO: check
+       NOT-FOR-US: BloodHound
 CVE-2026-59254 (n8n before 2.28.1 contains an information disclosure 
vulnerability whe ...)
        NOT-FOR-US: n8n
 CVE-2026-59236 (Authorization Bypass Through User-Controlled Key (CWE-639) in 
the Exce ...)
-       TODO: check
+       NOT-FOR-US: prospero-flow-crm
 CVE-2026-59235 (Missing Authorization (CWE-862) in BankAccountListController 
(app/Http ...)
-       TODO: check
+       NOT-FOR-US: prospero-flow-crm
 CVE-2026-58660 (Kanboard through 1.2.52, fixed in commit 564cc30, 
BoardAjaxController  ...)
        TODO: check
 CVE-2026-58659 (PyTorch Lightning through 2.6.5, fixed in commit d710d68, 
contains a r ...)
-       TODO: check
+       NOT-FOR-US: PyTorch Lightning
 CVE-2026-58658 (GPUStack through 2.2.1, fixed in commit 4e20551, contains an 
unauthent ...)
-       TODO: check
+       NOT-FOR-US: GPUStack
 CVE-2026-58655 (The bundled Grav Flex Objects plugin 
(getgrav/grav-plugin-flex-objects ...)
-       TODO: check
+       NOT-FOR-US: Grav Flex Objects plugin
 CVE-2026-58559 (DoS vulnerability in the vibration service.Impact: Successful 
exploita ...)
        NOT-FOR-US: Huawei
 CVE-2026-58558 (Permission control vulnerability in the file system.Impact: 
Successful ...)
@@ -475,7 +475,7 @@ CVE-2026-58549 (Out-of-bounds read vulnerability in the 
image codec module. Impa
 CVE-2026-58077 (The Joomla extension 4Analytics is vulnerable to an 
unauthenticated st ...)
        NOT-FOR-US: Joomla
 CVE-2026-57996 (phpMyFAQ before 4.1.5 contains a privilege escalation 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: phpMyFAQ
 CVE-2026-57833 (The Joomla extension 4Analytics is vulnerable to an 
unauthenticated st ...)
        NOT-FOR-US: Joomla
 CVE-2026-57832 (The Joomla extension EDocman is vulnerable to an 
unauthenticated SQL i ...)
@@ -485,17 +485,17 @@ CVE-2026-57831 (The Joomla extension DP Calendar is 
vulnerable to an unauthentic
 CVE-2026-57821 (A SQL Injection vulnerability exists in Apache Fineract's 
Office Searc ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-56764 (Hono before 4.11.10 contains a timing attack vulnerability in 
the basi ...)
-       TODO: check
+       NOT-FOR-US: Hono
 CVE-2026-56699 (Wazuh Manager before 5.0.0-beta3 fails to escape the 
DataValue.index f ...)
-       TODO: check
+       NOT-FOR-US: Wazuh Manager
 CVE-2026-56687 (Dell ThinOS 10, versions prior to 2605_10.2100, contain an 
Obsolete Fe ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-56434 (NGINX Plus and NGINX Open Source have a vulnerability in the 
ngx_http_ ...)
        TODO: check
 CVE-2026-56400 (open-webui before 0.3.14 contains a cross-origin resource 
sharing misc ...)
-       TODO: check
+       NOT-FOR-US: open-webui
 CVE-2026-56398 (Open WebUI before 0.9.5 contains a stored cross-site scripting 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-56375 (ImageMagick through 7.1.2-18 contains a memory leak 
vulnerability in t ...)
        TODO: check
 CVE-2026-56353 (n8n contains an authentication bypass in the Chat Trigger node 
when co ...)
@@ -505,7 +505,7 @@ CVE-2026-56352 (n8n before 2.19.3 contains a file path 
restriction bypass in the
 CVE-2026-56349 (n8n before version 2.10.0 contains an input validation 
vulnerability i ...)
        NOT-FOR-US: n8n
 CVE-2026-56339 (Capgo (Cap-go/capgo) before 12.128.2 contains an information 
disclosur ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56287 (A boolean-based SQL Injection vulnerability exists in Apache 
Fineract' ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-56087 (Dell ThinOS 10, versions prior to 2605_10.2100 contain a 
Protection Me ...)
@@ -513,15 +513,15 @@ CVE-2026-56087 (Dell ThinOS 10, versions prior to 
2605_10.2100 contain a Protect
 CVE-2026-55723 (When NGINX Ingress Controller is configured with Custom 
Resource Defin ...)
        NOT-FOR-US: F5
 CVE-2026-55242 (ERPNext is a free and open source Enterprise Resource Planning 
tool. P ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2026-54563 (Cloudreve is a self-hosted file management and sharing system. 
Prior t ...)
-       TODO: check
+       NOT-FOR-US: Cloudreve
 CVE-2026-54562 (Cloudreve is a self-hosted file management and sharing system. 
Prior t ...)
-       TODO: check
+       NOT-FOR-US: Cloudreve
 CVE-2026-54560 (Cloudreve is a self-hosted file management and sharing system. 
From 4. ...)
-       TODO: check
+       NOT-FOR-US: Cloudreve
 CVE-2026-54443 (Dashy is a self-hostable personal dashboard. From 1.9.4 until 
3.2.0, t ...)
-       TODO: check
+       NOT-FOR-US: Dashy
 CVE-2026-53518 (Better Auth is an authentication and authorization library for 
TypeScr ...)
        TODO: check
 CVE-2026-53517 (Better Auth is an authentication and authorization library for 
TypeScr ...)
@@ -539,9 +539,9 @@ CVE-2026-53512 (Better Auth is an authentication and 
authorization library for T
 CVE-2026-52865 (When NGINX Ingress Controller processes Ingress or 
TransportServer res ...)
        NOT-FOR-US: F5
 CVE-2026-52843 (Lightpanda is a headless browser designed for AI and 
automation. Prior ...)
-       TODO: check
+       NOT-FOR-US: Lightpanda
 CVE-2026-52842 (Lightpanda is a headless browser designed for AI and 
automation. Prior ...)
-       TODO: check
+       NOT-FOR-US: Lightpanda
 CVE-2026-50562 (FastGPT is a knowledge-based AI application platform. At 
commit 22ebfa ...)
        TODO: check
 CVE-2026-50148 (Metabase is an open-source business intelligence and embedded 
analytic ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b92f9fbba6c9f17dea7e57953b864be15e21d3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b92f9fbba6c9f17dea7e57953b864be15e21d3
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to