Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5442dbe5 by Salvatore Bonaccorso at 2026-07-16T15:39:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -79,7 +79,7 @@ CVE-2026-50183 (WWBN AVideo is an open source video platform.
Versions 29.0 and
CVE-2026-50182 (WWBN AVideo is an open source video platform. Versions prior
to 29.0 c ...)
NOT-FOR-US: WWBN AVideo
CVE-2026-50144 (ncnn is a high-performance neural network inference framework
optimize ...)
- TODO: check
+ NOT-FOR-US: ncnn
CVE-2026-50124 (DataEase is an open source data visualization and analysis
tool. Prior ...)
NOT-FOR-US: DataEase
CVE-2026-50030 (DataEase is an open source data visualization and analysis
tool. Prior ...)
@@ -89,13 +89,13 @@ CVE-2026-49867 (DataEase is an open source data
visualization and analysis tool.
CVE-2026-49445 (Cilium is a networking, observability, and security solution.
Prior to ...)
TODO: check
CVE-2026-49353 (9Router is an AI router & token saver. In 0.4.45 and earlier,
9Router' ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-49352 (9Router is an AI router & token saver. From 0.2.21 until
0.4.44, 9Rout ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-49279 (WWBN AVideo is an open source video platform. Versions 29.0
and below ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-48795 (AdonisJS is a TypeScript-first web framework. From 10.1.3
until 10.1.5 ...)
- TODO: check
+ NOT-FOR-US: AdonisJS
CVE-2026-46684 (DataEase is an open source data visualization and analysis
tool. Prior ...)
NOT-FOR-US: DataEase
CVE-2026-46421 (The SAP Cloud Application Programming Model is a tool for
building ent ...)
@@ -526,19 +526,19 @@ CVE-2026-54560 (Cloudreve is a self-hosted file
management and sharing system. F
CVE-2026-54443 (Dashy is a self-hostable personal dashboard. From 1.9.4 until
3.2.0, t ...)
NOT-FOR-US: Dashy
CVE-2026-53518 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-53517 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-53516 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-53515 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-53514 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-53513 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-53512 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-52865 (When NGINX Ingress Controller processes Ingress or
TransportServer res ...)
NOT-FOR-US: F5
CVE-2026-52843 (Lightpanda is a headless browser designed for AI and
automation. Prior ...)
@@ -546,23 +546,23 @@ CVE-2026-52843 (Lightpanda is a headless browser designed
for AI and automation.
CVE-2026-52842 (Lightpanda is a headless browser designed for AI and
automation. Prior ...)
NOT-FOR-US: Lightpanda
CVE-2026-50562 (FastGPT is a knowledge-based AI application platform. At
commit 22ebfa ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2026-50148 (Metabase is an open-source business intelligence and embedded
analytic ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2026-50147 (Metabase is an open-source business intelligence and embedded
analytic ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2026-49997 (SurrealDB is a scalable, distributed, collaborative,
document-graph da ...)
- TODO: check
+ NOT-FOR-US: SurrealDB
CVE-2026-49988 (Repomix is a tool that packs repositories into AI-friendly
files. Prio ...)
- TODO: check
+ NOT-FOR-US: Repomix
CVE-2026-49987 (Repomix is a tool that packs repositories into AI-friendly
files. Prio ...)
- TODO: check
+ NOT-FOR-US: Repomix
CVE-2026-49501 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and
versions ...)
NOT-FOR-US: Dell / EMC
CVE-2026-48799 (Postiz is an AI social media scheduling tool. Prior to 2.21.8,
Postiz ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-47703 (AdGuard Home is a network-wide software for blocking ads and
tracking. ...)
- TODO: check
+ NOT-FOR-US: AdGuard Home
CVE-2026-47164 (Vaultwarden is a Bitwarden-compatible server written in Rust.
Prior to ...)
TODO: check
CVE-2026-47160 (Vaultwarden is a Bitwarden-compatible server written in Rust.
Prior to ...)
@@ -1303,7 +1303,7 @@ CVE-2026-54983 (Stack-based buffer overflow in Active
Directory Federation Servi
CVE-2026-54982 (Integer underflow (wrap or wraparound) in Reliable Multicast
Transport ...)
NOT-FOR-US: Microsoft
CVE-2026-54684 (jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a
malicious .xa ...)
- TODO: check
+ NOT-FOR-US: jadx
CVE-2026-54572 (Rclone is a command-line program to sync files and directories
to and ...)
- rclone <unfixed>
NOTE:
https://github.com/rclone/rclone/security/advisories/GHSA-cf44-9pgv-m4xc
@@ -1380,9 +1380,9 @@ CVE-2026-52101 (An issue in andreimarcu linux-server
v.1.0 through v.2.3.8 allow
CVE-2026-52100 (Cross Site Request Forgery vulnerability in andreimarcu
linux-server v ...)
NOT-FOR-US: andreimarcu linux-server
CVE-2026-51808 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before
allows ...)
- TODO: check
+ NOT-FOR-US: OpenHTJ2K
CVE-2026-51807 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before
allows ...)
- TODO: check
+ NOT-FOR-US: OpenHTJ2K
CVE-2026-51105 (Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3
allows a ...)
TODO: check
CVE-2026-50697 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
@@ -1904,7 +1904,7 @@ CVE-2026-50294 (Exposure of sensitive system information
to an unauthorized cont
CVE-2026-50293 (Use after free in Windows Internal Task Bar allows an
authorized attac ...)
NOT-FOR-US: Microsoft
CVE-2026-50130 (Pi-hole is a DNS sinkhole that protects devices from unwanted
content ...)
- TODO: check
+ NOT-FOR-US: Pi-hole
CVE-2026-4018 (TOCTOU Race Condition in specific trace commands of the
TraceEvent() s ...)
NOT-FOR-US: Blackberry
CVE-2026-4017 (Buffer Overflow in the entry handler of the TraceEvent() system
call c ...)
@@ -2026,13 +2026,13 @@ CVE-2026-49164 (Heap-based buffer overflow in Active
Directory Domain Services a
CVE-2026-49162 (Use after free in Microsoft Brokering File System allows an
authorized ...)
NOT-FOR-US: Microsoft
CVE-2026-48816 (sigstore-js provides JavaScript libraries for interacting with
Sigstor ...)
- TODO: check
+ NOT-FOR-US: sigstore-js
CVE-2026-48815 (sigstore-js provides JavaScript libraries for interacting with
Sigstor ...)
- TODO: check
+ NOT-FOR-US: sigstore-js
CVE-2026-48801 (linkify-it is a links recognition library with full Unicode
support. P ...)
TODO: check
CVE-2026-48758 (sigstore-js provides JavaScript libraries for interacting with
Sigstor ...)
- TODO: check
+ NOT-FOR-US: sigstore-js
CVE-2026-48581 (Insufficient granularity of access control in Microsoft
Surface allows ...)
NOT-FOR-US: Microsoft
CVE-2026-48580 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
@@ -2190,11 +2190,11 @@ CVE-2026-48252 (Adobe Experience Manager is affected by
a Missing Authentication
CVE-2026-48125 (UAParser.js is a JavaScript library to detect browsers,
operating syst ...)
TODO: check
CVE-2026-48069 (@grpc/grps-js implements the core functionality of gRPC purely
in Java ...)
- TODO: check
+ NOT-FOR-US: @grpc/grps-js
CVE-2026-48068 (@grpc/grps-js implements the core functionality of gRPC purely
in Java ...)
- TODO: check
+ NOT-FOR-US: @grpc/grps-js
CVE-2026-48038 (joi is a schema description language and data validator for
JavaScript ...)
- TODO: check
+ NOT-FOR-US: hapijs/joi
CVE-2026-48001 (Adobe Commerce is affected by an Information Exposure
vulnerability th ...)
NOT-FOR-US: Adobe
CVE-2026-48000 (Adobe Commerce is affected by an Improper Redirect (Open
Redirect) vul ...)
@@ -2264,9 +2264,9 @@ CVE-2026-47471 (NVIDIA TensorRT-LLM for any platform
contains a vulnerability in
CVE-2026-47470 (NVIDIA TensorRT-LLM for any platform contains a vulnerability
in the g ...)
NOT-FOR-US: NVIDIA
CVE-2026-47429 (Vitest is a testing framework powered by Vite. Prior to 3.2.5
and 4.1. ...)
- TODO: check
+ NOT-FOR-US: Vitest
CVE-2026-47428 (Vitest is a testing framework powered by Vite. From 4.0.17
until 4.1.6 ...)
- TODO: check
+ NOT-FOR-US: Vitest
CVE-2026-47423 (DOMPurify is a DOM-only cross-site scripting sanitizer for
HTML, MathM ...)
TODO: check
CVE-2026-47305 (Protection mechanism failure in Visual Studio allows an
unauthorized a ...)
@@ -5179,7 +5179,7 @@ CVE-2026-55849 (@cyclonedx/cyclonedx-npm creates
CycloneDX Software Bill of Mate
CVE-2026-55778 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache
templates wi ...)
- TODO: check
+ NOT-FOR-US: Handlebars.java
CVE-2026-55596 (Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0
until 5 ...)
NOT-FOR-US: Plate
CVE-2026-55575 (LiquidJS is a Shopify / GitHub Pages compatible template
engine in pur ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5442dbe592a753d8569473c9b1d69d3dced70a5e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5442dbe592a753d8569473c9b1d69d3dced70a5e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits