[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 3 08:48:41 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6625eb0 by Salvatore Bonaccorso at 2026-06-03T09:48:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,15 +22,15 @@ CVE-2026-50031 (ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overfl
 	NOTE: https://savannah.gnu.org/bugs/index.php?68364
 	NOTE: https://lists.gnu.org/archive/html/info-gnu/2026-06/msg00000.html
 CVE-2026-49448 (authentik is an open-source identity provider. Prior to versions 2025. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2026-49443 (authentik is an open-source identity provider. Prior to versions 2025. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2026-49144 (BrowserStack Runner through 0.9.5 contains a path traversal vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: BrowserStack Runner
 CVE-2026-49143 (BrowserStack Runner through 0.9.5 contains a remote code execution vul ...)
-	TODO: check
+	NOT-FOR-US: BrowserStack Runner
 CVE-2026-49120 (Medplum before 5.1.14 contains a server-side request forgery vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Medplum
 CVE-2026-48682 (FastNetMon Community Edition through 1.2.9 contains an out-of-bounds r ...)
 	TODO: check
 CVE-2026-48598 (Improper Encoding or Escaping of Output vulnerability in elixir-tesla  ...)
@@ -46,59 +46,59 @@ CVE-2026-48594 (Improper Handling of Highly Compressed Data (Data Amplification)
 CVE-2026-47265 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	TODO: check
 CVE-2026-47201 (authentik is an open-source identity provider. Prior to versions 2025. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2026-45289 (CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edit ...)
-	TODO: check
+	NOT-FOR-US: CloudburstMC Protocol
 CVE-2026-44654 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-44653 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-42849 (authentik is an open-source identity provider. Prior to versions 2025. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2026-42342 (React Router is a router for React. In versions 7.0.0 through 7.14.x o ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-42211 (React Router is a router for React. In versions 7.0.0 through 7.14.1,  ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-42029
 	REJECTED
 CVE-2026-41577 (authentik is an open-source identity provider. Prior to versions 2025. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2026-41569 (authentik is an open-source identity provider. Prior to version 2026.2 ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2026-41412 (alf.io is an open source ticket reservation system for conferences, tr ...)
-	TODO: check
+	NOT-FOR-US: Alf.io
 CVE-2026-40181 (React Router is a router for React. In versions 7.0.0 through 7.14.0 a ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-40108 (GLPI is a free asset and IT management software package. In versions 1 ...)
 	TODO: check
 CVE-2026-38967 (CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header inje ...)
-	TODO: check
+	NOT-FOR-US: CrowCpp Crow
 CVE-2026-35482 (alf.io is an open source ticket reservation system for conferences, tr ...)
-	TODO: check
+	NOT-FOR-US: Alf.io
 CVE-2026-35212 (OpenCTI is an open source platform for managing cyber threat intellige ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2026-35202 (Pterodactyl is a free, open-source game server management panel. Prior ...)
-	TODO: check
+	NOT-FOR-US: Pterodactyl
 CVE-2026-35049 (wire-ios is an iOS client for the Wire secure messaging application. P ...)
-	TODO: check
+	NOT-FOR-US: wire-ios
 CVE-2026-34993 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	TODO: check
 CVE-2026-34077 (React Router is a router for React. In versions 7.7.0 through 7.13.1,  ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-33553 (Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 befo ...)
 	TODO: check
 CVE-2026-33245 (React Router is a router for React. In versions 7.7.0 through 7.13.1,  ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-32625 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-31942 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-30586 (Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: usememos
 CVE-2026-28299 (SolarWinds Web Help Desk is found to be affected by a denial-of-servic ...)
 	NOT-FOR-US: SolarWinds
 CVE-2026-25861 (QloApps through 1.7.0, fixed in commit 64e9722, contains a weak crypto ...)
-	TODO: check
+	NOT-FOR-US: QloApps
 CVE-2026-1829 (The Content Visibility for Divi Builder plugin for WordPress is vulner ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-10719 (Out of bounds write in openSeaChest\u2019s --showSupportedFormats in S ...)
@@ -336,7 +336,7 @@ CVE-2026-40314 (NamelessMC is website software for Minecraft servers. In version
 CVE-2026-3620 (The Word Replacer plugin for WordPress is vulnerable to Stored Cross-S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3514 (In version 3.6.19 of prefecthq/prefect, an authentication bypass vulne ...)
-	TODO: check
+	NOT-FOR-US: prefecthq/prefect
 CVE-2026-39555 (Deserialization of Untrusted Data vulnerability in Elated-Themes Askka ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-39553 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -371,17 +371,17 @@ CVE-2026-34460 (NamelessMC is website software for Minecraft servers. In version
 CVE-2026-33398 (NamelessMC is website software for Minecraft servers. In version 2.2.4 ...)
 	NOT-FOR-US: NamelessMC
 CVE-2026-33244 (React Router is a router for React. In versions 7.5.1 through 7.13.1,  ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-32685 (Path traversal vulnerability in Gleam's handling of custom documentati ...)
 	TODO: check
 CVE-2026-32250 (NamelessMC is website software for Minecraft servers. A Reflected Cros ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2026-30652 (A remote buffer overflow vulnerability exists in the /cgi-bin/dido/set ...)
-	TODO: check
+	NOT-FOR-US: Vivotek
 CVE-2026-30650 (A post-authentication remote buffer overflow vulnerability exists in t ...)
-	TODO: check
+	NOT-FOR-US: Vivotek
 CVE-2026-30649 (Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows  ...)
-	TODO: check
+	NOT-FOR-US: Vivotek
 CVE-2026-2425 (The hiWeb Migration Simple plugin for WordPress is vulnerable to Refle ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2382 (The FPW Category Thumbnails plugin for WordPress is vulnerable to Stor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6625eb0521b2fadd823f9eae0395051a73f898e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6625eb0521b2fadd823f9eae0395051a73f898e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260603/68c591e9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list