[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 13 09:02:17 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85073f23 by Salvatore Bonaccorso at 2026-06-13T10:01:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,13 +35,13 @@ CVE-2026-54358 (An incorrect authorization vulnerability in MISP allows an organ
CVE-2026-54357 (An improper authorization vulnerability in MISP allowed an authenticat ...)
NOT-FOR-US: MISP
CVE-2026-54231 (A content injection vulnerability was found in the ABRT post-create ev ...)
- TODO: check
+ NOT-FOR-US: abrt/libreport
CVE-2026-54230 (A symlink following vulnerability was found in the ABRT post-create ev ...)
- TODO: check
+ NOT-FOR-US: abrt/libreport
CVE-2026-54229 (A race condition was found in the abrt-dbus D-Bus service's ChownProbl ...)
- TODO: check
+ NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2026-54228 (A time-of-check time-of-use (TOCTOU) race condition was found in the a ...)
- TODO: check
+ NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2026-54095
REJECTED
CVE-2026-54057 (Kitty is a cross-platform GPU based terminal. In versions prior to 0.4 ...)
@@ -51,9 +51,9 @@ CVE-2026-54056 (Kitty is a cross-platform GPU based terminal. In versions 0.47.0
CVE-2026-54055 (Kitty is a cross-platform GPU based terminal. In versions prior to 0.4 ...)
TODO: check
CVE-2026-53868 (Capgo before 12.128.2 contains a denial of service vulnerability allow ...)
- TODO: check
+ NOT-FOR-US: Capgo
CVE-2026-53867 (Capgo before 12.128.2 fails to delete previously uploaded profile imag ...)
- TODO: check
+ NOT-FOR-US: Capgo
CVE-2026-53839 (OpenClaw before 2026.5.7 contains a hostname validation vulnerability ...)
NOT-FOR-US: OpenClaw
CVE-2026-53838 (OpenClaw before 2026.5.27 contains a state mutation vulnerability in n ...)
@@ -95,65 +95,65 @@ CVE-2026-53821 (OpenClaw before 2026.5.18 accepts WebSocket client-declared oper
CVE-2026-53820 (OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerabili ...)
NOT-FOR-US: OpenClaw
CVE-2026-53609 (ApostropheCMS is an open-source Node.js content management system. In ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-53608 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-53607 (ApostropheCMS is an open-source Node.js content management system. In ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-53606 (ApostropheCMS is an open-source Node.js content management system, and ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-53523 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-53522 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-53521 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-53520 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-53519 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-50552 (Koel is a free, open-source music streaming solution. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Koel
CVE-2026-50287 (AgenticMail gives AI agents real email addresses and phone numbers. Pr ...)
- TODO: check
+ NOT-FOR-US: AgenticMail
CVE-2026-4870 (IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger ...)
NOT-FOR-US: IBM
CVE-2026-49397 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-49396 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-48119 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-47268 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-47264 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-47263 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-47260 (Koel is a free, open-source music streaming solution. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Koel
CVE-2026-47124 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-47120 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-46717 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-46716 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-45775 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-45085 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-45014 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-45013 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-45012 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-45011 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-44990 (ApostropheCMS is an open-source Node.js content management system, and ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-44786 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-44785 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
@@ -169,17 +169,17 @@ CVE-2026-44780 (Discourse is an open-source discussion platform. From versions 2
CVE-2026-44779 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-43872 (Actual is an open-source personal finance application. Prior to versio ...)
- TODO: check
+ NOT-FOR-US: Actual
CVE-2026-42890 (Actual is an open-source personal finance application. In the macOS de ...)
- TODO: check
+ NOT-FOR-US: Actual
CVE-2026-42853 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-42851 (Kitty is a cross-platform GPU based terminal. In versions prior to 0.4 ...)
TODO: check
CVE-2026-42850 (Kitty is a cross-platform GPU based terminal. In versions prior to 0.4 ...)
TODO: check
CVE-2026-42604 (Actual is a local-first personal finance tool. The `POST /openid/confi ...)
- TODO: check
+ NOT-FOR-US: Actual
CVE-2026-41158 (Software installed and run as a non-privileged user may conduct GPU sy ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-41157 (A web page that contains unusual WebGPU content loaded into the GPU GL ...)
@@ -199,43 +199,43 @@ CVE-2026-12129 (A vulnerability was identified in CodeAstro Human Resource Manag
CVE-2026-12089 (The LWS Optimize \u2013 All-in-One Speed Booster & Cache Tools plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12068 (Information disclosure vulnerability in Avira Password Manager when us ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2026-11769 (We have released version 5.24.0 of the Grafana Operator. This patch in ...)
TODO: check
CVE-2026-11443 (Allegra downloadAttachment Cross-Site Scripting Authentication Bypass ...)
- TODO: check
+ NOT-FOR-US: Allegra
CVE-2026-11442 (Allegra exportReport Directory Traversal Information Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Allegra
CVE-2025-9033 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-9032 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7019 (Stack overflow vulnerability in Avast Antivirus when scanning a malfor ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7018 (Null pointer dereference vulnerability in Avira Antivirus engine when ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7017 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7011 (Heap out-of-bounds read vulnerability in Avast Antivirus when scanning ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7010 (Stack overflow vulnerability due to uncontrolled recursion in Avast An ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7009 (Heap buffer out-of-bounds read vulnerability in Avast Antivirus when s ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7008 (Heap buffer out-of-bounds read vulnerability in Avast Antivirus when s ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7006 (Use of stack memory after free vulnerability in Avast Antivirus when s ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7005 (Uncontrolled recursion vulnerability in Avast Antivirus when scanning ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7004 (Heap buffer out-of-bounds write vulnerability in Avast Antivirus when ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7003 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7002 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-14098 (Heap buffer out-of-bounds write vulnerability due to integer overflow ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2026-XXXX [RUSTSEC-2026-0172]
- rust-diesel <unfixed> (bug #1139877)
[trixie] - rust-diesel <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85073f2311753bf6fe62f9e853deacb1b51a048b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85073f2311753bf6fe62f9e853deacb1b51a048b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260613/21de1d92/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list