[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 18 08:44:55 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4899cbc1 by Moritz Muehlenhoff at 2026-06-18T09:44:39+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,19 +7,19 @@ CVE-2026-8050 (In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOC
 CVE-2026-8049 (In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object ...)
 	TODO: check
 CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb9 ...)
-	TODO: check
+	NOT-FOR-US: Nur-Alam39 bus-ticket
 CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly v ...)
 	TODO: check
 CVE-2026-55201 (Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path trave ...)
-	TODO: check
+	NOT-FOR-US: Evil-WinRM
 CVE-2026-55200 (libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bou ...)
 	TODO: check
 CVE-2026-55199 (libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authen ...)
 	TODO: check
 CVE-2026-54533 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
-	TODO: check
+	NOT-FOR-US: vantage6
 CVE-2026-54445 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
-	TODO: check
+	NOT-FOR-US: vantage6
 CVE-2026-54388 (Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject req ...)
 	TODO: check
 CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile  ...)
@@ -29,19 +29,19 @@ CVE-2026-54386 (marimo before 0.23.9 contains a reflected cross-site scripting v
 CVE-2026-53676 (ThingsBoard contains a prototype pollution vulnerability which may lea ...)
 	TODO: check
 CVE-2026-50268 (Steeltoe is an open source project that provides a collection of libra ...)
-	TODO: check
+	NOT-FOR-US: Steeltoe
 CVE-2026-50267 (Steeltoe is an open source project that provides a collection of libra ...)
-	TODO: check
+	NOT-FOR-US: Steeltoe
 CVE-2026-50202 (Steeltoe is an open source project that provides a collection of libra ...)
-	TODO: check
+	NOT-FOR-US: Steeltoe
 CVE-2026-50201 (Steeltoe is an open source project that provides a collection of libra ...)
-	TODO: check
+	NOT-FOR-US: Steeltoe
 CVE-2026-50200 (Steeltoe is an open source project that provides a collection of libra ...)
-	TODO: check
+	NOT-FOR-US: Steeltoe
 CVE-2026-50196 (Steeltoe is an open source project that provides a collection of libra ...)
-	TODO: check
+	NOT-FOR-US: Steeltoe
 CVE-2026-50194 (Steeltoe is an open source project that provides a collection of libra ...)
-	TODO: check
+	NOT-FOR-US: Steeltoe
 CVE-2026-50107 (When NGINX Plus or NGINX Open Source is configured as the data plane f ...)
 	TODO: check
 CVE-2026-49133 (Typemill before 2.24.0 contains a path traversal vulnerability that al ...)
@@ -49,7 +49,7 @@ CVE-2026-49133 (Typemill before 2.24.0 contains a path traversal vulnerability t
 CVE-2026-48997 (e107 is a content management system (CMS). Versions  2.3.5 and earlier ...)
 	TODO: check
 CVE-2026-48991 (XianYuLauncher is a Minecraft Java Edition launcher. In versions prior ...)
-	TODO: check
+	NOT-FOR-US: XianYuLauncher
 CVE-2026-48990 (joserfc is a Python library that provides an implementation of several ...)
 	TODO: check
 CVE-2026-48989 (Windows-MCP is an open-source project that integrates AI agents with W ...)
@@ -65,39 +65,39 @@ CVE-2026-48822 (Shaarli is a personal bookmarking service. Versions 0.16.1 and p
 CVE-2026-48821 (Shaarli is a personal bookmarking service. Versions 0.16.1 and prior c ...)
 	TODO: check
 CVE-2026-48820 (CakePHP is a rapid development framework for PHP. In versions 4.5.11 a ...)
-	TODO: check
+	NOT-FOR-US: CakePHP
 CVE-2026-48817 (Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 a ...)
 	TODO: check
 CVE-2026-48814 (Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versio ...)
-	TODO: check
+	NOT-FOR-US: Network-AI
 CVE-2026-48768 (TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POS ...)
-	TODO: check
+	NOT-FOR-US: TypeBot
 CVE-2026-48764 (TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF v ...)
-	TODO: check
+	NOT-FOR-US: TypeBot
 CVE-2026-48759 (TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an I ...)
-	TODO: check
+	NOT-FOR-US: TypeBot
 CVE-2026-45617 (LiquidJS is a Shopify/GitHub Pages compatible template engine written  ...)
-	TODO: check
+	NOT-FOR-US: LiquidJS
 CVE-2026-45357 (LiquidJS is a Shopify/GitHub Pages compatible template engine written  ...)
-	TODO: check
+	NOT-FOR-US: LiquidJS
 CVE-2026-44646 (LiquidJS is a Shopify/GitHub Pages compatible template engine written  ...)
-	TODO: check
+	NOT-FOR-US: LiquidJS
 CVE-2026-44645 (LiquidJS is a Shopify/GitHub Pages compatible template engine written  ...)
-	TODO: check
+	NOT-FOR-US: LiquidJS
 CVE-2026-44644 (LiquidJS is a Shopify/GitHub Pages compatible template engine written  ...)
-	TODO: check
+	NOT-FOR-US: LiquidJS
 CVE-2026-32682 (When NGINX Gateway Fabric is configured using GRPCRoutes, an authentic ...)
 	TODO: check
 CVE-2026-12569 (A critical remote code execution (RCE) vulnerability has been reported ...)
-	TODO: check
+	NOT-FOR-US: PTC WindChill
 CVE-2026-12568 (The postman_download module uses the workspace name field from the Pos ...)
-	TODO: check
+	NOT-FOR-US: bbot
 CVE-2026-12567 (The github_workflows module constructs local directory paths from user ...)
-	TODO: check
+	NOT-FOR-US: bbot
 CVE-2026-12566 (The docker_pull module uses the realm parameter from a Docker registry ...)
-	TODO: check
+	NOT-FOR-US: bbot
 CVE-2026-12565 (The unarchive internal module's archive extraction commands perform no ...)
-	TODO: check
+	NOT-FOR-US: bbot
 CVE-2026-12530 (Improper neutralization of argument delimiters in the install_packages ...)
 	NOT-FOR-US: Amazon
 CVE-2026-12529 (A security vulnerability has been detected in SourceCodester CET Autom ...)
@@ -139,9 +139,9 @@ CVE-2026-10029 (The Event Koi Lite \u2013 Events Calendar, Event Management, RSV
 CVE-2026-10023 (The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution \u2 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-27928 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
-	TODO: check
+	NOT-FOR-US: vantage6
 CVE-2024-24769 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
-	TODO: check
+	NOT-FOR-US: vantage6
 CVE-2026-9697 (Impact: undici's ProxyAgent silently drops the requestTls option when  ...)
 	- node-undici <unfixed>
 	NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4899cbc1bca17044867ee208804c56c1cd2f7a68

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4899cbc1bca17044867ee208804c56c1cd2f7a68
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260618/dfdcd878/attachment.htm>

More information about the debian-security-tracker-commits mailing list