[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 25 21:17:55 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2a50b1d by Salvatore Bonaccorso at 2026-06-25T22:17:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119,21 +119,21 @@ CVE-2026-56786 (RTKLIB through 2.4.3 contains an out-of-bounds write vulnerabili
 	- rtklib <unfixed>
 	NOTE: https://github.com/tomojitakasu/RTKLIB/issues/799
 CVE-2026-56779 (MaxKB before 2.10.0 contains a server-side request forgery vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: MaxKB
 CVE-2026-56774 (Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController:: ...)
 	TODO: check
 CVE-2026-56772 (NewsBlur before 14.5.0 contains a broken access control vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: NewsBlur
 CVE-2026-56771 (NewsBlur before version 14.5.0 contains a server-side request forgery  ...)
-	TODO: check
+	NOT-FOR-US: NewsBlur
 CVE-2026-56770 (libais through 0.15 VdmStream::AddLine uses an unchecked sentinel valu ...)
 	TODO: check
 CVE-2026-56769 (Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an aut ...)
-	TODO: check
+	NOT-FOR-US: Huly Platform
 CVE-2026-56768 (Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GE ...)
-	TODO: check
+	NOT-FOR-US: Seahub
 CVE-2026-56767 (Maxun before 0.0.42 contains a cross-tenant insecure direct object ref ...)
-	TODO: check
+	NOT-FOR-US: Maxun
 CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer ov ...)
 	TODO: check
 CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This potential ...)
@@ -193,25 +193,25 @@ CVE-2026-55697 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can
 CVE-2026-55693 (Vim is an open source, command line text editor. Prior to 9.2.0653, th ...)
 	TODO: check
 CVE-2026-55667 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-55487 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic pe ...)
 	TODO: check
 CVE-2026-55477 (3X-UI is a web control panel for managing Xray-core servers. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: 3X-UI
 CVE-2026-55439 (Halo is an open source website building tool. Prior to 2.24.3, a path  ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2026-55413 (ToolJet is the open-source foundation am AI-native platform for buildi ...)
-	TODO: check
+	NOT-FOR-US: ToolJet
 CVE-2026-55412 (ToolJet is the open-source foundation am AI-native platform for buildi ...)
-	TODO: check
+	NOT-FOR-US: ToolJet
 CVE-2026-55411 (ToolJet is the open-source foundation am AI-native platform for buildi ...)
-	TODO: check
+	NOT-FOR-US: ToolJet
 CVE-2026-55180 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacqu ...)
 	TODO: check
 CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an  ...)
 	TODO: check
 CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage (S3), fil ...)
-	TODO: check
+	NOT-FOR-US: SeaweedFS
 CVE-2026-54849 (Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54848 (Insertion of Sensitive Information Into Sent Data vulnerability in Saa ...)
@@ -245,55 +245,55 @@ CVE-2026-54821 (Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3
 CVE-2026-54679 (jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system,  ...)
 	TODO: check
 CVE-2026-54573 (Outline is a service that allows for collaborative documentation. Prio ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2026-54448 (Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm  ...)
 	TODO: check
 CVE-2026-54250 (K3s is a fully conformant production-ready Kubernetes distribution. Pr ...)
-	TODO: check
+	NOT-FOR-US: K3s
 CVE-2026-54097 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54096 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54094 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54093 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54092 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54091 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54090 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54089 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54088 (File Browser is a file managing interface for uploading, deleting, pre ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-54040 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-54037 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-54036 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-54033 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-54030 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-54029 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-54027 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-54025 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-54024 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-53925 (Glances is an open-source system cross-platform monitoring tool. From  ...)
 	TODO: check
 CVE-2026-50573 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` ...)
 	TODO: check
 CVE-2026-50549 (Cursor is a code editor built for programming with AI. Prior to 3.0, C ...)
-	TODO: check
+	NOT-FOR-US: Cursor
 CVE-2026-50548 (Cursor is a code editor built for programming with AI. Prior to 3.0, C ...)
-	TODO: check
+	NOT-FOR-US: Cursor
 CVE-2026-50021 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball ...)
 	TODO: check
 CVE-2026-50017 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send  ...)
@@ -367,7 +367,7 @@ CVE-2026-46607 (Glances is an open-source system cross-platform monitoring tool.
 CVE-2026-46606 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
 	TODO: check
 CVE-2026-45233 (HTMLy CMS through 3.1.1 contains a path traversal vulnerability that a ...)
-	TODO: check
+	NOT-FOR-US: HTMLy CMS
 CVE-2026-41120 (Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an  ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-2815 (Incorrect use of the PUF key for user key generation in EFR32xG27 resu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a50b1d0dec588dc90215ddb6cd166122219d6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2a50b1d0dec588dc90215ddb6cd166122219d6c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260625/b7d7a0ec/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list