[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 26 20:57:13 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2041421d by Salvatore Bonaccorso at 2026-06-26T21:56:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -187,11 +187,11 @@ CVE-2026-57231 (Podman is a tool for managing OCI containers and pods. From 1.8.
CVE-2026-56876 (extract-zip does not validate symlink targets when extracting zip arch ...)
TODO: check
CVE-2026-56823 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2026-56773 (Teable's v2 REST API controller lacks @Permissions metadata on ORPC en ...)
- TODO: check
+ NOT-FOR-US: teableio teable
CVE-2026-56663 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2026-56072 (Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versio ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-56070 (Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versi ...)
@@ -313,7 +313,7 @@ CVE-2026-54820 (Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.
CVE-2026-54753 (Nx is a monorepo solution for TypeScript and polyglot codebases. From ...)
TODO: check
CVE-2026-54636 (Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utili ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-54557 (mise manages dev tools like node, python, cmake, and terraform. Prior ...)
TODO: check
CVE-2026-54341 (Dragonfly is an in-memory data store built for modern application work ...)
@@ -331,7 +331,7 @@ CVE-2026-48743 (Envoy is an open source edge and service proxy designed for clou
CVE-2026-48706 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-48529 (GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1 ...)
- TODO: check
+ NOT-FOR-US: GitHub MCP Server
CVE-2026-48497 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-48090 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
@@ -351,7 +351,7 @@ CVE-2026-47221 (Envoy is an open source edge and service proxy designed for clou
CVE-2026-47220 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-47214 (Docling simplifies document processing by parsing diverse formats and ...)
- TODO: check
+ NOT-FOR-US: Docling
CVE-2026-47207 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-47206 (Dragonfly is an in-memory data store built for modern application work ...)
@@ -361,21 +361,21 @@ CVE-2026-47205 (Envoy is an open source edge and service proxy designed for clou
CVE-2026-47204 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2026-45408 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validati ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-45407 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-45406 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-45405 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive ...)
- TODO: check
+ NOT-FOR-US: Dokku
CVE-2026-45257 (The KTLS receive path decrypted each record in place, assuming that th ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-45256 (When used to deliver a signal to a specific thread, thr_kill2(2) calle ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-45195 (Kernel software installed and running inside a Host VM may post improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-44018 (Docling simplifies document processing by parsing diverse formats and ...)
- TODO: check
+ NOT-FOR-US: Docling
CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0 ...)
NOT-FOR-US: Dell / EMC
CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 1 ...)
@@ -857,7 +857,7 @@ CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buf
CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This potential ...)
TODO: check
CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORAT ...)
- TODO: check
+ NOT-FOR-US: Dynabook Inc.
CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer ove ...)
TODO: check
CVE-2026-56122 (Winstone Servlet Engine through 0.9.10 contains a path traversal vulne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041421ddbd191f4f55609929e48ed4684741e80
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041421ddbd191f4f55609929e48ed4684741e80
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260626/000943ba/attachment.htm>
More information about the debian-security-tracker-commits
mailing list