[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 30 09:20:00 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a11f7364 by Salvatore Bonaccorso at 2026-06-30T10:19:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2026-8023 (Zephyr's HTTP server (subsys/net/lib/http) provides a static-file
CVE-2026-7656 (The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (hand ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-57997 (Strapi users-permissions plugin fails to restrict JWT algorithms when ...)
- TODO: check
+ NOT-FOR-US: Strapi users-permissions plugin
CVE-2026-57919 (PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 cr ...)
- TODO: check
+ NOT-FOR-US: Matrix42 Empirum
CVE-2026-57498 (Coolify is an open-source and self-hostable tool for managing servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-56809 (Multiple laser printers and MFPs (multifunction printers) which implem ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2026-56808 (DGM3103SCT provided by AVTECH Security Corporation contains an OS comm ...)
- TODO: check
+ NOT-FOR-US: AVTECH
CVE-2026-56137 (RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS ...)
- TODO: check
+ NOT-FOR-US: Gotcha Gotcha Games Inc.
CVE-2026-55957 (Missing Critical Step in Authentication vulnerability in Apache Tomcat ...)
- tomcat11 11.0.5-1
[trixie] - tomcat11 11.0.15-1~deb13u1
@@ -30,19 +30,19 @@ CVE-2026-55957 (Missing Critical Step in Authentication vulnerability in Apache
NOTE: https://github.com/apache/tomcat/commit/0cd21c0393b8811af22daddbba7b4e7328e2d79e (10.1.37)
NOTE: https://github.com/apache/tomcat/commit/c32bbd37ea9ee0aaab848af4ee1c9a76e84240ea (9.0.101)
CVE-2026-54889 (Improper Neutralization of Input During Web Page Generation (XSS) vuln ...)
- TODO: check
+ NOT-FOR-US: leandrocp
CVE-2026-54888 (Uncontrolled Recursion vulnerability in leandrocp mdex allows denial o ...)
- TODO: check
+ NOT-FOR-US: leandrocp
CVE-2026-53429 (Missing Release of Memory after Effective Lifetime vulnerability in le ...)
- TODO: check
+ NOT-FOR-US: leandrocp
CVE-2026-53426 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- TODO: check
+ NOT-FOR-US: leandrocp
CVE-2026-51221 (A buffer overflow in the Get_Attribute_List function of EIPStackGroup ...)
- TODO: check
+ NOT-FOR-US: EIPStackGroup OpENer
CVE-2026-51219 (A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMes ...)
- TODO: check
+ NOT-FOR-US: lib60870
CVE-2026-51218 (A heap buffer overflow in the TS7Worker::PerformFunctionWrite() functi ...)
- TODO: check
+ NOT-FOR-US: snap7
CVE-2026-43746 (A use-after-free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2026-43745 (An out-of-bounds write issue was addressed with improved input validat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a11f736495f46fda8bee6ac2f390a78681cb4a85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a11f736495f46fda8bee6ac2f390a78681cb4a85
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/151ae716/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list