[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jun 30 15:27:01 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7687b7c by Moritz Muehlenhoff at 2026-06-30T16:26:14+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -132,21 +132,21 @@ CVE-2026-43676 (An out-of-bounds access issue was addressed with improved bounds
CVE-2026-43663 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2026-41896 (Coolify is an open-source and self-hostable tool for managing servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-39872 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2026-39868 (This issue was addressed with improved input validation. This issue is ...)
NOT-FOR-US: Apple
CVE-2026-37637 (An issue in Alexantr filemanager v.1.0 allows a remote attacker to exe ...)
- TODO: check
+ NOT-FOR-US: Alexantr filemanager
CVE-2026-34597 (Coolify is an open-source and self-hostable tool for managing servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-34594 (Coolify is an open-source and self-hostable tool for managing servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-34592 (Coolify is an open-source and self-hostable tool for managing servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-31016 (Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7 ...)
- TODO: check
+ NOT-FOR-US: Squidex CMS
CVE-2026-28979 (An out-of-bounds access issue was addressed with improved bounds check ...)
NOT-FOR-US: Apple
CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5 reader. D ...)
@@ -552,7 +552,7 @@ CVE-2026-11979 (libxml2 is vulnerable to multiple stack-based buffer overflows i
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c2e233fc1b341685fc99621b2768b503f777a72e
NOTE: Not considered a security issue upstream
CVE-2026-11720 (A path traversal vulnerability exists in the HTTP tool URL builder of ...)
- TODO: check
+ NOT-FOR-US: Google MCP Toolbox for Databases
CVE-2026-54371 (attr before version 2.6.0 contains a symlink traversal vulnerability i ...)
- attr 1:2.6.0-1 (bug #1141107)
[trixie] - attr <no-dsa> (Will be fixed first in unstable, then point release update)
@@ -1987,7 +1987,7 @@ CVE-2026-10098 (OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_
CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compar ...)
TODO: check
CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle files that ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71338 (Flowise contains a path traversal vulnerability in the /api/v1/documen ...)
NOT-FOR-US: Flowise
CVE-2025-71336 (Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) con ...)
@@ -6340,7 +6340,7 @@ CVE-2026-50184 (Angular is a development platform for building mobile and deskto
NOTE: https://github.com/angular/angular/security/advisories/GHSA-95qp-cmmw-mgqv
NOTE: https://github.com/angular/angular/pull/68904
CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich editing ...)
- TODO: check
+ NOT-FOR-US: VS Code extension
CVE-2026-50171 (Angular is a development platform for building mobile and desktop web ...)
- angular.js <undetermined>
NOTE: https://github.com/angular/angular/security/advisories/GHSA-p3vc-36g9-x9gr
@@ -6362,7 +6362,7 @@ CVE-2026-49356 (Babel is a compiler for writing next generation JavaScript. Prio
- node-babel7 <unfixed> (bug #1140816)
NOTE: https://github.com/babel/babel/security/advisories/GHSA-4x5r-pxfx-6jf8
CVE-2026-49241 (The Angular Language Service VS Code Extension provides a rich editing ...)
- TODO: check
+ NOT-FOR-US: VS Code extension
CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
- node-protobufjs <itp> (bug #977564)
CVE-2026-46417 (Angular is a development platform for building mobile and desktop web ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7687b7cf205a4eba8f9c5751d1d6dde6519b8e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7687b7cf205a4eba8f9c5751d1d6dde6519b8e8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/7df0adef/attachment.htm>
More information about the debian-security-tracker-commits
mailing list