Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d2ae586 by Salvatore Bonaccorso at 2026-07-18T22:53:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2026-9323 (The urwid web display backend
(urwid/display/web.py) generates we
NOTE: https://github.com/urwid/urwid/pull/1128
NOTE: Fixed by:
https://github.com/urwid/urwid/commit/24acd12f0d0598036d0d577f2ee63e4a27b4a3d9
(4.0.2)
CVE-2026-9147 (uproot dynamically generates Python class source code from ROOT
TStrea ...)
- TODO: check
+ NOT-FOR-US: uproot
CVE-2026-47871 (VMware Avi Load Balancer contains a directory traversal
vulnerability. ...)
NOT-FOR-US: VMware
CVE-2026-47870 (VMware Avi Load Balancer contains a privilege escalation
vulnerability ...)
@@ -303,7 +303,7 @@ CVE-2026-48022 (@hapi/wreck is an HTTP client utility.
Prior to 18.1.2, Wreck st
CVE-2026-46420 (setup-php is a GitHub action to set up PHP with extensions,
php.ini co ...)
NOT-FOR-US: setup-php
CVE-2026-45799 (Wire provides gRPC and protocol buffers for Android, Kotlin,
Swift, an ...)
- TODO: check
+ NOT-FOR-US: square/wire
CVE-2026-45785 (OpenMcdf is a fully .NET / C# library to manipulate Compound
File Bina ...)
NOT-FOR-US: OpenMcdf
CVE-2026-45784 (rust-openssl provides OpenSSL bindings for the Rust
programming langua ...)
@@ -311,15 +311,15 @@ CVE-2026-45784 (rust-openssl provides OpenSSL bindings
for the Rust programming
CVE-2026-45704 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
NOT-FOR-US: Pimcore
CVE-2026-45260 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-44979 (@hapi/wreck is an HTTP client utility. Prior to 18.1.1, when
@hapi/wre ...)
- TODO: check
+ NOT-FOR-US: hapi/wreck
CVE-2026-44974 (@hapi/content provided HTTP Content-* headers parsing. Prior
to 6.0.2, ...)
- TODO: check
+ NOT-FOR-US: hapi/content
CVE-2026-44891 (Netty is a network application framework for development of
protocol s ...)
TODO: check
CVE-2026-44739 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-43636
REJECTED
CVE-2026-42168 (django-pyas2 through 1.2.3 is vulnerable to OS command
injection via t ...)
@@ -531,7 +531,7 @@ CVE-2026-47180 (Zeroconf is a pure Python implementation of
multicast DNS servic
CVE-2026-45703 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
NOT-FOR-US: Pimcore
CVE-2026-45162 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-44722 (pyzipper is a replacement for Python's zipfile that can read
and write ...)
TODO: check
CVE-2026-22104 (Improper access control in Hashtopolis server web-interface
chunk acti ...)
@@ -983,37 +983,37 @@ CVE-2026-45795 (The Janssen Project is an open-source
identity and access manage
CVE-2026-45695 (Kopia is a cross-platform backup tool for Windows, macOS, and
Linux wi ...)
NOT-FOR-US: Kopia
CVE-2026-45612 (rz-libdemangle is a Rizin library for demangling symbols.
Prior to 6bf ...)
- TODO: check
+ NOT-FOR-US: rz-libdemangle
CVE-2026-45576 (zrok is software for sharing web services, files, and network
resource ...)
- TODO: check
+ NOT-FOR-US: zrok
CVE-2026-45568 (zrok is software for sharing web services, files, and network
resource ...)
- TODO: check
+ NOT-FOR-US: zrok
CVE-2026-45368 (Kirby is an open-source content management system. In versions
prior t ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-45367 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
- TODO: check
+ NOT-FOR-US: HAPI FHIR
CVE-2026-45336 (HireFlow is a web-based interview management system for
managing candi ...)
- TODO: check
+ NOT-FOR-US: HireFlow
CVE-2026-45334 (Kirby is an open-source content management system. In versions
prior t ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-45325 (Gestor de Oferta is a web application for managing mobility
service of ...)
- TODO: check
+ NOT-FOR-US: Gestor de Oferta
CVE-2026-44982 (CrowdSec offers crowdsourced protection against malicious IPs.
From 1. ...)
- TODO: check
+ NOT-FOR-US: CrowdSec
CVE-2026-44981 (CrowdSec offers crowdsourced protection against malicious IPs.
From 1. ...)
- TODO: check
+ NOT-FOR-US: CrowdSec
CVE-2026-44970 (dbt-mcp is a Model Context Protocol server for interacting
with dbt. P ...)
- TODO: check
+ NOT-FOR-US: dbt-mcp
CVE-2026-44969 (dbt-mcp is a Model Context Protocol server for interacting
with dbt. P ...)
- TODO: check
+ NOT-FOR-US: dbt-mcp
CVE-2026-44968 (dbt-mcp is a Model Context Protocol server for interacting
with dbt. P ...)
- TODO: check
+ NOT-FOR-US: dbt-mcp
CVE-2026-44632 (Yamcs is a mission control framework. Prior to 5.12.7, a
server-side c ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2026-44596 (Yamcs is a mission control framework. Prior to 5.12.7, the
authenticat ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2026-44595 (Yamcs is a mission control framework. Prior to 5.12.7, the IAM
API end ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2026-44453 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Pr ...)
TODO: check
CVE-2026-44452 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Pr ...)
@@ -1405,7 +1405,7 @@ CVE-2026-45417 (DataEase is an open source data
visualization and analysis tool.
CVE-2026-45320 (DataEase is an open source data visualization and analysis
tool. Prior ...)
NOT-FOR-US: DataEase
CVE-2026-45313 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
- TODO: check
+ NOT-FOR-US: Sandboxie-Plus
CVE-2026-40958 (CVE-2026-40958 is a input validation error in Secure Access
clients pr ...)
NOT-FOR-US: Absolute Software
CVE-2026-40957 (o CVE-2026-40957 is a frameable content vulnerability in the
Secure Ac ...)
@@ -1891,11 +1891,11 @@ CVE-2026-45805 (Penpot is an open-source design tool
for design and code collabo
CVE-2026-45804 (Diffusers is the a library for pretrained diffusion models.
Prior to 0 ...)
NOT-FOR-US: Diffusers
CVE-2026-45337 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-45150 (Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser
did not ...)
- TODO: check
+ NOT-FOR-US: Zen
CVE-2026-44986 (Penpot is an open-source design tool for design and code
collaboration ...)
- TODO: check
+ NOT-FOR-US: Penpot
CVE-2026-43637 (Cornac before 2.6.0 contains a path traversal (Tar Slip)
vulnerability ...)
TODO: check
CVE-2026-42533 (A vulnerability exists in NGINX Plus and NGINX Open Source
when a mapd ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d2ae5861b5638ff86f667a115f7ac0e003d9d89
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d2ae5861b5638ff86f667a115f7ac0e003d9d89
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits