Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4c9f27c by Salvatore Bonaccorso at 2026-03-06T21:33:30+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-3653
CVE-2026-3589 (The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2
does no ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3419 (Fastify incorrectly accepts malformed `Content-Type` headers
containin ...)
- TODO: check
+ NOT-FOR-US: Fastify
CVE-2026-30847 (Wekan is an open source kanban tool built with Meteor. In
versions 8.3 ...)
TODO: check
CVE-2026-30846 (Wekan is an open source kanban tool built with Meteor. In
versions 8.3 ...)
@@ -15,9 +15,9 @@ CVE-2026-30844 (Wekan is an open source kanban tool built
with Meteor. Versions
CVE-2026-30843 (Wekan is an open source kanban tool built with Meteor.
Versions 8.32 a ...)
TODO: check
CVE-2026-30833 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2026-30831 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2026-2754 (Navtor NavBox exposes sensitive configuration and operational
data due ...)
TODO: check
CVE-2026-2753 (An Absolute Path Traversal vulnerability exists in Navtor
NavBox. The ...)
@@ -25,21 +25,21 @@ CVE-2026-2753 (An Absolute Path Traversal vulnerability
exists in Navtor NavBox.
CVE-2026-2752 (Navtor NavBox allows information disclosure via the
/api/ais-data endp ...)
TODO: check
CVE-2026-29783 (The shell tool within GitHub Copilot CLI versions prior to and
includi ...)
- TODO: check
+ NOT-FOR-US: GitHub Copilot CLI
CVE-2026-29178 (Lemmy, a link aggregator and forum for the fediverse, is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Lemmy
CVE-2026-29110 (Cryptomator encrypts data being stored on cloud
infrastructure. Prior ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2026-29091 (Locutus brings stdlibs of other programming languages to
JavaScript fo ...)
- TODO: check
+ NOT-FOR-US: Node Locutus
CVE-2026-29089 (TimescaleDB is a time-series database for high-performance
real-time a ...)
- TODO: check
+ NOT-FOR-US: Timescale TimescaleDB
CVE-2026-29087 (@hono/node-server allows running the Hono application on
Node.js. Prio ...)
- TODO: check
+ NOT-FOR-US: Hono node-server
CVE-2026-29082 (Kestra is an event-driven orchestration platform. In versions
from 1.1 ...)
- TODO: check
+ NOT-FOR-US: Kestra
CVE-2026-29075 (Mesa is an open-source Python library for agent-based
modeling, simula ...)
- TODO: check
+ NOT-FOR-US: mesa ibrary for agent-based modeling (not the same as
src:mesa)
CVE-2026-29064 (Zarf is an Airgap Native Packager Manager for Kubernetes. From
version ...)
TODO: check
CVE-2026-29063 (Immutable.js provides many Persistent Immutable data
structures. Prior ...)
@@ -263,7 +263,7 @@ CVE-2026-29609 (OpenClaw versions prior to 2026.2.14
contain a denial of service
CVE-2026-29606 (OpenClaw versions prior to 2026.2.14 contain a webhook
signature-verif ...)
NOT-FOR-US: OpenClaw
CVE-2026-29188 (File Browser provides a file managing interface within a
specified dir ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-29183 (SiYuan is a personal knowledge management system. Prior to
version 3.5 ...)
NOT-FOR-US: SiYuan
CVE-2026-29093 (WWBN AVideo is an open source video platform. Prior to version
24.0, t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c9f27c0a6cfc26cf1a05874c7eee039a8757fe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c9f27c0a6cfc26cf1a05874c7eee039a8757fe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
