Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f519498 by Salvatore Bonaccorso at 2026-04-06T22:07:16+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -80,13 +80,13 @@ CVE-2026-5634 (A vulnerability was identified in
projectworlds Car Rental Projec
CVE-2026-5633 (A vulnerability was determined in assafelovic gpt-researcher up
to 3.4 ...)
NOT-FOR-US: assafelovic gpt-researcher
CVE-2026-3524 (Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt
request pro ...)
- TODO: check
+ NOT-FOR-US: Mattermost Plugin Legal Hold
CVE-2026-37977 (A flaw was found in Keycloak. A remote attacker can exploit a
Cross-Or ...)
- keycloak <itp> (bug #1088287)
CVE-2026-35470 (OpenSTAManager is an open source management software for
technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2026-35209 (defu is software that allows uers to assign default properties
recursi ...)
- TODO: check
+ NOT-FOR-US: defu
CVE-2026-35177 (Vim is an open source, command line text editor. Prior to
9.2.0280, a ...)
- vim <unfixed>
NOTE: https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24
@@ -94,58 +94,58 @@ CVE-2026-35177 (Vim is an open source, command line text
editor. Prior to 9.2.02
CVE-2026-35175 (Ajenti is a Linux and BSD modular server admin panel. Prior to
2.2.15, ...)
- ajenti <itp> (bug #792019)
CVE-2026-35174 (Chyrp Lite is an ultra-lightweight blogging engine. Prior to
2026.01, ...)
- TODO: check
+ NOT-FOR-US: Chyrp Lite
CVE-2026-35173 (Chyrp Lite is an ultra-lightweight blogging engine. Prior to
2026.01, ...)
- TODO: check
+ NOT-FOR-US: Chyrp Lite
CVE-2026-35171 (Kedro is a toolbox for production-ready data science. Prior to
1.3.0, ...)
- TODO: check
+ NOT-FOR-US: Kedro
CVE-2026-35167 (Kedro is a toolbox for production-ready data science. Prior to
1.3.0, ...)
- TODO: check
+ NOT-FOR-US: Kedro
CVE-2026-35166 (Hugo is a static site generator. From 0.60.0 to before
0.159.2, links ...)
- hugo 0.159.2-1
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-mcv8-8m8x-48pg
CVE-2026-35164 (Brave CMS is an open-source CMS. Prior to 2.0.6, an
unrestricted file ...)
- TODO: check
+ NOT-FOR-US: Brave CMS
CVE-2026-35052 (D-Tale is the combination of a Flask back-end and a React
front-end to ...)
- TODO: check
+ NOT-FOR-US: D-Tale
CVE-2026-35050 (text-generation-webui is an open-source web interface for
running Larg ...)
- TODO: check
+ NOT-FOR-US: text-generation-webui
CVE-2026-35047 (Brave CMS is an open-source CMS. Prior to 2.0.6, an
Unrestricted File ...)
- TODO: check
+ NOT-FOR-US: Brave CMS
CVE-2026-35046 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
- TODO: check
+ NOT-FOR-US: Tandoor Recipes
CVE-2026-35045 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
- TODO: check
+ NOT-FOR-US: Tandoor Recipes
CVE-2026-35044 (BentoML is a Python library for building online serving
systems optimi ...)
- TODO: check
+ NOT-FOR-US: BentoML
CVE-2026-35043 (BentoML is a Python library for building online serving
systems optimi ...)
- TODO: check
+ NOT-FOR-US: BentoML
CVE-2026-35042 (fast-jwt provides fast JSON Web Token (JWT) implementation. In
6.1.0 a ...)
TODO: check
CVE-2026-35039 (fast-jwt provides fast JSON Web Token (JWT) implementation.
From 0.0.1 ...)
TODO: check
CVE-2026-35037 (Ech0 is an open-source, self-hosted publishing platform for
personal i ...)
- TODO: check
+ NOT-FOR-US: Ech0
CVE-2026-35036 (Ech0 is an open-source, self-hosted publishing platform for
personal i ...)
- TODO: check
+ NOT-FOR-US: Ech0
CVE-2026-35035 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a
production ...)
- TODO: check
+ NOT-FOR-US: CI4MS
CVE-2026-35030 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
- TODO: check
+ NOT-FOR-US: LiteLLM
CVE-2026-35029 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
- TODO: check
+ NOT-FOR-US: LiteLLM
CVE-2026-34992 (Antrea is a Kubernetes networking solution intended to be
Kubernetes n ...)
- TODO: check
+ NOT-FOR-US: Antrea
CVE-2026-34989 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a
production ...)
- TODO: check
+ NOT-FOR-US: CI4MS
CVE-2026-34986 (Go JOSE provides an implementation of the Javascript Object
Signing an ...)
TODO: check
CVE-2026-34981 (The whisperX API is a tool for enhancing and analyzing audio
content. ...)
- TODO: check
+ NOT-FOR-US: whisperX API
CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. Prior
to 3.2. ...)
- TODO: check
+ NOT-FOR-US: AperiSolve
CVE-2026-34976 (Dgraph is an open source distributed GraphQL database. Prior
to 25.3.1 ...)
- TODO: check
+ NOT-FOR-US: Dgraph
CVE-2026-34975 (Plunk is an open-source email platform built on top of AWS
SES. Prior ...)
TODO: check
CVE-2026-34969 (Nhost is an open source Firebase alternative with GraphQL.
Prior to 0. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f51949840caa8500245d4bfd5e75739d35bd595
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f51949840caa8500245d4bfd5e75739d35bd595
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
