Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a4c9d76 by Salvatore Bonaccorso at 2026-05-14T10:12:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2026-8496 (A cross-site scripting (XSS) vulnerability
exists in Alinto SOGo,
CVE-2026-8466 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
TODO: check
CVE-2026-8369 (Improper Input Validation in the NAT64 translator in The
OpenThread Au ...)
- TODO: check
+ NOT-FOR-US: OpenThread
CVE-2026-8367 (aria2c accepts a server certificate with incorrect Extended Key
Usage ...)
TODO: check
CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was not updated when
CVE-2021-4 ...)
@@ -92,29 +92,29 @@ CVE-2026-46419 (Yubico webauthn-server-core (aka
java-webauthn-server) 2.8.0 bef
CVE-2026-45740 (protobufjs compiles protobuf definitions into JavaScript (JS)
function ...)
TODO: check
CVE-2026-45714 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an
Authent ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-45708 (CubeCart is an ecommerce software solution. Prior to 6.7.3, an
admin w ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-45411 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3,
it is p ...)
- TODO: check
+ NOT-FOR-US: Node vm2
CVE-2026-45229 (Quark Drive before 0.8.5 contains a mass assignment
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Quark Drive
CVE-2026-45228 (Quark Drive before 0.8.5 contains a stored cross-site
scripting vulner ...)
- TODO: check
+ NOT-FOR-US: Quark Drive
CVE-2026-45158 (OPNsense is a FreeBSD based firewall and routing platform.
Prior to 26 ...)
TODO: check
CVE-2026-45109 (Next.js is a React framework for building full-stack web
applications. ...)
NOT-FOR-US: Next.js
CVE-2026-45055 (CubeCart is an ecommerce software solution. Prior to 6.7.2,
CubeCart 6 ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-45054 (CubeCart is an ecommerce software solution. Prior to 6.7.0,
the admin ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-45053 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an
Authent ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-45033 (GitHub Copilot CLI brings AI-powered coding assistance
directly to you ...)
TODO: check
CVE-2026-45028 (Astro is a web framework. Astro versions prior to 6.1.10 used
AES-GCM ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image
handling ...)
TODO: check
CVE-2026-44665 (fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an
input d ...)
@@ -154,31 +154,31 @@ CVE-2026-44470 (The Claude Desktop app gives you Claude
Code with a graphical in
CVE-2026-44467 (The Claude Desktop app gives you Claude Code with a graphical
interfac ...)
TODO: check
CVE-2026-44459 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-44458 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-44457 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-44456 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-44455 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-44448 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-44447 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-44446 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-44445 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-44442 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-44441 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-44440 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-44439 (PlaywrightCapture is a simple replacement for splash using
playwright. ...)
- TODO: check
+ NOT-FOR-US: PlaywrightCapture
CVE-2026-44437 (The Angular SSR is a server-rise rendering tool for Angular
applicatio ...)
TODO: check
CVE-2026-44432 (urllib3 is an HTTP client library for Python. From 2.6.0 to
before 2.7 ...)
@@ -194,17 +194,17 @@ CVE-2026-44424 (ShellHub is a centralized SSH gateway.
Prior to 0.24.2, GET /api
CVE-2026-44423 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET
/api/sessi ...)
TODO: check
CVE-2026-44418 (EcclesiaCRM is CRM Software for church management. In 8.0.0
and earlie ...)
- TODO: check
+ NOT-FOR-US: EcclesiaCRM
CVE-2026-44381 (MISP is an open source threat intelligence and sharing
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-44380 (MISP is an open source threat intelligence and sharing
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-44379 (MISP is an open source threat intelligence and sharing
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-44377 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an
Authent ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-44376 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an
unauthe ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-44373 (Nitro is a next generation server toolkit. Prior to
3.0.260429-beta, a ...)
TODO: check
CVE-2026-44372 (Nitro is a next generation server toolkit. Prior to
3.0.260429-beta, a ...)
@@ -214,9 +214,9 @@ CVE-2026-44369 (CVAT is an open source interactive video
and image annotation to
CVE-2026-44368 (PyQuorum is a cryptographic library for secret sharing and key
managem ...)
TODO: check
CVE-2026-44364 (MISP modules are autonomous modules that can be used to extend
MISP fo ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-44363 (MISP modules are autonomous modules that can be used to extend
MISP fo ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-44351 (fast-jwt provides fast JSON Web Token (JWT) implementation.
Prior to 6 ...)
TODO: check
CVE-2026-44295 (protobufjs-cli is the command line add-on for protobuf.js.
Prior to 1. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4c9d762e79aa6ebe5fe914dcda630b9b9d7cf7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4c9d762e79aa6ebe5fe914dcda630b9b9d7cf7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
