Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60466760 by Salvatore Bonaccorso at 2026-05-15T21:51:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -80,49 +80,49 @@ CVE-2026-45616 (Vvveb is a powerful and easy to use CMS
with page builder to bui
CVE-2026-45539 (Microsoft APM is an open-source, community-driven dependency
manager f ...)
NOT-FOR-US: Microsoft
CVE-2026-45038 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
- TODO: check
+ NOT-FOR-US: Tabby (formerly Terminus, but not the same as src:terminus)
CVE-2026-45037 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
- TODO: check
+ NOT-FOR-US: Tabby (formerly Terminus, but not the same as src:terminus)
CVE-2026-45036 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
- TODO: check
+ NOT-FOR-US: Tabby (formerly Terminus, but not the same as src:terminus)
CVE-2026-45035 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
- TODO: check
+ NOT-FOR-US: Tabby (formerly Terminus, but not the same as src:terminus)
CVE-2026-45010 (phpMyFAQ before 4.1.2 contains an improper restriction of
excessive au ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-45009 (phpMyFAQ before 4.1.2 contains an insufficient authorization
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-45008 (phpMyFAQ before 4.1.2 contains a path traversal vulnerability
in Clien ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-45007 (phpMyFAQ before 4.1.2 contains missing permission checks in
Configurat ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-44826 (Vvveb is a powerful and easy to use CMS with page builder to
build web ...)
- TODO: check
+ NOT-FOR-US: Vvveb
CVE-2026-44774 (Traefik is an HTTP reverse proxy and load balancer. Prior to
2.11.46, ...)
TODO: check
CVE-2026-44719 (Mathesar is a web application that makes working with
PostgreSQL datab ...)
- TODO: check
+ NOT-FOR-US: Mathesar
CVE-2026-44718 (Mathesar is a web application that makes working with
PostgreSQL datab ...)
- TODO: check
+ NOT-FOR-US: Mathesar
CVE-2026-44717 (MCP Calculate Server is a mathematical calculation service
based on MC ...)
- TODO: check
+ NOT-FOR-US: MCP Calculate Server
CVE-2026-44714 (The bitcoinj library is a Java implementation of the Bitcoin
protocol. ...)
TODO: check
CVE-2026-44699 (LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2,
libjwt acce ...)
TODO: check
CVE-2026-44641 (Microsoft APM is an open-source, community-driven dependency
manager f ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44366 (Vvveb is a powerful and easy to use CMS with page builder to
build web ...)
- TODO: check
+ NOT-FOR-US: Vvveb
CVE-2026-44310 (Gitsign is a keyless Sigstore to signing tool for Git commits
with you ...)
TODO: check
CVE-2026-44309 (Gitsign is a keyless Sigstore to signing tool for Git commits
with you ...)
TODO: check
CVE-2026-44088 (SzafirHost verifies the signature of the downloaded JAR file
using cla ...)
- TODO: check
+ NOT-FOR-US: SzafirHost
CVE-2026-42458 (Magento Long Term Support (LTS) is an unofficial,
community-driven pro ...)
- TODO: check
+ NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2026-42207 (Magento Long Term Support (LTS) is an unofficial,
community-driven pro ...)
- TODO: check
+ NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2026-42155 (Magento Long Term Support (LTS) is an unofficial,
community-driven pro ...)
TODO: check
CVE-2026-41971 (Permission control vulnerability in the security control
module.Impact ...)
@@ -1036,15 +1036,15 @@ CVE-2026-42572 (Hatchet is a platform for orchestrating
background tasks, AI age
CVE-2026-42559 (RMCP is an official Rust SDK for the Model Context Protocol.
Prior to ...)
TODO: check
CVE-2026-42555 (Valtimo is an open-source business process automation
platform. com.ri ...)
- TODO: check
+ NOT-FOR-US: Valtimo
CVE-2026-42457 (vCluster Platform provides a Kubernetes platform for managing
virtual ...)
NOT-FOR-US: vCluster Platform
CVE-2026-42334 (Mongoose is a MongoDB object modeling tool designed to work in
an asyn ...)
TODO: check
CVE-2026-42283 (DevSpace is a client-only developer tool for cloud-native
development ...)
- TODO: check
+ NOT-FOR-US: DevSpace
CVE-2026-42281 (MagicMirror\xb2 is an open source modular smart mirror
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: MagicMirror
CVE-2026-42186 (OpenBao is an open source identity-based secrets management
system. Pr ...)
- openbao <itp> (bug #1069794)
CVE-2026-42159 (Flowsint is an open-source OSINT graph exploration tool
designed for c ...)
@@ -1597,7 +1597,7 @@ CVE-2026-42408 (When BIG-IP DNS is provisioned, a
vulnerability exists in an und
CVE-2026-42406 (A vulnerability exists in BIG-IP and BIG-IQ systems where a
highly pri ...)
NOT-FOR-US: F5
CVE-2026-42290 (protobufjs-cli is the command line add-on for protobuf.js.
Prior to 1. ...)
- TODO: check
+ NOT-FOR-US: protobufjs-cli
CVE-2026-42266 (jupyterlab is an extensible environment for interactive and
reproducib ...)
TODO: check
CVE-2026-42063 (A vulnerability exists in iControl SOAP where an authenticated
attacke ...)
@@ -2720,9 +2720,9 @@ CVE-2026-42498 (Exposure of HTTP Authentication Header to
unexpected hosts durin
CVE-2026-42348 (OpenTelemetry.OpAmp.Client is the OpAMP client for
OpenTelemetry .NET. ...)
NOT-FOR-US: OpenTelemetry.OpAmp.Client
CVE-2026-42303 (Fides is an open-source privacy engineering platform. From
2.75.0 to b ...)
- TODO: check
+ NOT-FOR-US: Fides
CVE-2026-42300 (DevGuard provides vulnerability management for the full
software suppl ...)
- TODO: check
+ NOT-FOR-US: DevGuard
CVE-2026-42260 (Open-WebSearch is a multi-engine MCP server, CLI, and local
daemon for ...)
TODO: check
CVE-2026-42177 (linux-entra-sso is a browser plugin for Linux to SSO on
Microsoft Entr ...)
@@ -3882,7 +3882,7 @@ CVE-2026-42603 (OWASP BLT is a QA testing and
vulnerability disclosure platform
CVE-2026-42349 (Clerk JavaScript is the official JavaScript repository for
Clerk authe ...)
NOT-FOR-US: Clerk
CVE-2026-42316 (kafka-sink-azure-kusto Kafka Connect plugin is the official
Microsoft ...)
- TODO: check
+ NOT-FOR-US: kafka-sink-azure-kusto Kafka Connect plugin
CVE-2026-42315 (pyLoad is a free and open-source download manager written in
Python. P ...)
- pyload <itp> (bug #1001980)
CVE-2026-42314 (pyLoad is a free and open-source download manager written in
Python. P ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60466760477cbe6cf95167f90ac6ec162dc92e10
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60466760477cbe6cf95167f90ac6ec162dc92e10
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
