Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cce36715 by Salvatore Bonaccorso at 2026-05-16T14:06:06+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -411,7 +411,7 @@ CVE-2026-45369 (python-utcp is the python implementation of
UTCP. Prior to 1.1.3
CVE-2026-45248 (Hedera Guardian through 3.5.1 contains an authentication
bypass vulner ...)
NOT-FOR-US: Hedera Guardian
CVE-2026-44700 (Elixir WebRTC is an Elixir implementation of the W3C WebRTC
API. Prior ...)
- TODO: check
+ NOT-FOR-US: Elixir WebRTC
CVE-2026-44679 (Tuist is a virtual platform team for Swift app devs. Prior to
1.180.10 ...)
NOT-FOR-US: Tuist
CVE-2026-44678 (Tuist is a virtual platform team for Swift app devs. In
1.180.8 and ea ...)
@@ -1169,7 +1169,7 @@ CVE-2026-44216 (Wasmtime is a runtime for WebAssembly.
From 30.0.0 to 36.0.8, 43
- rust-wasmtime 36.0.8+dfsg-1
NOTE:
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg
CVE-2026-43644 (podinfo through 6.11.2 contains a reflected cross-site
scripting vulne ...)
- TODO: check
+ NOT-FOR-US: podinfo
CVE-2026-42897 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
CVE-2026-42881 (STIGQter is an open-source reimplementation of DISA's STIG
Viewer. Fro ...)
@@ -1195,9 +1195,9 @@ CVE-2026-42590 (Gotenberg is a Docker-powered stateless
API for PDF files. Prior
CVE-2026-42589 (Gotenberg is a Docker-powered stateless API for PDF files.
Prior to 8. ...)
NOT-FOR-US: Gotenberg
CVE-2026-42572 (Hatchet is a platform for orchestrating background tasks, AI
agents, a ...)
- TODO: check
+ NOT-FOR-US: Hatchet
CVE-2026-42559 (RMCP is an official Rust SDK for the Model Context Protocol.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RMCP
CVE-2026-42555 (Valtimo is an open-source business process automation
platform. com.ri ...)
NOT-FOR-US: Valtimo
CVE-2026-42457 (vCluster Platform provides a Kubernetes platform for managing
virtual ...)
@@ -2887,7 +2887,7 @@ CVE-2026-42303 (Fides is an open-source privacy
engineering platform. From 2.75.
CVE-2026-42300 (DevGuard provides vulnerability management for the full
software suppl ...)
NOT-FOR-US: DevGuard
CVE-2026-42260 (Open-WebSearch is a multi-engine MCP server, CLI, and local
daemon for ...)
- TODO: check
+ NOT-FOR-US: Open-WebSearch
CVE-2026-42177 (linux-entra-sso is a browser plugin for Linux to SSO on
Microsoft Entr ...)
TODO: check
CVE-2026-42175 (requests-hardened is a library that overrides the default
behaviors of ...)
@@ -3485,15 +3485,15 @@ CVE-2026-7255 (** UNSUPPORTED WHEN ASSIGNED ** An
improper restriction of excess
CVE-2026-45430 (The Salesforce module before 1.x-1.0.1 for Backdrop CMS does
not prope ...)
NOT-FOR-US: Salesforce module for Backdrop CMS
CVE-2026-45393 (Reserved. Details will be published at disclosure.)
- TODO: check
+ NOT-FOR-US: Cribl
CVE-2026-45392 (Reserved. Details will be published at disclosure.)
- TODO: check
+ NOT-FOR-US: Cribl
CVE-2026-45391 (Reserved. Details will be published at disclosure.)
- TODO: check
+ NOT-FOR-US: Cribl
CVE-2026-45362 (Sangoma Switchvox before 8.4 places cleartext SIP
authentication crede ...)
NOT-FOR-US: Sangoma Switchvox
CVE-2026-45321 (On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84
malicious ...)
- TODO: check
+ NOT-FOR-US: Backdoored TanStack packages
CVE-2026-45026 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
NOT-FOR-US: WeGIA
CVE-2026-45025 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
@@ -3954,7 +3954,7 @@ CVE-2026-44659 (Zen is a firefox-based browser. Prior to
1.19.12b, the ZEN Brows
CVE-2026-44658 (Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed
URLs enter ...)
NOT-FOR-US: Zen
CVE-2026-44643 (Angular Expressions provides expressions for the Angular.JS
web framew ...)
- TODO: check
+ NOT-FOR-US: Angular Expressions
CVE-2026-44413 (In JetBrains TeamCity before 2026.1 2025.11.5 authenticated
users coul ...)
NOT-FOR-US: JetBrains
CVE-2026-44226 (pyLoad is a free and open-source download manager written in
Python. P ...)
@@ -4525,7 +4525,7 @@ CVE-2026-42575 (apko allows users to build and publish
OCI container images buil
CVE-2026-42574 (apko allows users to build and publish OCI container images
built from ...)
NOT-FOR-US: apko
CVE-2026-42571 (Pelican is a platform for creating data federations. From
versions 7.2 ...)
- TODO: check
+ NOT-FOR-US: PelicanPlatform Pelican (not the same as src:pelican)
CVE-2026-42569 (phpVMS is a PHP application to run and simulate an airline.
Prior to v ...)
NOT-FOR-US: phpVMS
CVE-2026-42562 (Plainpad is a self hosted note taking app. Prior to version
1.1.1, Pla ...)
@@ -4621,7 +4621,7 @@ CVE-2026-44286 (FastGPT is an AI Agent building platform.
Prior to version 4.14.
CVE-2026-44284 (FastGPT is an AI Agent building platform. Prior to version
4.14.17, Fa ...)
NOT-FOR-US: FastGPT
CVE-2026-42560 (auth provides authentication via oauth2, direct and email.
From versio ...)
- TODO: check
+ NOT-FOR-US: go-pkgz/auth
CVE-2026-42556 (Postiz is an AI social media scheduling tool. From version
2.21.6 to b ...)
NOT-FOR-US: Postiz
CVE-2026-42461 (Arcane is an interface for managing Docker containers, images,
network ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce3671536e4d3af9f6ad436525a8c8da611b791
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce3671536e4d3af9f6ad436525a8c8da611b791
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
