Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd4f0149 by Salvatore Bonaccorso at 2026-05-17T15:30:28+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1951,9 +1951,9 @@ CVE-2026-3073 (GitLab has remediated an issue in GitLab
CE/EE affecting all vers
CVE-2026-3004 (The Snow Monkey Blocks plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39806 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Bandit (mtrudel/bandit, not the same as src:bandit)
CVE-2026-39803 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Bandit (mtrudel/bandit, not the same as src:bandit)
CVE-2026-39459 (A vulnerability exists in iControl REST and the TMOS Shell
(tmsh) wher ...)
NOT-FOR-US: F5
CVE-2026-39458 (When a BIG-IP DNS profile enabled with DNS cache is configured
on a vi ...)
@@ -2001,11 +2001,11 @@ CVE-2026-33377 (An Editor can overwrite a dashboard not
owned by them to acquire
CVE-2026-33376 (When using an IPv6 allow-list for the Auth Proxy feature, it
defaults ...)
TODO: check
CVE-2026-32993 (Improper sanitization of the `status` query parameter of the
`/unprote ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2026-32992 (SSL verification is disabled in the DNS Cluster system. This
could all ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2026-32991 (Improper authorization checks of team members privileges allow
a team ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2026-32673 (A vulnerability exists in BIG-IP scripted monitors that may
allow an a ...)
NOT-FOR-US: F5
CVE-2026-32643 (A vulnerability exists in BIG-IP and BIG-IQ systems where a
highly pri ...)
@@ -3335,17 +3335,17 @@ CVE-2026-32170 (Double free in Windows Rich Text Edit
Control allows an authoriz
CVE-2026-32161 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-31245 (The mem0 1.0.0 server lacks authentication and authorization
controls ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-31244 (The mem0 1.0.0 server lacks authentication and authorization
controls ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-31243 (The mem0 1.0.0 server lacks authentication and authorization
controls ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-31242 (The mem0 v1.0.0 server lacks authentication and authorization
controls ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-31241 (The mem0 1.0.0 server lacks authentication and authorization
controls ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-31240 (The mem0 1.0.0 server lacks authentication and authorization
controls ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-31239 (The mamba language model framework thru 2.2.6 is vulnerable to
insecur ...)
TODO: check
CVE-2026-31238 (The Ludwig framework thru 0.10.4 is vulnerable to insecure
deserializa ...)
@@ -4170,7 +4170,7 @@ CVE-2026-41256 (jq is a command-line JSON processor. In
1.8.1 and earlier, Top-l
CVE-2026-41250 (Taiga is a project management platform for startups and agile
develope ...)
NOT-FOR-US: Taiga
CVE-2026-41018 (The Elasticsearch logging provider, when configured with a
`host` URL ...)
- TODO: check
+ NOT-FOR-US: Elasticsearch logging provider for Airflow
CVE-2026-40636 (Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale
version ...)
NOT-FOR-US: Dell / EMC
CVE-2026-40612 (jq is a command-line JSON processor. In 1.8.1 and earlier,
jv_contains ...)
@@ -4213,9 +4213,9 @@ CVE-2026-33356 (In Meari IoT Cloud MQTT Broker
deployments running EMQX 4.x, any
CVE-2026-32658 (Dell Automation Platform versions prior to 2.0.0.0, contains a
missing ...)
NOT-FOR-US: Dell / EMC
CVE-2026-31254 (The flash-attention project thru commit
e724e2588cbe754beb97cf7c011b5e ...)
- TODO: check
+ NOT-FOR-US: flash-attention project
CVE-2026-31253 (The flash-attention training framework thru commit
e724e2588cbe754beb9 ...)
- TODO: check
+ NOT-FOR-US: flash-attention training framework
CVE-2026-31252 (CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e
(2025-3 ...)
NOT-FOR-US: CosyVoice
CVE-2026-31251 (CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e
(2025-3 ...)
@@ -4225,9 +4225,9 @@ CVE-2026-31250 (CosyVoice thru commit
6e01309e01bc93bbeb83bdd996b1182a81aaf11e (
CVE-2026-31249 (CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e
(2025-3 ...)
NOT-FOR-US: CosyVoice
CVE-2026-31248 (Docling's METS GBS backend is vulnerable to XML Entity
Expansion (XXE) ...)
- TODO: check
+ NOT-FOR-US: Docling
CVE-2026-31247 (Docling's JATS XML backend is vulnerable to XML Entity
Expansion (XXE) ...)
- TODO: check
+ NOT-FOR-US: Docling
CVE-2026-31246 (GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565
(2025-0 ...)
NOT-FOR-US: GPT-Pilot
CVE-2026-30635 (Command injection vulnerability in automagik-genie 2.5.27 MCP
Server a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4f01498aff056d450a5304bb145d7ca46ac37c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4f01498aff056d450a5304bb145d7ca46ac37c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
