Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
72af059a by Salvatore Bonaccorso at 2026-05-29T22:40:05+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -205,21 +205,21 @@ CVE-2026-45043 (RustFS is a distributed object storage
system built in Rust. Pri
CVE-2026-44962 (Plesk contains an XPath injection vulnerability in the APS
Application ...)
NOT-FOR-US: Plesk
CVE-2026-44698 (Home Assistant is open source home automation software that
puts local ...)
- TODO: check
+ NOT-FOR-US: Home Assistant
CVE-2026-44697 (Klever-Go is the Go implementation of the Klever blockchain
protocol. ...)
- TODO: check
+ NOT-FOR-US: Klever-Go
CVE-2026-44652 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-44651 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-44650 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-44649 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-44648 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-44611 (Danelec MacGregor Voyage Data Recorder passwords are stored
with a has ...)
- TODO: check
+ NOT-FOR-US: Danelec MacGregor Voyage Data Recorder
CVE-2026-44518 (liboqs is a C-language cryptographic library that provides
implementat ...)
TODO: check
CVE-2026-44239 (FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5,
the Das ...)
@@ -1392,26 +1392,26 @@ CVE-2026-45021 (Kuma is a modern Envoy-based service
mesh that can run on every
CVE-2026-45017 (Python Liquid is a Python engine for the Liquid template
language. Pri ...)
NOT-FOR-US: Python Liquid
CVE-2026-44798 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2026-44797 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2026-44796 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2026-44794 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2026-44672 (mapfish-print is a component of MapFish for printing templated
cartogr ...)
- TODO: check
+ NOT-FOR-US: mapfish-print
CVE-2026-44604 (A command injection vulnerability was discovered in the
`rpmuncompress ...)
- rpm <unfixed> (bug #1138234)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460967
CVE-2026-44594 (esm.sh is a no-build content delivery network (CDN) for web
developmen ...)
- TODO: check
+ NOT-FOR-US: esm.sh
CVE-2026-44593 (esm.sh is a no-build content delivery network (CDN) for web
developmen ...)
- TODO: check
+ NOT-FOR-US: esm.sh
CVE-2026-44543 (Local Path Provisioner provides a way for the Kubernetes users
to util ...)
TODO: check
CVE-2026-44477 (CloudNativePG is a platform designed to manage PostgreSQL
databases wi ...)
- TODO: check
+ NOT-FOR-US: CloudNativePG
CVE-2026-44466 (Zed is a code editor. Prior to 0.229.0, Zed's terminal tool
permission ...)
TODO: check
CVE-2026-44465 (Zed is a code editor. Prior to 0.227.1, Zed IDE executes
arbitrary com ...)
@@ -2264,19 +2264,19 @@ CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder
detector with web service moni
CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service
monitoring ...)
NOT-FOR-US: Pi.Alert
CVE-2026-44724 (systeminformation is a System and OS information library for
node.js. ...)
- TODO: check
+ NOT-FOR-US: systeminformation Node.js module
CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and
assessment pl ...)
- TODO: check
+ NOT-FOR-US: OpenLearnX
CVE-2026-44713 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
- TODO: check
+ NOT-FOR-US: pam_usb
CVE-2026-44712 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
- TODO: check
+ NOT-FOR-US: pam_usb
CVE-2026-44711 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
- TODO: check
+ NOT-FOR-US: pam_usb
CVE-2026-44710 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
- TODO: check
+ NOT-FOR-US: pam_usb
CVE-2026-44709 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
- TODO: check
+ NOT-FOR-US: pam_usb
CVE-2026-44681 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
TODO: check
CVE-2026-44660 (UltraJSON is a fast JSON encoder and decoder written in pure C
with bi ...)
@@ -2597,25 +2597,25 @@ CVE-2026-44839 (RabbitMQ is a messaging and streaming
broker. From 3.7.0 to befo
CVE-2026-44838 (RabbitMQ is a messaging and streaming broker. From 4.2.0 to
before 4.2 ...)
TODO: check
CVE-2026-44830 (Nocturne Memory is a lightweight, rollbackable, and visual
Long-Term M ...)
- TODO: check
+ NOT-FOR-US: Nocturne Memory
CVE-2026-44635 (Kysely is a type-safe TypeScript SQL query builder. From
0.26.0 to 0.2 ...)
- TODO: check
+ NOT-FOR-US: Kysely
CVE-2026-44521 (elFinder is an open-source file manager for web, written in
JavaScript ...)
- TODO: check
+ NOT-FOR-US: elFinder
CVE-2026-44483 (RVF (formerly Remix Validated Form) provides easy form
validation and ...)
- TODO: check
+ NOT-FOR-US: RVF (formerly Remix Validated Form)
CVE-2026-44475 (Ella Core is a 5G core designed for private networks. Prior to
1.10.0, ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-44474 (Ella Core is a 5G core designed for private networks. Prior to
1.10.0, ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-44473 (Ella Core is a 5G core designed for private networks. Prior to
1.10.0, ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-44460 (FileRise is a self-hosted web-based file manager with
multi-file uploa ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-44346 (BentoML is a Python library for building online serving
systems optimi ...)
- TODO: check
+ NOT-FOR-US: BentoML
CVE-2026-44345 (BentoML is a Python library for building online serving
systems optimi ...)
- TODO: check
+ NOT-FOR-US: BentoML
CVE-2026-44330 (free5GC is an open-source implementation of the 5G core
network. Prior ...)
NOT-FOR-US: free5GC
CVE-2026-44329 (free5GC is an open-source implementation of the 5G core
network. Prior ...)
@@ -4706,19 +4706,19 @@ CVE-2026-44832 (Snipe-IT is an IT asset/license
management system. Prior to 8.4.
CVE-2026-44831 (Snipe-IT is an IT asset/license management system. Prior to
8.4.1, use ...)
TODO: check
CVE-2026-44788 (SharpCompress is a fully managed C# library to deal with many
compress ...)
- TODO: check
+ NOT-FOR-US: SharpCompress library
CVE-2026-44708 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
TODO: check
CVE-2026-44451 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, the ...)
- TODO: check
+ NOT-FOR-US: Lumiverse
CVE-2026-44450 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, the ...)
- TODO: check
+ NOT-FOR-US: Lumiverse
CVE-2026-44449 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, when ...)
- TODO: check
+ NOT-FOR-US: Lumiverse
CVE-2026-44444 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, the ...)
- TODO: check
+ NOT-FOR-US: Lumiverse
CVE-2026-44443 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, cons ...)
- TODO: check
+ NOT-FOR-US: Lumiverse
CVE-2026-44214 (eventsource-encoder encodes events as well-formed
EventSource/Server S ...)
TODO: check
CVE-2026-44213 (The OpenTelemetry.Exporter.Instana exports telemetry to
Instana backen ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72af059ab4f9afc5be9498eb82ed98a3ada4ea81
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72af059ab4f9afc5be9498eb82ed98a3ada4ea81
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
