Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6625eb0 by Salvatore Bonaccorso at 2026-06-03T09:48:19+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22,15 +22,15 @@ CVE-2026-50031 (ipmi-oem in FreeIPMI before 1.6.18 has
exploitable buffer overfl
NOTE: https://savannah.gnu.org/bugs/index.php?68364
NOTE: https://lists.gnu.org/archive/html/info-gnu/2026-06/msg00000.html
CVE-2026-49448 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-49443 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-49144 (BrowserStack Runner through 0.9.5 contains a path traversal
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: BrowserStack Runner
CVE-2026-49143 (BrowserStack Runner through 0.9.5 contains a remote code
execution vul ...)
- TODO: check
+ NOT-FOR-US: BrowserStack Runner
CVE-2026-49120 (Medplum before 5.1.14 contains a server-side request forgery
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Medplum
CVE-2026-48682 (FastNetMon Community Edition through 1.2.9 contains an
out-of-bounds r ...)
TODO: check
CVE-2026-48598 (Improper Encoding or Escaping of Output vulnerability in
elixir-tesla ...)
@@ -46,59 +46,59 @@ CVE-2026-48594 (Improper Handling of Highly Compressed Data
(Data Amplification)
CVE-2026-47265 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
TODO: check
CVE-2026-47201 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-45289 (CloudburstMC Protocol is a protocol library for Minecraft
Bedrock Edit ...)
- TODO: check
+ NOT-FOR-US: CloudburstMC Protocol
CVE-2026-44654 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-44653 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-42849 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-42342 (React Router is a router for React. In versions 7.0.0 through
7.14.x o ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-42211 (React Router is a router for React. In versions 7.0.0 through
7.14.1, ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-42029
REJECTED
CVE-2026-41577 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-41569 (authentik is an open-source identity provider. Prior to
version 2026.2 ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-41412 (alf.io is an open source ticket reservation system for
conferences, tr ...)
- TODO: check
+ NOT-FOR-US: Alf.io
CVE-2026-40181 (React Router is a router for React. In versions 7.0.0 through
7.14.0 a ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-40108 (GLPI is a free asset and IT management software package. In
versions 1 ...)
TODO: check
CVE-2026-38967 (CrowCpp Crow through v1.3.1 HTTP is vulnerable to response
header inje ...)
- TODO: check
+ NOT-FOR-US: CrowCpp Crow
CVE-2026-35482 (alf.io is an open source ticket reservation system for
conferences, tr ...)
- TODO: check
+ NOT-FOR-US: Alf.io
CVE-2026-35212 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2026-35202 (Pterodactyl is a free, open-source game server management
panel. Prior ...)
- TODO: check
+ NOT-FOR-US: Pterodactyl
CVE-2026-35049 (wire-ios is an iOS client for the Wire secure messaging
application. P ...)
- TODO: check
+ NOT-FOR-US: wire-ios
CVE-2026-34993 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
TODO: check
CVE-2026-34077 (React Router is a router for React. In versions 7.7.0 through
7.13.1, ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-33553 (Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and
3.27.0 befo ...)
TODO: check
CVE-2026-33245 (React Router is a router for React. In versions 7.7.0 through
7.13.1, ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-32625 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-31942 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-30586 (Cross Site Scripting vulnerability in usememos Memos v.0.26.0
allows a ...)
- TODO: check
+ NOT-FOR-US: usememos
CVE-2026-28299 (SolarWinds Web Help Desk is found to be affected by a
denial-of-servic ...)
NOT-FOR-US: SolarWinds
CVE-2026-25861 (QloApps through 1.7.0, fixed in commit 64e9722, contains a
weak crypto ...)
- TODO: check
+ NOT-FOR-US: QloApps
CVE-2026-1829 (The Content Visibility for Divi Builder plugin for WordPress is
vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10719 (Out of bounds write in openSeaChest\u2019s
--showSupportedFormats in S ...)
@@ -336,7 +336,7 @@ CVE-2026-40314 (NamelessMC is website software for
Minecraft servers. In version
CVE-2026-3620 (The Word Replacer plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3514 (In version 3.6.19 of prefecthq/prefect, an authentication
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: prefecthq/prefect
CVE-2026-39555 (Deserialization of Untrusted Data vulnerability in
Elated-Themes Askka ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39553 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -371,17 +371,17 @@ CVE-2026-34460 (NamelessMC is website software for
Minecraft servers. In version
CVE-2026-33398 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
NOT-FOR-US: NamelessMC
CVE-2026-33244 (React Router is a router for React. In versions 7.5.1 through
7.13.1, ...)
- TODO: check
+ NOT-FOR-US: React Router
CVE-2026-32685 (Path traversal vulnerability in Gleam's handling of custom
documentati ...)
TODO: check
CVE-2026-32250 (NamelessMC is website software for Minecraft servers. A
Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2026-30652 (A remote buffer overflow vulnerability exists in the
/cgi-bin/dido/set ...)
- TODO: check
+ NOT-FOR-US: Vivotek
CVE-2026-30650 (A post-authentication remote buffer overflow vulnerability
exists in t ...)
- TODO: check
+ NOT-FOR-US: Vivotek
CVE-2026-30649 (Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a
allows ...)
- TODO: check
+ NOT-FOR-US: Vivotek
CVE-2026-2425 (The hiWeb Migration Simple plugin for WordPress is vulnerable
to Refle ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2382 (The FPW Category Thumbnails plugin for WordPress is vulnerable
to Stor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6625eb0521b2fadd823f9eae0395051a73f898e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6625eb0521b2fadd823f9eae0395051a73f898e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
