Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
53d52e1c by Salvatore Bonaccorso at 2026-06-03T22:11:37+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
CVE-2026-8889 (Version 3.0.7 of the Securly Chrome Extension uses deprecated
SHA-1 ha ...)
- TODO: check
+ NOT-FOR-US: Securly Chrome Extension
CVE-2026-8888 (Version 3.0.7 of the Securly Chrome Extension downloads
config.json ov ...)
- TODO: check
+ NOT-FOR-US: Securly Chrome Extension
CVE-2026-8881 (Version 3.0.7 of the Securly Chrome Extension uses
EVP_BytesToKey key ...)
- TODO: check
+ NOT-FOR-US: Securly Chrome Extension
CVE-2026-8879 (Version 3.0.7 of the Securly Chrome Extension dynamically
registers co ...)
- TODO: check
+ NOT-FOR-US: Securly Chrome Extension
CVE-2026-8878 (Version 3.0.7 of the Securly Chrome Extension exposes multiple
publicl ...)
- TODO: check
+ NOT-FOR-US: Securly Chrome Extension
CVE-2026-8876 (Version 3.0.7 of the Securly Chrome Extension contains
hardcoded, plai ...)
- TODO: check
+ NOT-FOR-US: Securly Chrome Extension
CVE-2026-8874 (Version 3.0.7 of the Securly Chrome Extension downloads JSON
files con ...)
- TODO: check
+ NOT-FOR-US: Securly Chrome Extension
CVE-2026-7888 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection
via uns ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-6657 (A vulnerability in jupyter-server versions 1.12.0 through
2.17.0 allow ...)
TODO: check
CVE-2026-5241 (A vulnerability in the LightGlue model loading path of
huggingface/tra ...)
- TODO: check
+ NOT-FOR-US: huggingface/transformers
CVE-2026-5078 (Impact: The morgan logging middleware's :remote-user token
extracts th ...)
TODO: check
CVE-2026-4035 (A vulnerability in mlflow/mlflow versions prior to 3.11.0
allows for t ...)
NOT-FOR-US: mlflow
CVE-2026-47325 (ProjectsAndPrograms school-management-systemuses predictable
credentia ...)
- TODO: check
+ NOT-FOR-US: ProjectsAndPrograms school-management-system
CVE-2026-47324 (ProjectsAndPrograms school-management-system is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: ProjectsAndPrograms school-management-system
CVE-2026-47065 (ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers
Filter By ...)
TODO: check
CVE-2026-45702 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
@@ -39,9 +39,9 @@ CVE-2026-44545 (daphne before 4.2.2 did not pass
maxFramePayloadSize or maxMessa
CVE-2026-44281 (GLPI is a free asset and IT management software package.
Starting in v ...)
TODO: check
CVE-2026-42840 (An authenticated user can persist arbitrary HTML/JavaScript in
the ema ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-42839 (An authenticated ERPNext user with Item record edit
permissions can pe ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-42321 (GLPI is a free asset and IT management software package.
Starting in v ...)
TODO: check
CVE-2026-42320 (GLPI is a free asset and IT management software package.
Starting in v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53d52e1ccbd44c10c45ea0c19bd6b02e89120112
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53d52e1ccbd44c10c45ea0c19bd6b02e89120112
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
