Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
85073f23 by Salvatore Bonaccorso at 2026-06-13T10:01:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,13 +35,13 @@ CVE-2026-54358 (An incorrect authorization vulnerability in
MISP allows an organ
CVE-2026-54357 (An improper authorization vulnerability in MISP allowed an
authenticat ...)
NOT-FOR-US: MISP
CVE-2026-54231 (A content injection vulnerability was found in the ABRT
post-create ev ...)
- TODO: check
+ NOT-FOR-US: abrt/libreport
CVE-2026-54230 (A symlink following vulnerability was found in the ABRT
post-create ev ...)
- TODO: check
+ NOT-FOR-US: abrt/libreport
CVE-2026-54229 (A race condition was found in the abrt-dbus D-Bus service's
ChownProbl ...)
- TODO: check
+ NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2026-54228 (A time-of-check time-of-use (TOCTOU) race condition was found
in the a ...)
- TODO: check
+ NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2026-54095
REJECTED
CVE-2026-54057 (Kitty is a cross-platform GPU based terminal. In versions
prior to 0.4 ...)
@@ -51,9 +51,9 @@ CVE-2026-54056 (Kitty is a cross-platform GPU based terminal.
In versions 0.47.0
CVE-2026-54055 (Kitty is a cross-platform GPU based terminal. In versions
prior to 0.4 ...)
TODO: check
CVE-2026-53868 (Capgo before 12.128.2 contains a denial of service
vulnerability allow ...)
- TODO: check
+ NOT-FOR-US: Capgo
CVE-2026-53867 (Capgo before 12.128.2 fails to delete previously uploaded
profile imag ...)
- TODO: check
+ NOT-FOR-US: Capgo
CVE-2026-53839 (OpenClaw before 2026.5.7 contains a hostname validation
vulnerability ...)
NOT-FOR-US: OpenClaw
CVE-2026-53838 (OpenClaw before 2026.5.27 contains a state mutation
vulnerability in n ...)
@@ -95,65 +95,65 @@ CVE-2026-53821 (OpenClaw before 2026.5.18 accepts WebSocket
client-declared oper
CVE-2026-53820 (OpenClaw before 2026.5.12 contains an exec denylist bypass
vulnerabili ...)
NOT-FOR-US: OpenClaw
CVE-2026-53609 (ApostropheCMS is an open-source Node.js content management
system. In ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-53608 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-53607 (ApostropheCMS is an open-source Node.js content management
system. In ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-53606 (ApostropheCMS is an open-source Node.js content management
system, and ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-53523 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-53522 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-53521 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-53520 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-53519 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-50552 (Koel is a free, open-source music streaming solution. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Koel
CVE-2026-50287 (AgenticMail gives AI agents real email addresses and phone
numbers. Pr ...)
- TODO: check
+ NOT-FOR-US: AgenticMail
CVE-2026-4870 (IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to
trigger ...)
NOT-FOR-US: IBM
CVE-2026-49397 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-49396 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-48119 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-47268 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-47264 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-47263 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-47260 (Koel is a free, open-source music streaming solution. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Koel
CVE-2026-47124 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-47120 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-46717 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-46716 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
- TODO: check
+ NOT-FOR-US: Nezha Monitoring
CVE-2026-45775 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-45085 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-45014 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-45013 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-45012 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-45011 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-44990 (ApostropheCMS is an open-source Node.js content management
system, and ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-44786 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-44785 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
@@ -169,17 +169,17 @@ CVE-2026-44780 (Discourse is an open-source discussion
platform. From versions 2
CVE-2026-44779 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
NOT-FOR-US: Discourse
CVE-2026-43872 (Actual is an open-source personal finance application. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Actual
CVE-2026-42890 (Actual is an open-source personal finance application. In the
macOS de ...)
- TODO: check
+ NOT-FOR-US: Actual
CVE-2026-42853 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
- TODO: check
+ NOT-FOR-US: ApostropheCMS
CVE-2026-42851 (Kitty is a cross-platform GPU based terminal. In versions
prior to 0.4 ...)
TODO: check
CVE-2026-42850 (Kitty is a cross-platform GPU based terminal. In versions
prior to 0.4 ...)
TODO: check
CVE-2026-42604 (Actual is a local-first personal finance tool. The `POST
/openid/confi ...)
- TODO: check
+ NOT-FOR-US: Actual
CVE-2026-41158 (Software installed and run as a non-privileged user may
conduct GPU sy ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-41157 (A web page that contains unusual WebGPU content loaded into
the GPU GL ...)
@@ -199,43 +199,43 @@ CVE-2026-12129 (A vulnerability was identified in
CodeAstro Human Resource Manag
CVE-2026-12089 (The LWS Optimize \u2013 All-in-One Speed Booster & Cache Tools
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12068 (Information disclosure vulnerability in Avira Password Manager
when us ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2026-11769 (We have released version 5.24.0 of the Grafana Operator. This
patch in ...)
TODO: check
CVE-2026-11443 (Allegra downloadAttachment Cross-Site Scripting Authentication
Bypass ...)
- TODO: check
+ NOT-FOR-US: Allegra
CVE-2026-11442 (Allegra exportReport Directory Traversal Information
Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Allegra
CVE-2025-9033 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-9032 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7019 (Stack overflow vulnerability in Avast Antivirus when scanning a
malfor ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7018 (Null pointer dereference vulnerability in Avira Antivirus
engine when ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7017 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7011 (Heap out-of-bounds read vulnerability in Avast Antivirus when
scanning ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7010 (Stack overflow vulnerability due to uncontrolled recursion in
Avast An ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7009 (Heap buffer out-of-bounds read vulnerability in Avast Antivirus
when s ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7008 (Heap buffer out-of-bounds read vulnerability in Avast Antivirus
when s ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7006 (Use of stack memory after free vulnerability in Avast Antivirus
when s ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7005 (Uncontrolled recursion vulnerability in Avast Antivirus when
scanning ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7004 (Heap buffer out-of-bounds write vulnerability in Avast
Antivirus when ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-7003 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-7002 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2025-14098 (Heap buffer out-of-bounds write vulnerability due to integer
overflow ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2026-XXXX [RUSTSEC-2026-0172]
- rust-diesel <unfixed> (bug #1139877)
[trixie] - rust-diesel <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85073f2311753bf6fe62f9e853deacb1b51a048b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85073f2311753bf6fe62f9e853deacb1b51a048b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
