Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0afdb84c by Salvatore Bonaccorso at 2026-06-24T21:24:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57,47 +57,47 @@ CVE-2026-57281 (Jenkins Script Security Plugin 
1402.v94c9ce464861 and earlier do
 CVE-2026-57280 (Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier 
does not ...)
        NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-56761 (hono before 4.12.14 contains an html injection vulnerability 
in jsx se ...)
-       TODO: check
+       NOT-FOR-US: Hono
 CVE-2026-56370 (ImageMagick before 7.1.2-19 contains an out-of-bounds access 
vulnerabi ...)
        TODO: check
 CVE-2026-56368 (ImageMagick before 7.1.2-15 contains a memory leak 
vulnerability in mu ...)
        TODO: check
 CVE-2026-56358 (n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the 
fix also i ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56351 (n8n before version 2.4.0 contains a sql injection 
vulnerability in MyS ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56338 (Capgo before 12.128.2 contains a denial of service 
vulnerability in th ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56337 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56310 (Cap-go before 12.128.2 contains an authorization bypass 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56302 (Capgo before 12.128.2 contains an unsecured images bucket 
lacking any  ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56272 (Flowise before 3.0.13 uses bcrypt with default salt rounds of 
5, provi ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-56270 (Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a 
missing  ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-56269 (Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-56262 (Crawl4AI before 0.8.7 contains an authentication bypass 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Crawl4AI
 CVE-2026-56257 (Capgo before 12.128.2 allows direct patching of 
public.apps.owner_org  ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56256 (Capgo before 12.128.2 enforces mandatory two-factor 
authentication onl ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56245 (Supabase Capgo before 12.128.2 contains an authorization 
bypass vulner ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56244 (Capgo before 12.128.2 allows non-admin API keys to read 
webhook signin ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56237 (Capgo before 12.128.2 contains a broken authentication 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56232 (Capgo before 12.128.2 fails to enforce limited_to_orgs and 
limited_to_ ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56231 (Capgo before 12.128.2 contains a broken object level 
authorization (BO ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56223 (Capgo before 12.128.2 contains a cross-domain SSO account 
takeover vul ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56121 (Feast before 0.63.0 contains an unsafe deserialization 
vulnerability t ...)
        TODO: check
 CVE-2026-56119
@@ -105,11 +105,11 @@ CVE-2026-56119
 CVE-2026-56118
        REJECTED
 CVE-2026-56111 (Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when 
built w ...)
-       TODO: check
+       NOT-FOR-US: Marlin Firmware
 CVE-2026-56052 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-55611 (AnythingLLM is an application that turns pieces of content 
into contex ...)
-       TODO: check
+       NOT-FOR-US: AnythingLLM
 CVE-2026-55488 (motionEye (mEye) is an online interface for a piece of 
software called ...)
        TODO: check
 CVE-2026-54906 (concurrent-ruby is a modern concurrency tools for Ruby. Prior 
to 1.3.7 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0afdb84cad449f0e34e54a259a9946564e14b813

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0afdb84cad449f0e34e54a259a9946564e14b813
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to