Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e7687b7c by Moritz Muehlenhoff at 2026-06-30T16:26:14+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -132,21 +132,21 @@ CVE-2026-43676 (An out-of-bounds access issue was
addressed with improved bounds
CVE-2026-43663 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2026-41896 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-39872 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2026-39868 (This issue was addressed with improved input validation. This
issue is ...)
NOT-FOR-US: Apple
CVE-2026-37637 (An issue in Alexantr filemanager v.1.0 allows a remote
attacker to exe ...)
- TODO: check
+ NOT-FOR-US: Alexantr filemanager
CVE-2026-34597 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-34594 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-34592 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-31016 (Cross Site Request Forgery vulnerability in Squidex.io Squidex
CMS v.7 ...)
- TODO: check
+ NOT-FOR-US: Squidex CMS
CVE-2026-28979 (An out-of-bounds access issue was addressed with improved
bounds check ...)
NOT-FOR-US: Apple
CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5
reader. D ...)
@@ -552,7 +552,7 @@ CVE-2026-11979 (libxml2 is vulnerable to multiple
stack-based buffer overflows i
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c2e233fc1b341685fc99621b2768b503f777a72e
NOTE: Not considered a security issue upstream
CVE-2026-11720 (A path traversal vulnerability exists in the HTTP tool URL
builder of ...)
- TODO: check
+ NOT-FOR-US: Google MCP Toolbox for Databases
CVE-2026-54371 (attr before version 2.6.0 contains a symlink traversal
vulnerability i ...)
- attr 1:2.6.0-1 (bug #1141107)
[trixie] - attr <no-dsa> (Will be fixed first in unstable, then point
release update)
@@ -1987,7 +1987,7 @@ CVE-2026-10098 (OCSP CertID serial-number
length-confusion in wolfSSL_OCSP_resp_
CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM implementation
(mlkem_cmp_avx2) compar ...)
TODO: check
CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle
files that ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71338 (Flowise contains a path traversal vulnerability in the
/api/v1/documen ...)
NOT-FOR-US: Flowise
CVE-2025-71336 (Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and
earlier) con ...)
@@ -6340,7 +6340,7 @@ CVE-2026-50184 (Angular is a development platform for
building mobile and deskto
NOTE:
https://github.com/angular/angular/security/advisories/GHSA-95qp-cmmw-mgqv
NOTE: https://github.com/angular/angular/pull/68904
CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich
editing ...)
- TODO: check
+ NOT-FOR-US: VS Code extension
CVE-2026-50171 (Angular is a development platform for building mobile and
desktop web ...)
- angular.js <undetermined>
NOTE:
https://github.com/angular/angular/security/advisories/GHSA-p3vc-36g9-x9gr
@@ -6362,7 +6362,7 @@ CVE-2026-49356 (Babel is a compiler for writing next
generation JavaScript. Prio
- node-babel7 <unfixed> (bug #1140816)
NOTE:
https://github.com/babel/babel/security/advisories/GHSA-4x5r-pxfx-6jf8
CVE-2026-49241 (The Angular Language Service VS Code Extension provides a rich
editing ...)
- TODO: check
+ NOT-FOR-US: VS Code extension
CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS)
function ...)
- node-protobufjs <itp> (bug #977564)
CVE-2026-46417 (Angular is a development platform for building mobile and
desktop web ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7687b7cf205a4eba8f9c5751d1d6dde6519b8e8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7687b7cf205a4eba8f9c5751d1d6dde6519b8e8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits