Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a2b21d7 by Salvatore Bonaccorso at 2026-07-01T07:00:03+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46,27 +46,27 @@ CVE-2026-58176 (RuoYi-Vue-Plus through 5.6.2, fixed in
commit 88d03d9, exposes w
CVE-2026-58174 (Hermes WebUI before 0.51.521 validates the workspace of an
imported se ...)
NOT-FOR-US: Hermes WebUI
CVE-2026-58173 (Vibe-Trading before 0.1.10 contains a path traversal
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Vibe-Trading
CVE-2026-58172 (Ocelot through 24.1.0, fixed in commit f156fd4, contains a
security co ...)
TODO: check
CVE-2026-58171 (Vibe-Trading before 0.1.10 constructs the swarm run directory
by joini ...)
- TODO: check
+ NOT-FOR-US: Vibe-Trading
CVE-2026-58170 (Vibe-Trading before 0.1.10 builds the proposal file path by
joining a ...)
- TODO: check
+ NOT-FOR-US: Vibe-Trading
CVE-2026-58169 (Vibe-Trading before 0.1.10 contains a DNS rebinding
authentication byp ...)
- TODO: check
+ NOT-FOR-US: Vibe-Trading
CVE-2026-58168 (DeepTutor before version 1.4.10 contains an authorization
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: DeepTutor
CVE-2026-58167 (Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource
configur ...)
- TODO: check
+ NOT-FOR-US: Nightingale (n9e)
CVE-2026-58166 (OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6,
contains a pat ...)
- TODO: check
+ NOT-FOR-US: OpenBMB ChatDev
CVE-2026-58165 (OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a
privilege ...)
- TODO: check
+ NOT-FOR-US: OpenZiti
CVE-2026-58138 (Orkes Conductor 3.21.21 before 3.30.2 contains an
unauthenticated remo ...)
- TODO: check
+ NOT-FOR-US: Orkes Conductor
CVE-2026-58116 (LLaMA-Factory through 0.9.5 contains a remote code execution
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: LLaMA-Factory
CVE-2026-58016 (A flaw was found in GLib. A state confusion issue exists in
g_dbus_nod ...)
- glib2.0 <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/glib/-/work_items/3932
@@ -112,11 +112,11 @@ CVE-2026-53917 (Memory Allocation with Excessive Size
Value vulnerability in Apa
CVE-2026-53916 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
TODO: check
CVE-2026-53692 (Redeight CMS version 1.0 uses the MD5 algorithm without a salt
to stor ...)
- TODO: check
+ NOT-FOR-US: Redeight CMS
CVE-2026-53691 (An Unrestricted File Upload vulnerability in Redeight CMS
version 1.0 ...)
- TODO: check
+ NOT-FOR-US: Redeight CMS
CVE-2026-53690 (An SQL Injection vulnerability exists in Redeight CMS version
1.0 via ...)
- TODO: check
+ NOT-FOR-US: Redeight CMS
CVE-2026-53433 (fzf is vulnerable to a Denial of Service (DoS) due to
inefficient HTTP ...)
TODO: check
CVE-2026-53432 (fzf is vulnerable toInteger Overflow leading to crash in
FuzzyMatchV2 ...)
@@ -134,7 +134,7 @@ CVE-2026-4360 (In the Tarfile.extract() function, the
filter parameter is not pa
CVE-2026-49877 (Improper Authorization vulnerability in Apache ActiveMQ. An
authentic ...)
TODO: check
CVE-2026-49451 (The OpenAPI.NET SDK contains a useful object model for OpenAPI
documen ...)
- TODO: check
+ NOT-FOR-US: OpenAPI.NET SDK
CVE-2026-49434 (Improper Input Validation vulnerability in Apache ActiveMQ
Broker, Apa ...)
TODO: check
CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ,
Apache Act ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2b21d7134be48b6fa8be7d8cebd5616bc0d3a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2b21d7134be48b6fa8be7d8cebd5616bc0d3a0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits