Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1a2b21d7 by Salvatore Bonaccorso at 2026-07-01T07:00:03+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,27 +46,27 @@ CVE-2026-58176 (RuoYi-Vue-Plus through 5.6.2, fixed in 
commit 88d03d9, exposes w
 CVE-2026-58174 (Hermes WebUI before 0.51.521 validates the workspace of an 
imported se ...)
        NOT-FOR-US: Hermes WebUI
 CVE-2026-58173 (Vibe-Trading before 0.1.10 contains a path traversal 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: Vibe-Trading
 CVE-2026-58172 (Ocelot through 24.1.0, fixed in commit f156fd4, contains a 
security co ...)
        TODO: check
 CVE-2026-58171 (Vibe-Trading before 0.1.10 constructs the swarm run directory 
by joini ...)
-       TODO: check
+       NOT-FOR-US: Vibe-Trading
 CVE-2026-58170 (Vibe-Trading before 0.1.10 builds the proposal file path by 
joining a  ...)
-       TODO: check
+       NOT-FOR-US: Vibe-Trading
 CVE-2026-58169 (Vibe-Trading before 0.1.10 contains a DNS rebinding 
authentication byp ...)
-       TODO: check
+       NOT-FOR-US: Vibe-Trading
 CVE-2026-58168 (DeepTutor before version 1.4.10 contains an authorization 
bypass vulne ...)
-       TODO: check
+       NOT-FOR-US: DeepTutor
 CVE-2026-58167 (Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource 
configur ...)
-       TODO: check
+       NOT-FOR-US: Nightingale (n9e)
 CVE-2026-58166 (OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, 
contains a pat ...)
-       TODO: check
+       NOT-FOR-US: OpenBMB ChatDev
 CVE-2026-58165 (OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a 
privilege  ...)
-       TODO: check
+       NOT-FOR-US: OpenZiti
 CVE-2026-58138 (Orkes Conductor 3.21.21 before 3.30.2 contains an 
unauthenticated remo ...)
-       TODO: check
+       NOT-FOR-US: Orkes Conductor
 CVE-2026-58116 (LLaMA-Factory through 0.9.5 contains a remote code execution 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: LLaMA-Factory
 CVE-2026-58016 (A flaw was found in GLib. A state confusion issue exists in 
g_dbus_nod ...)
        - glib2.0 <unfixed>
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/work_items/3932
@@ -112,11 +112,11 @@ CVE-2026-53917 (Memory Allocation with Excessive Size 
Value vulnerability in Apa
 CVE-2026-53916 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Ac ...)
        TODO: check
 CVE-2026-53692 (Redeight CMS version 1.0 uses the MD5 algorithm without a salt 
to stor ...)
-       TODO: check
+       NOT-FOR-US: Redeight CMS
 CVE-2026-53691 (An Unrestricted File Upload vulnerability in Redeight CMS 
version 1.0  ...)
-       TODO: check
+       NOT-FOR-US: Redeight CMS
 CVE-2026-53690 (An SQL Injection vulnerability exists in Redeight CMS version 
1.0 via  ...)
-       TODO: check
+       NOT-FOR-US: Redeight CMS
 CVE-2026-53433 (fzf is vulnerable to a Denial of Service (DoS) due to 
inefficient HTTP ...)
        TODO: check
 CVE-2026-53432 (fzf is vulnerable toInteger Overflow leading to crash in 
FuzzyMatchV2  ...)
@@ -134,7 +134,7 @@ CVE-2026-4360 (In the Tarfile.extract() function, the 
filter parameter is not pa
 CVE-2026-49877 (Improper Authorization vulnerability in Apache ActiveMQ.  An 
authentic ...)
        TODO: check
 CVE-2026-49451 (The OpenAPI.NET SDK contains a useful object model for OpenAPI 
documen ...)
-       TODO: check
+       NOT-FOR-US: OpenAPI.NET SDK
 CVE-2026-49434 (Improper Input Validation vulnerability in Apache ActiveMQ 
Broker, Apa ...)
        TODO: check
 CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ, 
Apache Act ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2b21d7134be48b6fa8be7d8cebd5616bc0d3a0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2b21d7134be48b6fa8be7d8cebd5616bc0d3a0
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to