Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de877986 by Salvatore Bonaccorso at 2026-07-02T07:26:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2026-5051 (HashiCorp Vault and Vault Enterprise prior to
2.0.1 audit device
CVE-2026-58521 (Improper neutralization of special elements used in an SQL
command ('S ...)
NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-58520 (URL redirection to untrusted site ('open redirect')
vulnerability in T ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-58517 (Improper neutralization of input terminators vulnerability in
The Wiki ...)
NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-58454 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware
4.8.30.57701411 c ...)
@@ -52,7 +52,7 @@ CVE-2026-58451 (Horde IMP before 7.0.1 contains a path
traversal vulnerability i
NOTE: https://github.com/horde/imp/pull/85
NOTE: Fixed by:
https://github.com/horde/imp/commit/fba972fab72ee6871e5d56e6390bee38593085de
(v7.0.1)
CVE-2026-58399 (@acastellon/auth is an authentication control system for
microservices ...)
- TODO: check
+ NOT-FOR-US: acastellon/auth
CVE-2026-58127 (PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service
on port ...)
NOT-FOR-US: PACSgear MediaWriter
CVE-2026-58126 (PACSgear PACS Scan 5.2.1 contains an unauthenticated remote
code execu ...)
@@ -2104,7 +2104,7 @@ CVE-2026-58174 (Hermes WebUI before 0.51.521 validates
the workspace of an impor
CVE-2026-58173 (Vibe-Trading before 0.1.10 contains a path traversal
vulnerability tha ...)
NOT-FOR-US: Vibe-Trading
CVE-2026-58172 (Ocelot through 24.1.0, fixed in commit f156fd4, contains a
security co ...)
- TODO: check
+ NOT-FOR-US: Ocelot
CVE-2026-58171 (Vibe-Trading before 0.1.10 constructs the swarm run directory
by joini ...)
NOT-FOR-US: Vibe-Trading
CVE-2026-58170 (Vibe-Trading before 0.1.10 builds the proposal file path by
joining a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de8779868093f6dd766ff27c4ded32bbff4560d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de8779868093f6dd766ff27c4ded32bbff4560d4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits