Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
de877986 by Salvatore Bonaccorso at 2026-07-02T07:26:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2026-5051 (HashiCorp Vault and Vault Enterprise prior to 
2.0.1 audit device
 CVE-2026-58521 (Improper neutralization of special elements used in an SQL 
command ('S ...)
        NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-58520 (URL redirection to untrusted site ('open redirect') 
vulnerability in T ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-58517 (Improper neutralization of input terminators vulnerability in 
The Wiki ...)
        NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-58454 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 
4.8.30.57701411 c ...)
@@ -52,7 +52,7 @@ CVE-2026-58451 (Horde IMP before 7.0.1 contains a path 
traversal vulnerability i
        NOTE: https://github.com/horde/imp/pull/85
        NOTE: Fixed by: 
https://github.com/horde/imp/commit/fba972fab72ee6871e5d56e6390bee38593085de 
(v7.0.1)
 CVE-2026-58399 (@acastellon/auth is an authentication control system for 
microservices ...)
-       TODO: check
+       NOT-FOR-US: acastellon/auth
 CVE-2026-58127 (PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service 
on port ...)
        NOT-FOR-US: PACSgear MediaWriter
 CVE-2026-58126 (PACSgear PACS Scan 5.2.1 contains an unauthenticated remote 
code execu ...)
@@ -2104,7 +2104,7 @@ CVE-2026-58174 (Hermes WebUI before 0.51.521 validates 
the workspace of an impor
 CVE-2026-58173 (Vibe-Trading before 0.1.10 contains a path traversal 
vulnerability tha ...)
        NOT-FOR-US: Vibe-Trading
 CVE-2026-58172 (Ocelot through 24.1.0, fixed in commit f156fd4, contains a 
security co ...)
-       TODO: check
+       NOT-FOR-US: Ocelot
 CVE-2026-58171 (Vibe-Trading before 0.1.10 constructs the swarm run directory 
by joini ...)
        NOT-FOR-US: Vibe-Trading
 CVE-2026-58170 (Vibe-Trading before 0.1.10 builds the proposal file path by 
joining a  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de8779868093f6dd766ff27c4ded32bbff4560d4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de8779868093f6dd766ff27c4ded32bbff4560d4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to