Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
92952eda by Moritz Muehlenhoff at 2026-07-04T11:58:42+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2026-49297
+       NOT-FOR-US: Airflow provider
 CVE-2026-54161
        - nut <unfixed>
        NOTE: 
https://github.com/networkupstools/nut/security/advisories/GHSA-mjgp-j4gm-6qg5
@@ -13,17 +15,17 @@ CVE-2026-58522 (Relative path traversal in Microsoft Edge 
for Android allows an
 CVE-2026-58426 (Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows 
cross-repo ...)
        - gitea <removed>
 CVE-2026-58424 (Permanent Fork PR Workflow Approval Gate Bypass)
-       TODO: check
+       - gitea <removed>
 CVE-2026-58423 (LFS authentication bypass via malformed SSH sub-verb allows 
unauthoriz ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-58422 (Improper authorization on OAuth sign-in callback silently 
re-enables a ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-58421 (Unauthenticated ReDoS via CODEOWNERS pattern matching allows 
denial of ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-58419 (Notification API leaks private issue metadata after access 
revocation)
-       TODO: check
+       - gitea <removed>
 CVE-2026-58418 (SSRF via HTTP Redirect in Repository Migration)
-       TODO: check
+       - gitea <removed>
 CVE-2026-58300 (Absolute path traversal in Microsoft Edge for Android allows 
an unauth ...)
        NOT-FOR-US: Microsoft
 CVE-2026-58299 (Time-of-check time-of-use (toctou) race condition in Microsoft 
Edge fo ...)
@@ -99,7 +101,7 @@ CVE-2026-56645 (Heap-based buffer overflow in Microsoft Edge 
(Chromium-based) al
 CVE-2026-55945 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2026-54424 (An Incorrect Use of Privileged APIs vulnerability in Unity 
Parsec on W ...)
-       TODO: check
+       NOT-FOR-US: Unity
 CVE-2026-45489 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2026-45488 (User interface (ui) misrepresentation of critical information 
in Micro ...)
@@ -171,11 +173,11 @@ CVE-2026-20779 (Gitea versions from 1.5.0 before 1.26.3 
have a TOTP single-use e
 CVE-2026-20706 (Gitea versions up to and including 1.26.1 allow repository 
archive dow ...)
        - gitea <removed>
 CVE-2026-14618 (A vulnerability was detected in Open5GS up to 2.7.7. Affected 
by this  ...)
-       TODO: check
+       - open5gs <itp> (bug #1094791)
 CVE-2026-14617 (A security vulnerability has been detected in NousResearch 
hermes-agen ...)
-       TODO: check
+       NOT-FOR-US: NousResearch hermes-agent
 CVE-2026-14611 (A vulnerability has been found in DeepMyst Mysti up to 0.4.0. 
The affe ...)
-       TODO: check
+       NOT-FOR-US: DeepMyst Mysti
 CVE-2026-14610 (A flaw has been found in Open Asset Import Library Assimp up 
to 6.0.5. ...)
        TODO: check
 CVE-2026-14609 (A vulnerability was detected in SourceCodester CET Automated 
Grading S ...)
@@ -183,17 +185,18 @@ CVE-2026-14609 (A vulnerability was detected in 
SourceCodester CET Automated Gra
 CVE-2026-14608 (A security vulnerability has been detected in SourceCodester 
CET Autom ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-14607 (A weakness has been identified in RT-Thread up to 5.0.2. This 
affects  ...)
-       TODO: check
+       NOT-FOR-US: RT-Thread
 CVE-2026-14606 (A security flaw has been discovered in RT-Thread up to 5.0.2. 
Affected ...)
-       TODO: check
+       NOT-FOR-US: RT-Thread
 CVE-2026-14605 (A vulnerability was identified in RT-Thread up to 5.0.2. 
Affected by t ...)
-       TODO: check
+       NOT-FOR-US: RT-Thread
 CVE-2026-12481 (A vulnerability in keras-team/keras version 3.14.0 allows for 
arbitrar ...)
-       TODO: check
+       - keras <removed>
+       [bullseye] - keras <end-of-life> (EOL in bullseye LTS)
 CVE-2026-12252 (In nltk/nltk versions 3.9.3 and earlier, five Stanford 
interface class ...)
        TODO: check
 CVE-2025-71380 (The Execute Command node in n8n allows authenticated users to 
execute  ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2025-71375 (picklescan before 0.0.34 fails to detect the 
_operator.methodcaller bu ...)
        NOT-FOR-US: picklescan
 CVE-2025-71373 (picklescan before 0.0.33 fails to detect operator.methodcaller 
functio ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92952edab5926f5a020958c73d245cc973c2b78b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92952edab5926f5a020958c73d245cc973c2b78b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to