Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92952eda by Moritz Muehlenhoff at 2026-07-04T11:58:42+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2026-49297
+ NOT-FOR-US: Airflow provider
CVE-2026-54161
- nut <unfixed>
NOTE:
https://github.com/networkupstools/nut/security/advisories/GHSA-mjgp-j4gm-6qg5
@@ -13,17 +15,17 @@ CVE-2026-58522 (Relative path traversal in Microsoft Edge
for Android allows an
CVE-2026-58426 (Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows
cross-repo ...)
- gitea <removed>
CVE-2026-58424 (Permanent Fork PR Workflow Approval Gate Bypass)
- TODO: check
+ - gitea <removed>
CVE-2026-58423 (LFS authentication bypass via malformed SSH sub-verb allows
unauthoriz ...)
- TODO: check
+ - gitea <removed>
CVE-2026-58422 (Improper authorization on OAuth sign-in callback silently
re-enables a ...)
- TODO: check
+ - gitea <removed>
CVE-2026-58421 (Unauthenticated ReDoS via CODEOWNERS pattern matching allows
denial of ...)
- TODO: check
+ - gitea <removed>
CVE-2026-58419 (Notification API leaks private issue metadata after access
revocation)
- TODO: check
+ - gitea <removed>
CVE-2026-58418 (SSRF via HTTP Redirect in Repository Migration)
- TODO: check
+ - gitea <removed>
CVE-2026-58300 (Absolute path traversal in Microsoft Edge for Android allows
an unauth ...)
NOT-FOR-US: Microsoft
CVE-2026-58299 (Time-of-check time-of-use (toctou) race condition in Microsoft
Edge fo ...)
@@ -99,7 +101,7 @@ CVE-2026-56645 (Heap-based buffer overflow in Microsoft Edge
(Chromium-based) al
CVE-2026-55945 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-54424 (An Incorrect Use of Privileged APIs vulnerability in Unity
Parsec on W ...)
- TODO: check
+ NOT-FOR-US: Unity
CVE-2026-45489 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2026-45488 (User interface (ui) misrepresentation of critical information
in Micro ...)
@@ -171,11 +173,11 @@ CVE-2026-20779 (Gitea versions from 1.5.0 before 1.26.3
have a TOTP single-use e
CVE-2026-20706 (Gitea versions up to and including 1.26.1 allow repository
archive dow ...)
- gitea <removed>
CVE-2026-14618 (A vulnerability was detected in Open5GS up to 2.7.7. Affected
by this ...)
- TODO: check
+ - open5gs <itp> (bug #1094791)
CVE-2026-14617 (A security vulnerability has been detected in NousResearch
hermes-agen ...)
- TODO: check
+ NOT-FOR-US: NousResearch hermes-agent
CVE-2026-14611 (A vulnerability has been found in DeepMyst Mysti up to 0.4.0.
The affe ...)
- TODO: check
+ NOT-FOR-US: DeepMyst Mysti
CVE-2026-14610 (A flaw has been found in Open Asset Import Library Assimp up
to 6.0.5. ...)
TODO: check
CVE-2026-14609 (A vulnerability was detected in SourceCodester CET Automated
Grading S ...)
@@ -183,17 +185,18 @@ CVE-2026-14609 (A vulnerability was detected in
SourceCodester CET Automated Gra
CVE-2026-14608 (A security vulnerability has been detected in SourceCodester
CET Autom ...)
NOT-FOR-US: SourceCodester
CVE-2026-14607 (A weakness has been identified in RT-Thread up to 5.0.2. This
affects ...)
- TODO: check
+ NOT-FOR-US: RT-Thread
CVE-2026-14606 (A security flaw has been discovered in RT-Thread up to 5.0.2.
Affected ...)
- TODO: check
+ NOT-FOR-US: RT-Thread
CVE-2026-14605 (A vulnerability was identified in RT-Thread up to 5.0.2.
Affected by t ...)
- TODO: check
+ NOT-FOR-US: RT-Thread
CVE-2026-12481 (A vulnerability in keras-team/keras version 3.14.0 allows for
arbitrar ...)
- TODO: check
+ - keras <removed>
+ [bullseye] - keras <end-of-life> (EOL in bullseye LTS)
CVE-2026-12252 (In nltk/nltk versions 3.9.3 and earlier, five Stanford
interface class ...)
TODO: check
CVE-2025-71380 (The Execute Command node in n8n allows authenticated users to
execute ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2025-71375 (picklescan before 0.0.34 fails to detect the
_operator.methodcaller bu ...)
NOT-FOR-US: picklescan
CVE-2025-71373 (picklescan before 0.0.33 fails to detect operator.methodcaller
functio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92952edab5926f5a020958c73d245cc973c2b78b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92952edab5926f5a020958c73d245cc973c2b78b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits