Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b8eb175f by Moritz Muehlenhoff at 2026-07-09T22:09:10+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,41 +25,41 @@ CVE-2026-7558 (The Age Verification & Identity Verification 
by Token of Trust pl
 CVE-2026-6910 (The Bookero.pl \u2013 system rezerwacji online plugin for 
WordPress is ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-61474 (An improper authorization check in MISP\u2019s attribute 
creation endp ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2026-61344 (The Superior Court of California Hearing Reminder Service at 
https://w ...)
-       TODO: check
+       NOT-FOR-US: Superior Court of California Hearing Reminder Service
 CVE-2026-61343 (LibreBooking's email template editor save action passes the 
submitted  ...)
-       TODO: check
+       NOT-FOR-US: LibreBooking
 CVE-2026-60109 (Zeek before 8.0.9 contains a null pointer dereference 
vulnerability in ...)
-       TODO: check
+       - zeek <removed>
 CVE-2026-60108 (Zeek before 8.0.9 contains an uncontrolled memory consumption 
vulnerab ...)
-       TODO: check
+       - zeek <removed>
 CVE-2026-60095 (Vinchin Backup & Recovery through 9.0.0.86562 contains a stack 
buffer  ...)
-       TODO: check
+       NOT-FOR-US: Vinchin Backup & Recovery
 CVE-2026-60094 (Vinchin Backup & Recovery through 9.0.0.86562 contains a heap 
buffer o ...)
-       TODO: check
+       NOT-FOR-US: Vinchin Backup & Recovery
 CVE-2026-5955 (Improper neutralization of special elements used in an SQL 
command ('S ...)
-       TODO: check
+       NOT-FOR-US: BiEticaret
 CVE-2026-5793 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: BiEticaret
 CVE-2026-5005 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Twiser OKRs & Goals
 CVE-2026-59827 (Metabase is an open-source business intelligence and embedded 
analytic ...)
-       TODO: check
+       NOT-FOR-US: Metabase
 CVE-2026-59826 (Metabase is an open-source business intelligence and embedded 
analytic ...)
-       TODO: check
+       NOT-FOR-US: Metabae
 CVE-2026-59817 (Ghost is a Node.js content management system. From 6.27.0 
before 6.44. ...)
-       TODO: check
+       - ghost <itp> (bug #892150)
 CVE-2026-59734 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2026-59726 (Ruflo is an agent meta-harness for Claude Code and Codex. 
Prior to 3.1 ...)
-       TODO: check
+       NOT-FOR-US: Ruflo
 CVE-2026-59721 (Hoppscotch is an open source API development ecosystem. Prior 
to 2026. ...)
-       TODO: check
+       NOT-FOR-US: Hoppscotch
 CVE-2026-59720 (Hoppscotch is an open source API development ecosystem. Prior 
to 2026. ...)
-       TODO: check
+       NOT-FOR-US: Hoppscotch
 CVE-2026-59715 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59692 (A stack buffer overflow vulnerability was found in GStreamer's 
DTLS pl ...)
        TODO: check
 CVE-2026-59691 (A heap buffer overflow vulnerability was found in GStreamer's 
rfbsrc p ...)
@@ -67,37 +67,37 @@ CVE-2026-59691 (A heap buffer overflow vulnerability was 
found in GStreamer's rf
 CVE-2026-59269 (A user authenticating to Kubernetes clusters via the Pinniped 
Supervis ...)
        TODO: check
 CVE-2026-59227 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59226 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59225 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59224 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59223 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59222 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59221 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59220 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59219 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59218 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59217 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59216 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59215 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59214 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59213 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59212 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2026-59209 (n8n is an open source workflow automation platform. Prior to 
1.123.61, ...)
        TODO: check
 CVE-2026-59208 (n8n is an open source workflow automation platform. Prior to 
2.27.4 an ...)
@@ -107,13 +107,13 @@ CVE-2026-59207 (n8n is an open source workflow automation 
platform. Prior to 2.2
 CVE-2026-59206 (n8n is an open source workflow automation platform. Prior to 
1.123.61, ...)
        TODO: check
 CVE-2026-59149 (Mockoon provides way to design and run mock APIs. Prior to 
9.7.0, a FI ...)
-       TODO: check
+       NOT-FOR-US: Mockoon
 CVE-2026-59148 (Mockoon provides way to design and run mock APIs. Prior to 
9.7.0, Mock ...)
-       TODO: check
+       NOT-FOR-US: Mockoon
 CVE-2026-58459 (gpsd through release-3.27.5, fixed at commit 4c06658, contains 
a comma ...)
        TODO: check
 CVE-2026-58378 (Allwinner H616 TV Box TV98 has ADB enabled and exposed to the 
network  ...)
-       TODO: check
+       NOT-FOR-US: Allwinner
 CVE-2026-58307 (Out-of-bounds read, Reachable assertion vulnerability in 
Samsung Open  ...)
        NOT-FOR-US: Samsung
 CVE-2026-58306 (Heap-based buffer overflow vulnerability in Samsung Open 
Source Escarg ...)
@@ -125,7 +125,7 @@ CVE-2026-58304 (Out-of-bounds read, Out-of-bounds write 
vulnerability in Samsung
 CVE-2026-58303 (Stack-based buffer overflow vulnerability in Samsung Open 
Source Escar ...)
        NOT-FOR-US: Samsung
 CVE-2026-58198 (ChatterBot is a machine learning, conversational dialog engine 
for cre ...)
-       TODO: check
+       NOT-FOR-US: ChatterBot
 CVE-2026-58125
        REJECTED
 CVE-2026-57111 (Permissive Cross-Origin Resource Sharing (CORS) in the REST 
API (helix ...)
@@ -159,15 +159,15 @@ CVE-2026-54798 (A vulnerability has been identified in 
CPCI85 Central Processing
 CVE-2026-54695 (Pipecat is an open-source Python framework for building 
real-time voic ...)
        TODO: check
 CVE-2026-54005 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-54004 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-54003 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-54002 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-53987 (The Tag plugin for GLPI 11 before 2.14.4 stores the tag name 
without H ...)
-       TODO: check
+       NOT-FOR-US: GLPI plugin
 CVE-2026-51606 (An improper input handling vulnerability in the RTSP service 
of Tenda  ...)
        NOT-FOR-US: Tenda
 CVE-2026-51605 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
@@ -183,15 +183,15 @@ CVE-2026-51601 (Tenda CP3 V3.0 firmware V31.1.9.91 
contains a stack-based buffer
 CVE-2026-51600 (Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the 
Content-Lengt ...)
        NOT-FOR-US: Tenda
 CVE-2026-51599 (An insufficient input validation vulnerability in the RTSP 
service of  ...)
-       TODO: check
+       NOT-FOR-US: MERCURY
 CVE-2026-51598 (An input validation vulnerability in the RTSP service of 
MERCURY MIPC2 ...)
-       TODO: check
+       NOT-FOR-US: MERCURY
 CVE-2026-51597 (MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does 
not imp ...)
-       TODO: check
+       NOT-FOR-US: MERCURY
 CVE-2026-50644 (SOPlanning is vulnerable to SQL injection in the audit 
retention confi ...)
        TODO: check
 CVE-2026-50188 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-4653 (The Block, Suspend, Report for BuddyPress plugin for WordPress 
is vuln ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-4298 (The DSGVO All in one for WP plugin for WordPress is vulnerable 
to Miss ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8eb175ff7189baaeda089e083d2c48e750ba017

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8eb175ff7189baaeda089e083d2c48e750ba017
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to