Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
74ec3bfb by Salvatore Bonaccorso at 2026-07-15T22:35:27+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,19 +5,19 @@ CVE-2026-8281
 CVE-2026-8055
        REJECTED
 CVE-2026-62948 (OpenWrt is a Linux operating system targeting embedded 
devices. Prior  ...)
-       TODO: check
+       NOT-FOR-US: OpenWrt
 CVE-2026-62947 (OpenWrt is a Linux operating system targeting embedded 
devices. Prior  ...)
-       TODO: check
+       NOT-FOR-US: OpenWrt
 CVE-2026-62843 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-62685 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-62683 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
-       TODO: check
+       NOT-FOR-US: File Browser
 CVE-2026-62389 (ws before 8.21.1 contains a memory exhaustion vulnerability in 
lib/rec ...)
        TODO: check
 CVE-2026-62378 (RustFS Console is a web management console for the RustFS 
distributed  ...)
-       TODO: check
+       NOT-FOR-US: RustFS
 CVE-2026-62294 (Flameshot is powerful yet simple to use screenshot software. 
Prior to  ...)
        TODO: check
 CVE-2026-62287
@@ -47,7 +47,7 @@ CVE-2026-62165
 CVE-2026-62164
        REJECTED
 CVE-2026-61873 (Grav before 9.1.8 contains an arbitrary file write 
vulnerability in th ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-61872 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory 
leak in th ...)
        TODO: check
 CVE-2026-61871 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory 
leak in th ...)
@@ -83,23 +83,23 @@ CVE-2026-61835 (Directus is a real-time API and App 
dashboard for managing SQL d
 CVE-2026-61829
        REJECTED
 CVE-2026-61828 (Nixpkgs is a collection of software packages that can be 
installed wit ...)
-       TODO: check
+       NOT-FOR-US: Nixpkgs
 CVE-2026-61740 (LightRAG provides simple and fast retrieval-augmented 
generation. Prio ...)
-       TODO: check
+       NOT-FOR-US: LightRAG
 CVE-2026-61736 (LightRAG provides simple and fast retrieval-augmented 
generation. Prio ...)
-       TODO: check
+       NOT-FOR-US: LightRAG
 CVE-2026-61710
        REJECTED
 CVE-2026-61684 (FastGPT is a knowledge-based AI application platform. In 
4.15.0-beta4, ...)
-       TODO: check
+       NOT-FOR-US: FastGPT
 CVE-2026-61646 (FastGPT is a knowledge-based AI application platform. Prior to 
4.15.0- ...)
-       TODO: check
+       NOT-FOR-US: FastGPT
 CVE-2026-61644 (FastGPT is a knowledge-based AI application platform. From 
4.14.17 unt ...)
-       TODO: check
+       NOT-FOR-US: FastGPT
 CVE-2026-61643 (FastGPT is a knowledge-based AI application platform. From 
4.14.17 unt ...)
-       TODO: check
+       NOT-FOR-US: FastGPT
 CVE-2026-61613 (Cursor is a code editor built for programming with AI. Prior 
to the Cl ...)
-       TODO: check
+       NOT-FOR-US: Cursor
 CVE-2026-61606
        REJECTED
 CVE-2026-61605
@@ -115,31 +115,31 @@ CVE-2026-61452 (The Grav API plugin 
(getgrav/grav-plugin-api) before 2.0.4 conta
 CVE-2026-61451 (The Grav API plugin (grav-plugin-api) before 1.0.4 does not 
validate t ...)
        TODO: check
 CVE-2026-61449 (Grav 2.0.1 contains a decompression-bomb size-cap bypass in 
ZipArchive ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-61446 (PraisonAI (praisonaiagents) before 1.6.78 contains a remote 
code execu ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61443 (PraisonAI before 1.6.78 contains a remote code execution 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61440 (PraisonAI Platform before 0.1.9 fails to properly authorize 
label and  ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61438 (PraisonAI before 4.6.78 contains a remote code execution 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61436 (PraisonAI before 4.6.78 fails to verify Svix webhook 
signatures in Age ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61435 (PraisonAI before 4.6.78 contains an authentication bypass in 
the Call  ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61433 (PraisonAI before 4.6.78 fails to safely encode deployment 
configuratio ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61430 (PraisonAI before 1.6.78 contains a server-side request forgery 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61427 (PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport 
without  ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61371 (Microsoft AVML before 0.17.0 could follow a symlink when 
opening a des ...)
        TODO: check
 CVE-2026-60087 (PraisonAI before 1.6.78 caches tool approval decisions by tool 
name on ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-60085 (PraisonAI before 4.6.78 contains an unenforced security policy 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-60065 (When NGINX Plus is configured to use the Message Queuing 
Telemetry Tra ...)
        TODO: check
 CVE-2026-60062 (The NGINX Agent config_dirsdirective allows a low-privileged 
attacker  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74ec3bfb96b2d095c4cd53627e3e87bdf9950ac0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74ec3bfb96b2d095c4cd53627e3e87bdf9950ac0
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to