Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5442dbe5 by Salvatore Bonaccorso at 2026-07-16T15:39:52+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,7 +79,7 @@ CVE-2026-50183 (WWBN AVideo is an open source video platform. 
Versions 29.0 and
 CVE-2026-50182 (WWBN AVideo is an open source video platform. Versions prior 
to 29.0 c ...)
        NOT-FOR-US: WWBN AVideo
 CVE-2026-50144 (ncnn is a high-performance neural network inference framework 
optimize ...)
-       TODO: check
+       NOT-FOR-US: ncnn
 CVE-2026-50124 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
        NOT-FOR-US: DataEase
 CVE-2026-50030 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
@@ -89,13 +89,13 @@ CVE-2026-49867 (DataEase is an open source data 
visualization and analysis tool.
 CVE-2026-49445 (Cilium is a networking, observability, and security solution. 
Prior to ...)
        TODO: check
 CVE-2026-49353 (9Router is an AI router & token saver. In 0.4.45 and earlier, 
9Router' ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-49352 (9Router is an AI router & token saver. From 0.2.21 until 
0.4.44, 9Rout ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-49279 (WWBN AVideo is an open source video platform. Versions 29.0 
and below  ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2026-48795 (AdonisJS is a TypeScript-first web framework. From 10.1.3 
until 10.1.5 ...)
-       TODO: check
+       NOT-FOR-US: AdonisJS
 CVE-2026-46684 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
        NOT-FOR-US: DataEase
 CVE-2026-46421 (The SAP Cloud Application Programming Model is a tool for 
building ent ...)
@@ -526,19 +526,19 @@ CVE-2026-54560 (Cloudreve is a self-hosted file 
management and sharing system. F
 CVE-2026-54443 (Dashy is a self-hostable personal dashboard. From 1.9.4 until 
3.2.0, t ...)
        NOT-FOR-US: Dashy
 CVE-2026-53518 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-53517 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-53516 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-53515 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-53514 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-53513 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-53512 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-52865 (When NGINX Ingress Controller processes Ingress or 
TransportServer res ...)
        NOT-FOR-US: F5
 CVE-2026-52843 (Lightpanda is a headless browser designed for AI and 
automation. Prior ...)
@@ -546,23 +546,23 @@ CVE-2026-52843 (Lightpanda is a headless browser designed 
for AI and automation.
 CVE-2026-52842 (Lightpanda is a headless browser designed for AI and 
automation. Prior ...)
        NOT-FOR-US: Lightpanda
 CVE-2026-50562 (FastGPT is a knowledge-based AI application platform. At 
commit 22ebfa ...)
-       TODO: check
+       NOT-FOR-US: FastGPT
 CVE-2026-50148 (Metabase is an open-source business intelligence and embedded 
analytic ...)
-       TODO: check
+       NOT-FOR-US: Metabase
 CVE-2026-50147 (Metabase is an open-source business intelligence and embedded 
analytic ...)
-       TODO: check
+       NOT-FOR-US: Metabase
 CVE-2026-49997 (SurrealDB is a scalable, distributed, collaborative, 
document-graph da ...)
-       TODO: check
+       NOT-FOR-US: SurrealDB
 CVE-2026-49988 (Repomix is a tool that packs repositories into AI-friendly 
files. Prio ...)
-       TODO: check
+       NOT-FOR-US: Repomix
 CVE-2026-49987 (Repomix is a tool that packs repositories into AI-friendly 
files. Prio ...)
-       TODO: check
+       NOT-FOR-US: Repomix
 CVE-2026-49501 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and 
versions  ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-48799 (Postiz is an AI social media scheduling tool. Prior to 2.21.8, 
Postiz  ...)
-       TODO: check
+       NOT-FOR-US: Postiz
 CVE-2026-47703 (AdGuard Home is a network-wide software for blocking ads and 
tracking. ...)
-       TODO: check
+       NOT-FOR-US: AdGuard Home
 CVE-2026-47164 (Vaultwarden is a Bitwarden-compatible server written in Rust. 
Prior to ...)
        TODO: check
 CVE-2026-47160 (Vaultwarden is a Bitwarden-compatible server written in Rust. 
Prior to ...)
@@ -1303,7 +1303,7 @@ CVE-2026-54983 (Stack-based buffer overflow in Active 
Directory Federation Servi
 CVE-2026-54982 (Integer underflow (wrap or wraparound) in Reliable Multicast 
Transport ...)
        NOT-FOR-US: Microsoft
 CVE-2026-54684 (jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a 
malicious .xa ...)
-       TODO: check
+       NOT-FOR-US: jadx
 CVE-2026-54572 (Rclone is a command-line program to sync files and directories 
to and  ...)
        - rclone <unfixed>
        NOTE: 
https://github.com/rclone/rclone/security/advisories/GHSA-cf44-9pgv-m4xc
@@ -1380,9 +1380,9 @@ CVE-2026-52101 (An issue in andreimarcu linux-server 
v.1.0 through v.2.3.8 allow
 CVE-2026-52100 (Cross Site Request Forgery vulnerability in andreimarcu 
linux-server v ...)
        NOT-FOR-US: andreimarcu linux-server
 CVE-2026-51808 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before 
allows  ...)
-       TODO: check
+       NOT-FOR-US: OpenHTJ2K
 CVE-2026-51807 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before 
allows  ...)
-       TODO: check
+       NOT-FOR-US: OpenHTJ2K
 CVE-2026-51105 (Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 
allows a  ...)
        TODO: check
 CVE-2026-50697 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
@@ -1904,7 +1904,7 @@ CVE-2026-50294 (Exposure of sensitive system information 
to an unauthorized cont
 CVE-2026-50293 (Use after free in Windows Internal Task Bar allows an 
authorized attac ...)
        NOT-FOR-US: Microsoft
 CVE-2026-50130 (Pi-hole is a DNS sinkhole that protects devices from unwanted 
content  ...)
-       TODO: check
+       NOT-FOR-US: Pi-hole
 CVE-2026-4018 (TOCTOU Race Condition in specific trace commands of the 
TraceEvent() s ...)
        NOT-FOR-US: Blackberry
 CVE-2026-4017 (Buffer Overflow in the entry handler of the TraceEvent() system 
call c ...)
@@ -2026,13 +2026,13 @@ CVE-2026-49164 (Heap-based buffer overflow in Active 
Directory Domain Services a
 CVE-2026-49162 (Use after free in Microsoft Brokering File System allows an 
authorized ...)
        NOT-FOR-US: Microsoft
 CVE-2026-48816 (sigstore-js provides JavaScript libraries for interacting with 
Sigstor ...)
-       TODO: check
+       NOT-FOR-US: sigstore-js
 CVE-2026-48815 (sigstore-js provides JavaScript libraries for interacting with 
Sigstor ...)
-       TODO: check
+       NOT-FOR-US: sigstore-js
 CVE-2026-48801 (linkify-it is a links recognition library with full Unicode 
support. P ...)
        TODO: check
 CVE-2026-48758 (sigstore-js provides JavaScript libraries for interacting with 
Sigstor ...)
-       TODO: check
+       NOT-FOR-US: sigstore-js
 CVE-2026-48581 (Insufficient granularity of access control in Microsoft 
Surface allows ...)
        NOT-FOR-US: Microsoft
 CVE-2026-48580 (Untrusted pointer dereference in Microsoft Office Excel allows 
an unau ...)
@@ -2190,11 +2190,11 @@ CVE-2026-48252 (Adobe Experience Manager is affected by 
a Missing Authentication
 CVE-2026-48125 (UAParser.js is a JavaScript library to detect browsers, 
operating syst ...)
        TODO: check
 CVE-2026-48069 (@grpc/grps-js implements the core functionality of gRPC purely 
in Java ...)
-       TODO: check
+       NOT-FOR-US: @grpc/grps-js
 CVE-2026-48068 (@grpc/grps-js implements the core functionality of gRPC purely 
in Java ...)
-       TODO: check
+       NOT-FOR-US: @grpc/grps-js
 CVE-2026-48038 (joi is a schema description language and data validator for 
JavaScript ...)
-       TODO: check
+       NOT-FOR-US: hapijs/joi
 CVE-2026-48001 (Adobe Commerce is affected by an Information Exposure 
vulnerability th ...)
        NOT-FOR-US: Adobe
 CVE-2026-48000 (Adobe Commerce is affected by an Improper Redirect (Open 
Redirect) vul ...)
@@ -2264,9 +2264,9 @@ CVE-2026-47471 (NVIDIA TensorRT-LLM for any platform 
contains a vulnerability in
 CVE-2026-47470 (NVIDIA TensorRT-LLM for any platform contains a vulnerability 
in the g ...)
        NOT-FOR-US: NVIDIA
 CVE-2026-47429 (Vitest is a testing framework powered by Vite. Prior to 3.2.5 
and 4.1. ...)
-       TODO: check
+       NOT-FOR-US: Vitest
 CVE-2026-47428 (Vitest is a testing framework powered by Vite. From 4.0.17 
until 4.1.6 ...)
-       TODO: check
+       NOT-FOR-US: Vitest
 CVE-2026-47423 (DOMPurify is a DOM-only cross-site scripting sanitizer for 
HTML, MathM ...)
        TODO: check
 CVE-2026-47305 (Protection mechanism failure in Visual Studio allows an 
unauthorized a ...)
@@ -5179,7 +5179,7 @@ CVE-2026-55849 (@cyclonedx/cyclonedx-npm creates 
CycloneDX Software Bill of Mate
 CVE-2026-55778 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache 
templates wi ...)
-       TODO: check
+       NOT-FOR-US: Handlebars.java
 CVE-2026-55596 (Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 
until 5 ...)
        NOT-FOR-US: Plate
 CVE-2026-55575 (LiquidJS is a Shopify / GitHub Pages compatible template 
engine in pur ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5442dbe592a753d8569473c9b1d69d3dced70a5e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5442dbe592a753d8569473c9b1d69d3dced70a5e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to