Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
362ab1ea by security tracker role at 2026-05-06T19:14:32+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -265,33 +265,33 @@ CVE-2026-7875 (NanoClaw contains a host/container
filesystem boundary vulnerabil
CVE-2026-7841 (A remote code execution vulnerability exists in Notification
Settings ...)
TODO: check
CVE-2026-7457 (The LatePoint plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7448 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7332 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6863 (Velociraptor versions prior to 0.76.4 contain a cross
organization aut ...)
TODO: check
CVE-2026-6860 (A TCP client can perform a TLS handshake and present the server
name e ...)
- TODO: check
+ NOT-FOR-US: Eclipse
CVE-2026-6788 (Uncontrolled Search Path Element vulnerabilityin WatchGuard
Agent on W ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-6787 (Use of Hard-coded Cryptographic Key vulnerability in WatchGuard
Agent ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-6672 (The Affiliate Program Suite \u2014 SliceWP Affiliates plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6420 (A flaw was found in Keylime. An attacker with root access on an
enroll ...)
TODO: check
CVE-2026-6344 (The Fluent Forms plugin for WordPress is vulnerable to
Arbitrary File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6210 (A type confusion vulnerability in Qt SVG allows an attacker to
cause a ...)
TODO: check
CVE-2026-43975 (FolderUploadsFileManager in Apache Wicket does not validate or
sanitiz ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-43646 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42503 (gopls by default communicates via pipe. However, -port and
-listen fla ...)
TODO: check
CVE-2026-41938 (Vvveb before version 1.0.8.2 contains an unrestricted file
upload vuln ...)
@@ -305,15 +305,15 @@ CVE-2026-41931 (Vvveb before version 1.0.8.2 contains an
information disclosure
CVE-2026-41930 (Vvveb before version 1.0.8.2 contains a hard-coded credentials
vulnera ...)
TODO: check
CVE-2026-41288 (Incorrect permission assignment for a resource in the patch
management ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-41287 (Stack-based Buffer Overflow vulnerability in the WatchGuard
Agent disc ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-41286 (Stack-based Buffer Overflow vulnerability in the WatchGuard
Agent disc ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-40010 (Missing invocation of Servlet http web request method
changeSessionId ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-40001 (There is a local privilege escalation vulnerability in the ZTE
PROCESS ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-36358 (Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0
allows a rem ...)
TODO: check
CVE-2026-35255 (Vulnerability in the OracleCloud Native Environment Command
Line Inter ...)
@@ -341,21 +341,21 @@ CVE-2026-23926 (An authenticated (non-super)
administrator can create a maintena
CVE-2026-23870 (A denial of service vulnerability could be triggered by
sending specia ...)
TODO: check
CVE-2026-21661 (Uncontrolled Search Path Element vulnerability in
JohnsonControls AC20 ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2026-20219 (A vulnerability in the REST API of Cisco Slido could have
allowed an a ...)
TODO: check
CVE-2026-20195 (A vulnerability in an identity management API endpoint of
Cisco ISE co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20193 (A vulnerability in the RADIUS Policy API endpoints of Cisco
ISE could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20189 (A vulnerability in the log file download functionality of
Cisco Prime ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20188 (A vulnerability in the connection-handling mechanism of Cisco
Crosswor ...)
TODO: check
CVE-2026-20185 (A vulnerability in the Simple Network Management Protocol
(SNMP) subsy ...)
TODO: check
CVE-2026-20172 (A vulnerability in the Lite Agent feature of Cisco Enterprise
Chat and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20169 (A vulnerability in the web-based management interface of Cisco
IoT Fie ...)
TODO: check
CVE-2026-20168 (A vulnerability in the web-based management interface of Cisco
IoT Fie ...)
@@ -367,47 +367,47 @@ CVE-2026-20035 (A vulnerability in the web UI of Cisco
Unity Connection Web Inbo
CVE-2026-20034 (A vulnerability in the web-based management interface of Cisco
Unity C ...)
TODO: check
CVE-2026-1719 (The Gravity Bookings Premium plugin for WordPress is vulnerable
to SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0300 (A buffer overflow vulnerability in the User-ID\u2122
Authentication Po ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-62345 (HCL BigFix RunBookAI is affected by a Continued availability
of Less-S ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-59854 (HCL DFXAnalytics is affected by an Insecure Security Header
Configurat ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-59853 (HCL DFXAnalytics is affected by an Improper Error Handling
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-59852 (HCL DFXAnalytics is affected by an Insufficient Transport
Layer Prot ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-59851 (HCL DFXAnalytics is affected by a Using Components with Known
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52613 (HCL BigFix Service Management (SM) is affected by use of a
vulnerable ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31984 (HCL BigFix Service Management (SM) is affected by a security
misconfig ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31983 (HCL BigFix Service Management (SM) is affected by a security
misconfig ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31982 (HCL BigFix Service Management (SM) had directories that were
not linke ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31978 (HCL BigFix Service Management (SM) does not adequately
sanitize or saf ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31976 (HCL BigFix Service Management (SM) is vulnerable to
insufficiently pro ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31975 (HCL BigFix Service Management (SM) is affected by an
Information Discl ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31974 (HCL BigFix Service Management (SM) is susceptible to a Root
File Syste ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31970 (HCL DFXAnalytics is affected by an Insecure Security Header
configurat ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31960 (HCL BigFix Service Management (SM) is vulnerable to
information exposu ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31959 (HCL BigFix Service Management (SM) application fails to strip
EXIF met ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31957 (HHCL BigFix Service Management (SM) is affected by a
Cross\u2011Site R ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31951 (HCL BigFix RunBookAI is affected by a Unvalidated Command
Input / Pote ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30151 (HCL BigFix Service Management (SX) is affected by a Broken
Access Con ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-40562 (Gazelle versions through 0.49 for Perl allows HTTP Request
Smuggling v ...)
NOTE: Perl Gazelle
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39783440/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/362ab1ea1c263a6e6dd8f63881fea6d985a73aa3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/362ab1ea1c263a6e6dd8f63881fea6d985a73aa3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
