Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb5878c5 by security tracker role at 2026-05-08T07:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,29 +5,29 @@ CVE-2026-8148 (NAVER MYBOX Explorer for Windows before
3.0.11.160 allows a local
CVE-2026-8142 (VINCE versions 3.0.38 and earlier do not properly verify the
From addr ...)
TODO: check
CVE-2026-8138 (A vulnerability was found in Tenda CX12L 16.03.53.12. This
issue affec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-8137 (A vulnerability has been found in Totolink X5000R
9.1.0u.6369_B2023011 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-8136 (A flaw has been found in SourceCodester Pharmacy Sales and
Inventory S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8133 (A security vulnerability has been detected in zyx0814 FilePress
up to ...)
TODO: check
CVE-2026-8132 (A weakness has been identified in CodeAstro Leave Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-8131 (A security flaw has been discovered in SourceCodester SUP
Online Shopp ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8130 (A vulnerability was identified in SourceCodester SUP Online
Shopping 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8129 (A vulnerability was determined in SourceCodester SUP Online
Shopping 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8128 (A vulnerability was found in SourceCodester SUP Online Shopping
1.0. T ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8127 (A vulnerability has been found in eladmin up to 2.7. Impacted
is the f ...)
TODO: check
CVE-2026-8126 (A flaw has been found in SourceCodester Comment System 1.0.
This issue ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8125 (A vulnerability was detected in code-projects Simple Chat
System 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-8124 (A security vulnerability has been detected in GPAC up to
26.02.0. This ...)
TODO: check
CVE-2026-8123 (A vulnerability was determined in Open5GS up to 2.7.7. This
impacts th ...)
@@ -41,7 +41,7 @@ CVE-2026-8120 (A flaw has been found in Open5GS up to 2.7.7.
The affected elemen
CVE-2026-8119 (A vulnerability was detected in Open5GS up to 2.7.7. Impacted
is the f ...)
TODO: check
CVE-2026-8117 (A security vulnerability has been detected in SourceCodester
Pizzafy E ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8116 (A weakness has been identified in huangjunsen0406
xiaozhi-mcphub up to ...)
TODO: check
CVE-2026-8115 (A security flaw has been discovered in gyoridavid
short-video-maker up ...)
@@ -53,9 +53,9 @@ CVE-2026-8113 (A vulnerability was determined in 8421bit
MiniClaw up to 43905b93
CVE-2026-8112 (A vulnerability was found in 8421bit MiniClaw up to
223c16a1088e138838 ...)
TODO: check
CVE-2026-8106 (A reflected HTML injection vulnerability was identified in the
GitHub ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-8098 (A security vulnerability has been detected in code-projects
Feedback S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-8097 (A security flaw has been discovered in CodeAstro Online
Classroom 1.0. ...)
TODO: check
CVE-2026-8088 (A weakness has been identified in OSGeo gdal up to 3.13.0dev-4.
The af ...)
@@ -65,19 +65,19 @@ CVE-2026-8087 (A security flaw has been discovered in OSGeo
gdal up to 3.13.0dev
CVE-2026-8069 (PredatorSense version 3.00.3136 to 3.00.3196 contain Local
Privilege E ...)
TODO: check
CVE-2026-8034 (A server-side request forgery (SSRF) vulnerability was
identified in t ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-7891 (The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0
Beta all ...)
TODO: check
CVE-2026-7541 (A denial of service vulnerability was identified in GitHub
Enterprise ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-6737 (An Exposed IOCTL with Insufficient Access Control vulnerability
in Asu ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-6736 (An authentication bypass vulnerability was identified in GitHub
Enterp ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-6411 (This vulnerability, in the MAXHUB Pivot client application
versions p ...)
TODO: check
CVE-2026-4935 (The OttoKit: All-in-One Automation Platform WordPress plugin
before 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-44916 (In OpenStack Ironic through 35.x, instance_info['ks_template']
is rend ...)
TODO: check
CVE-2026-44365
@@ -97,9 +97,9 @@ CVE-2026-43940 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/
CVE-2026-43510 (manage.get.gov is the .gov TLD registrar maintained by CISA.
manage.ge ...)
TODO: check
CVE-2026-42880 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2026-42826 (Exposure of sensitive information to an unauthorized actor in
Azure De ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42501 (A malicious module proxy can exploit a flaw in the go
command's valida ...)
TODO: check
CVE-2026-42499 (Pathological inputs could cause DoS through consumePhrase when
parsing ...)
@@ -143,7 +143,7 @@ CVE-2026-42203 (LiteLLM is a proxy server (AI Gateway) to
call LLM APIs in OpenA
CVE-2026-42150 (wlc is a Weblate command-line client using Weblate's REST API.
Prior t ...)
TODO: check
CVE-2026-42047 (Inngest is a platform for running event-driven and scheduled
backgroun ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-41929 (Vvveb before 1.0.8.2 contains an unauthenticated reflected
cross-site ...)
TODO: check
CVE-2026-41928 (Vvveb before 1.0.8.2 contains an information disclosure
vulnerability ...)
@@ -165,13 +165,13 @@ CVE-2026-41500 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/
CVE-2026-41498 (Kimai is an open-source time tracking application. Prior to
version 2. ...)
TODO: check
CVE-2026-41105 (Server-side request forgery (ssrf) in Azure Notification
Service allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40214 (In OpenStack Cyborg before 16.0.1, the Accelerator Request
(ARQ) API d ...)
TODO: check
CVE-2026-40213 (OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@')
as the ...)
TODO: check
CVE-2026-3508 (An Out-of-bounds Read vulnerability in the IOCTL handler in
ASUS Syste ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-39836 (The Dial and LookupPort functions panic on Windows when
provided with ...)
TODO: check
CVE-2026-39826 (If a trusted template author were to write a <script> tag
containing a ...)
@@ -187,31 +187,31 @@ CVE-2026-39819 (The "go bug" command writes to two files
with predictable names
CVE-2026-39817 (The "go tool pack" subcommand (usually used only by the
compiler as an ...)
TODO: check
CVE-2026-35435 (Improper access control in Azure AI Foundry M365 published
agents allo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35428 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34327 (Externally controlled reference to a resource in another
sphere in Mic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33844 (Improper input validation in Azure Managed Instance for Apache
Cassand ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33823 (Improper authorization in Microsoft Teams allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33814 (When processing HTTP/2 SETTINGS frames, transport will enter
an infini ...)
TODO: check
CVE-2026-33811 (When using LookupCNAME with the cgo DNS resolver, a very long
CNAME re ...)
TODO: check
CVE-2026-33111 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33109 (Improper access control in Azure Managed Instance for Apache
Cassandra ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32207 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-2710
REJECTED
CVE-2026-26164 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26129 (Improper neutralization of special elements in M365 Copilot
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-69691 (Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC
API via p ...)
TODO: check
CVE-2025-69690 (Netgate pfSense CE 2.7.2 allows code execution by using the
module ins ...)
@@ -245,7 +245,7 @@ CVE-2024-33288 (Prison Management System Using PHP v1.0 was
discovered to contai
CVE-2024-30167 (/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2
allow re ...)
TODO: check
CVE-2024-27686 (Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7)
allows a r ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2023-47268 (In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer
through 2.6. ...)
TODO: check
CVE-2023-46453 (Certain GL.iNet devices with 4.x firmware allow authentication
bypass ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb5878c5179c1bf52edf792e2fabeb31a4daaa1e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb5878c5179c1bf52edf792e2fabeb31a4daaa1e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
