Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
41e428e5 by Moritz Muehlenhoff at 2026-05-08T12:48:19+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -505,7 +505,7 @@ CVE-2025-68604 (Cross-Site Request Forgery (CSRF)
vulnerability in WPGraphQL all
CVE-2025-68060 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67202 (Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for
Sidekiq, ...)
- TODO: check
+ NOT-FOR-US: Sidekiq-cron
CVE-2025-66105 (Missing Authorization vulnerability in Magepeople inc. Bus
Ticket Book ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-65122 (Regex Denial of Service in youtube-regex npm package through
version 1 ...)
@@ -735,7 +735,7 @@ CVE-2026-41142 (OpenEXR provides the specification and
reference implementation
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/b8f127ca8e061d413f4066ebd123ca90466b06e8
(v3.4.11-rc)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/13e5099df7210927a36ee8ab5993ebca5ce82279
(v3.2.9-rc)
CVE-2026-41139 (Math.js is an extensive math library for JavaScript and
Node.js. From ...)
- TODO: check
+ NOT-FOR-US: Math.js
CVE-2026-41004 (When enabling trace logging in Spring Cloud Config Server
sensitive in ...)
TODO: check
CVE-2026-41002 (The base directory (`spring.cloud.config.server.git.basedir`)
used by ...)
@@ -1381,7 +1381,7 @@ CVE-2026-23870 (A denial of service vulnerability could
be triggered by sending
CVE-2026-21661 (Uncontrolled Search Path Element vulnerability in
JohnsonControls AC20 ...)
NOT-FOR-US: Johnson Controls
CVE-2026-20219 (A vulnerability in the REST API of Cisco Slido could have
allowed an a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20195 (A vulnerability in an identity management API endpoint of
Cisco ISE co ...)
NOT-FOR-US: Cisco
CVE-2026-20193 (A vulnerability in the RADIUS Policy API endpoints of Cisco
ISE could ...)
@@ -2913,9 +2913,9 @@ CVE-2023-54346 (WordPress Plugin Backup Migration 1.2.8
contains an information
CVE-2023-54345 (Frappe Framework ERPNext 13.4.0 contains a sandbox escape
vulnerabilit ...)
NOT-FOR-US: Frappe Framework ERPNext
CVE-2023-54344 (Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code
executio ...)
- TODO: check
+ NOT-FOR-US: Eclipse Equinox OSGi
CVE-2023-54342 (Eclipse Equinox OSGi versions 3.8 through 3.18 contain a
remote code e ...)
- TODO: check
+ NOT-FOR-US: Eclipse Equinox OSGi
CVE-2026-43073 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.19.14-1
[trixie] - linux 6.12.85-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41e428e58e084e3b642211e6766fe7170a0b295d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41e428e58e084e3b642211e6766fe7170a0b295d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
