Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ad4a1fe by security tracker role at 2026-05-08T19:14:45+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-8178 (An issue exists in Amazon Redshift JDBC Driver versions prior
to 2.2.2 ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-8153 (OS command injection in Dashboard Server interface in Universal
Robots ...)
TODO: check
CVE-2026-8077 (Lack of proper authorization implementation in the CashDro 3
web admin ...)
@@ -9,17 +9,17 @@ CVE-2026-8076 (Weak credentials in the CashDro 3 web
administration panel, versi
CVE-2026-7864 (SEPPmail Secure Email Gateway before version 15.0.4 exposes
server env ...)
TODO: check
CVE-2026-7650 (The E2Pdf \u2013 Export Pdf Tool for WordPress plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7475 (The Sky Addons plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7330 (The Auto Affiliate Links plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6213 (A vulnerability in Remote SparkSparkView beforebuild 1122
allows an at ...)
TODO: check
CVE-2026-5341 (The NMR Strava activities plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5127 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-44928 (In uriparser before 1.0.2, the function family EqualsUri can
misclassi ...)
TODO: check
CVE-2026-44927 (In uriparser before 1.0.2, there is pointer difference
truncation to i ...)
@@ -137,7 +137,7 @@ CVE-2026-41070 (openvpn-auth-oauth2 is a plugin/management
interface client for
CVE-2026-3318 (Open redirection vulnerability in the latest demo version of
the Cradl ...)
TODO: check
CVE-2026-39816 (The optional extension component TinkerpopClientService is
missing the ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-38361 (An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2
allows a ...)
TODO: check
CVE-2026-38360 (Directory Traversal vulnerability in fohrloop dash-uploader
v.0.1.0 th ...)
@@ -147,7 +147,7 @@ CVE-2026-37431 (Beauty Parlour Management System v1.1 was
discovered to contain
CVE-2026-34354 (Akamai Guardicore Platform Agent (GPA) and Zero Trust Client
on Linux ...)
TODO: check
CVE-2026-32803 (Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6,
9.6.0.0 throug ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-29975 (lwjson 1.8.1 contains an improper input validation
vulnerability in th ...)
TODO: check
CVE-2026-29974 (An issue was discovered in kosma minmea 0.3.0. The minmea_scan
functio ...)
@@ -161,21 +161,21 @@ CVE-2026-29202 (Insufficient input validation of the
`plugin` parameter of the `
CVE-2026-29201 (Insufficient input validation of the feature file name in
`feature::LO ...)
TODO: check
CVE-2026-25199 (Instances deployed via the Proxmox extension allow
unauthorized access ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-25077 (Account users are allowed by default to register templates to
be downl ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-69233 (Due to multiple time-of-check time-of-use race conditions in
the resou ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-67486 (Dolibarr is an enterprise resource planning (ERP) and customer
relatio ...)
TODO: check
CVE-2025-66467 (Missing MinIO policy cleanup on bucket deletion via Apache
CloudStack ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-66172 (The CloudStack Backup plugin has an improper access logic in
versions ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-66171 (The CloudStack Backup plugin has an improper access logic in
versions ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-66170 (The CloudStack Backup plugin has an improper authorization
logic in ve ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2022-50994 (DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain
an OS co ...)
TODO: check
CVE-2026-6659 (Crypt::PasswdMD5 versions through 1.42 for Perl generates
insecure ran ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ad4a1fe991c5e1753dffcfcf68b817237d9ab30
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ad4a1fe991c5e1753dffcfcf68b817237d9ab30
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
