Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
42dc2253 by security tracker role at 2026-05-12T07:13:30+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2026-8349 (A flaw has been found in omec-project amf up to 2.1.1. This
vulnerabil ...)
TODO: check
CVE-2026-8346 (A vulnerability was detected in D-Link DIR-816
1.10CNB05_R1B011D88210. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-8345 (A security vulnerability has been detected in D-Link DIR-816
1.10CNB05 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-8344 (A weakness has been identified in D-Link DIR-816
1.10CNB05_R1B011D8821 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-8321 (A vulnerability was detected in inkeep agents 0.58.14. This
vulnerabil ...)
TODO: check
CVE-2026-8320 (A security vulnerability has been detected in jishenghua jshERP
up to ...)
@@ -13,13 +13,13 @@ CVE-2026-8320 (A security vulnerability has been detected
in jishenghua jshERP u
CVE-2026-8319 (A weakness has been identified in aiwaves-cn agents up to
e8c4e3c2d197 ...)
TODO: check
CVE-2026-7287 (** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-7257 (** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-7256 (** UNSUPPORTED WHEN ASSIGNED ** A command injection
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-7255 (** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of
excessive a ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-45430 (The Salesforce module before 1.x-1.0.1 for Backdrop CMS does
not prope ...)
TODO: check
CVE-2026-45393 (Reserved. Details will be published at disclosure.)
@@ -33,9 +33,9 @@ CVE-2026-45362 (Sangoma Switchvox before 8.4 places cleartext
SIP authentication
CVE-2026-45321 (On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84
malicious ...)
TODO: check
CVE-2026-45026 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-45025 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-44695 (Outline is a service that allows for collaborative
documentation. Prio ...)
TODO: check
CVE-2026-43914 (Vaultwarden is a Bitwarden-compatible server written in Rust.
Prior to ...)
@@ -93,27 +93,27 @@ CVE-2026-43874 (WWBN AVideo is an open source video
platform. In versions up to
CVE-2026-43873 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
TODO: check
CVE-2026-43668 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43666 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43661 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43660 (A validation issue was addressed with improved logic. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43659 (A race condition was addressed with additional validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43658 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43656 (An out-of-bounds write issue was addressed with improved input
validat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43655 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43654 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43653 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43652 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-42888 (Audiobookshelf is a self-hosted audiobook and podcast server.
Prior to ...)
TODO: check
CVE-2026-42887 (Audiobookshelf is a self-hosted audiobook and podcast server.
Prior to ...)
@@ -135,11 +135,11 @@ CVE-2026-42875 (External Secrets Operator reads
information from a third-party s
CVE-2026-42874 (Microdot is a minimalistic Python web framework. Prior to
2.6.1, the R ...)
TODO: check
CVE-2026-42873 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-42872 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-42870 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-42869 (SOCFortress CoPilot focuses on providing a single pane of
glass for al ...)
TODO: check
CVE-2026-42600 (MinIO is a high-performance object storage system. From
RELEASE.2022-0 ...)
@@ -161,27 +161,27 @@ CVE-2026-41530 (The automatic folder creation feature of
Lhaz and Lhaz+ provided
CVE-2026-41489 (Pi-hole is a DNS sinkhole that protects devices from unwanted
content ...)
TODO: check
CVE-2026-40137 (SAP TAF_APPLAUNCHER within Business Server Pages allows an
unauthentic ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-40136 (SAP Financial Consolidation allows an authenticated attacker
to discon ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-40135 (An OS Command Injection vulnerability exists in the SAP
NetWeaver Appl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-40134 (Due to insufficient authorization checks in the SAP Incentive
and Comm ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-40133 (Due to missing authorization check in SAP S/4HANA Condition
Maintenanc ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-40132 (Due to missing authorization check in SAP Strategic Enterprise
Managem ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-40131 (SQL injection vulnerability exists in @sap/hdi-deploy package,
where S ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-40129 (Due to a Code Injection vulnerability in SAP Application
Server ABAP f ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-39871 (A path handling issue was addressed with improved logic. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-39870 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-39869 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-37630 (An issue in QuickJS-NG v.0.12.1 allows an attacker to execute
arbitrar ...)
TODO: check
CVE-2026-36734 (EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection.
An authen ...)
@@ -195,181 +195,181 @@ CVE-2026-34961 (barebox prior to version 2026.04.0
contains out-of-bounds read v
CVE-2026-34960 (barebox prior to version 2026.04.0 contains an out-of-bounds
read vuln ...)
TODO: check
CVE-2026-34263 (Due to improper Spring Security configuration, SAP Commerce
cloud allo ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-34260 (SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-34259 (Due to an OS Command Execution vulnerability in SAP
Forecasting & Repl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-34258 (SAPUI5 (Search UI) allows an unauthenticated attacker to
manipulate sp ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-2614 (A vulnerability in the `_create_model_version()` handler of
`mlflow/se ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2026-28996 (A race condition was addressed with additional validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28995 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28994 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28993 (This issue was addressed by adding an additional prompt for
user conse ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28992 (A memory corruption vulnerability was addressed with improved
locking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28991 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28990 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28988 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28987 (A logging issue was addressed with improved data redaction.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28986 (A race condition was addressed with additional validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28985 (A null pointer dereference was addressed with improved input
validatio ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28983 (A type confusion issue was addressed with improved checks.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28978 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28977 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28976 (An information leakage was addressed with additional
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28974 (This issue was addressed with improved checks to prevent
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28972 (An out-of-bounds write issue was addressed with improved input
validat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28971 (The issue was addressed with improved UI handling. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28969 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28967 (A denial-of-service issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28965 (A privacy issue was addressed with improved checks. This issue
is fixe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28964 (An inconsistent user interface issue was addressed with
improved state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28963 (A privacy issue was addressed by removing the vulnerable code.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28962 (This issue was addressed with improved access restrictions.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28961 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28959 (A buffer overflow was addressed with improved bounds checking.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28958 (This issue was addressed with improved data protection. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28957 (An issue with app access to camera metadata was addressed with
improve ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28956 (A memory corruption issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28955 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28954 (A file quarantine bypass was addressed with additional checks.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28953 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28952 (An integer overflow was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28951 (An authorization issue was addressed with improved state
management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28947 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28946 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28944 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28943 (A logging issue was addressed with improved data redaction.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28942 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28941 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28940 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28936 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28930 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28929 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28925 (A buffer overflow was addressed with improved bounds checking.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28924 (A race condition was addressed with improved handling of
symbolic link ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28923 (A logging issue was addressed with improved data redaction.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28922 (This issue was addressed through improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28920 (An information leakage was addressed with additional
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28919 (A consistency issue was addressed with improved state
handling. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28918 (An out-of-bounds access issue was addressed with improved
bounds check ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28917 (The issue was addressed with improved input validation. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28915 (A parsing issue in the handling of directory paths was
addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28914 (A logic issue was addressed with improved file handling. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28913 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28910 (This issue was addressed with improved permissions checking.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28908 (A denial of service issue was addressed by removing the
vulnerable cod ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28907 (The issue was addressed with improved input validation. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28906 (This issue was addressed through improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28905 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28904 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28903 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28902 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28901 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28897 (A buffer overflow was addressed with improved input
validation. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28883 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28873 (This issue was addressed with additional entitlement checks.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28872 (A resource exhaustion issue was addressed with improved input
validati ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28860 (The issue was addressed with improved input validation. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28848 (A buffer overflow was addressed with improved bounds checking.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28847 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28846 (A buffer overflow was addressed with improved bounds checking.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28840 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28830 (A race condition was addressed with additional validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-28819 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-27682 (Due to a reflected cross-site scripting (XSS) vulnerability in
SAP Net ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-20696 (An authorization issue was addressed with improved state
management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-1681 (Issuing an ICMP ping via the `net ping` shell command to a
device's ow ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-1185 (A configuration file on the local file system had improper
input valid ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2026-0804 (An ACAP configuration file lacked sufficient input validation,
which c ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2026-0802 (An ACAP configuration file lacked sufficient input validation,
which c ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2026-0541 (ACAP applications can gain elevated privileges due to improper
input v ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2026-0502 (Due to insufficient CSRF protection in SAP BusinessObjects
Business In ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-7010 (HTTP::Tiny versions before 0.093 for Perl do not validate CRLF
in HTTP ...)
- libhttp-tiny-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39952806/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42dc2253537edb77d340d9ff70f81edf7ebe396d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42dc2253537edb77d340d9ff70f81edf7ebe396d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
