Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40897bc8 by Moritz Muehlenhoff at 2026-05-17T13:18:15+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2021-47980 (Fuel CMS 1.4.13 contains a blind SQL injection
vulnerability tha
CVE-2021-47979 (WordPress Plugin Backup and Restore 1.0.3 contains an
arbitrary file d ...)
NOT-FOR-US: WordPress plugin
CVE-2021-47978 (ProcessMaker 3.5.4 contains a local file inclusion
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: ProcessMaker
CVE-2021-47977 (WordPress Plugin Anti-Malware Security and Bruteforce Firewall
4.20.59 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-47976 (TextPattern CMS 4.9.0-dev contains a remote code execution
vulnerabili ...)
@@ -15,73 +15,73 @@ CVE-2021-47976 (TextPattern CMS 4.9.0-dev contains a remote
code execution vulne
CVE-2021-47975 (WP Learn Manager 1.1.2 contains a stored cross-site scripting
vulnerab ...)
NOT-FOR-US: WordPress plugin
CVE-2021-47974 (VX Search 13.5.28 contains an unquoted service path
vulnerability in b ...)
- TODO: check
+ NOT-FOR-US: VX Search
CVE-2021-47973 (Sticky Notes Widget 3.0.6 contains a denial of service
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Sticky Notes
CVE-2021-47972 (Sticky Notes & Color Widgets 1.4.2 contains a denial of
service vulner ...)
- TODO: check
+ NOT-FOR-US: Sticky Notes
CVE-2021-47971 (My Notes Safe 5.3 contains a denial of service vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: My Notes
CVE-2021-47970 (Macaron Notes 5.5 contains a denial of service vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: Macaron Notes
CVE-2021-47969 (Color Notes 1.4 contains a denial of service vulnerability
that allows ...)
- TODO: check
+ NOT-FOR-US: Color Notes
CVE-2021-47957 (Cookie Law Bar 1.2.1 contains a stored cross-site scripting
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Cookie Law Bar
CVE-2021-47956 (EgavilanMedia PHPCRUD 1.0 contains an SQL injection
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: EgavilanMedia PHPCRUD
CVE-2021-47955 (CouchCMS 2.2.1 contains a cross-site scripting vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: CouchCMS
CVE-2021-47954 (LayerBB 1.1.4 contains an SQL injection vulnerability that
allows unau ...)
- TODO: check
+ NOT-FOR-US: LayerBB
CVE-2021-47952 (python jsonpickle 2.0.0 contains a remote code execution
vulnerability ...)
TODO: check
CVE-2021-47942 (Home Assistant Community Store (HACS) 1.10.0 contains a path
traversal ...)
- TODO: check
+ NOT-FOR-US: Home Assistant Community Store (HACS)
CVE-2021-47934 (MyBB Timeline Plugin 1.0 contains cross-site scripting
vulnerabilities ...)
NOT-FOR-US: MyBB
CVE-2020-37247 (Kite 4.2.0.1 U1 contains an unquoted service path
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Kite
CVE-2020-37246 (Supsystic Backup 2.3.9 contains a local file inclusion
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37245 (Supsystic Digital Publications 1.6.9 contains a path traversal
vulnera ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37244 (Supsystic Membership 1.4.7 contains an SQL injection
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37243 (Supsystic Pricing Table 1.8.7 contains an SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37242 (Supsystic Ultimate Maps 1.1.12 contains an SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37241 (bloofoxCMS 0.5.2.1 contains a cross-site request forgery
vulnerability ...)
- TODO: check
+ NOT-FOR-US: bloofoxCMS
CVE-2020-37240 (Queue Management System 4.0.0 contains a stored cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Queue Management System
CVE-2020-37239 (libbabl 0.1.62 contains a broken double free detection
vulnerability t ...)
TODO: check
CVE-2020-37238 (CMS Made Simple 2.2.15 contains a stored cross-site scripting
vulnerab ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-37237 (Composr CMS 10.0.34 contains a persistent cross-site scripting
vulnera ...)
- TODO: check
+ NOT-FOR-US: Composr CMS
CVE-2020-37236 (NewsLister contains an authenticated persistent cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: NewsLister
CVE-2020-37235 (WordPress Theme Wibar 1.1.8 contains a stored cross-site
scripting vul ...)
- TODO: check
+ NOT-FOR-US: WordPress theme or plugin
CVE-2020-37234 (Internet Download Manager 6.38.12 contains a buffer overflow
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Internet Download Manager
CVE-2020-37233 (WordPress Plugin Buddypress 6.2.0 contains a persistent
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: WordPress theme or plugin
CVE-2020-37232 (Advanced System Care Service 13.0.0.157 contains an unquoted
service p ...)
- TODO: check
+ NOT-FOR-US: Advanced System Care Service
CVE-2020-37231 (Privacy Drive 3.17.0 contains an unquoted service path
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Privacy Drive
CVE-2020-37230 (Syncplify.me Server! 5.0.37 contains an unquoted service path
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Syncplify.me
CVE-2020-37229 (OKI sPSV Port Manager 1.0.41 contains an unquoted service path
vulnera ...)
- TODO: check
+ NOT-FOR-US: OKI sPSV Port Manager
CVE-2020-37228 (iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA
security byp ...)
- TODO: check
+ NOT-FOR-US: DS6 DSSPro Digital Signage System
CVE-2020-37227 (HS Brand Logo Slider 2.1 contains an unrestricted file upload
vulnerab ...)
- TODO: check
+ NOT-FOR-US: HS Brand Logo Slider
CVE-2026-46719 (Net::Statsd::Lite versions before 0.9.0 for Perl allowed
metric inject ...)
NOT-FOR-US: Net::Statsd::Lite Perl module
CVE-2026-8696 (radare2 6.1.5 contains a use-after-free vulnerability in the
gdbr_pids ...)
@@ -419,29 +419,29 @@ CVE-2026-34253 (A buffer underflow vulnerability has been
identified in the ogg1
CVE-2026-2031 (An Improper Access Controlvulnerability inseveral internal API
endpoin ...)
TODO: check
CVE-2026-23695 (Cockpit CMS through version 2.14.0, patched in commit 72a83fc,
contain ...)
- TODO: check
+ NOT-FOR-US: Cockpit CMS
CVE-2025-67437 (Medical Management System
a81df1ce700a9662cb136b27af47f4cbde64156b is ...)
- TODO: check
+ NOT-FOR-US: Medical Management System
CVE-2025-14972 (* Countermeasures for DPA within SYMCRYPTO engine on
SixG301xxx devic ...)
NOT-FOR-US: Silicon Labs
CVE-2021-47968 (Podcast Generator 3.1 contains a persistent cross-site
scripting vulne ...)
- TODO: check
+ NOT-FOR-US: Podcast Generator
CVE-2021-47967 (PHP Timeclock 1.04 contains multiple cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: PHP Timeclock
CVE-2021-47966 (PHP Timeclock 1.04 contains time-based and boolean-based blind
SQL inj ...)
- TODO: check
+ NOT-FOR-US: PHP Timeclock
CVE-2021-47965 (WordPress Plugin WP Super Edit 2.5.4 and earlier contains an
unrestric ...)
- TODO: check
+ NOT-FOR-US: WordPress theme or plugin
CVE-2021-47964 (Schlix CMS 2.2.6-6 contains a remote code execution
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Schlix CMS
CVE-2021-47963 (Anote 1.0 contains a persistent cross-site scripting
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Anote
CVE-2021-47962 (Savsoft Quiz 5.0 contains a persistent cross-site scripting
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Savsoft Quiz
CVE-2021-47959 (WordPress Plugin WPGraphQL 1.3.5 contains a denial of service
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress theme or plugin
CVE-2021-47958 (CouchCMS 2.2.1 contains a server-side request forgery
vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Couch CMS
CVE-2026-8454 (Imager::File::GIF versions through 1.002 for Perl allow a heap
out of ...)
NOT-FOR-US: Imager::File::GIF Perl module
NOTE: Imager::File::GIF used in libimager-perl and has separate
CVE-2026-8669
@@ -577,17 +577,17 @@ CVE-2026-3290 (Timing limitations of the HRNG in RS9116
when power save mode is
CVE-2026-2652 (A vulnerability in mlflow/mlflow versions 3.9.0 and earlier
allows una ...)
NOT-FOR-US: mlflow
CVE-2026-28761 (Cross-site request forgery vulnerability exists in Musetheque
V4 Infor ...)
- TODO: check
+ NOT-FOR-US: Musetheque
CVE-2026-26191 (Fleet is open source device management software. Prior to
version 4.81 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-26062 (Fleet is open source device management software. Prior to
version 4.81 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-24899 (Fleet is open source device management software. Prior to
version 4.82 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-24662 (Cross-site scripting vulnerability exists in Musetheque V4
Information ...)
- TODO: check
+ NOT-FOR-US: Musetheque
CVE-2026-24000 (Fleet is open source device management software. Prior to
version 4.80 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-0481 (Unrestricted IP address binding in the AMD Device Metrics
Exporter (RO ...)
TODO: check
CVE-2026-0438 (A System Management Mode (SMM) handler could perform a callout
to code ...)
@@ -1289,7 +1289,7 @@ CVE-2026-42555 (Valtimo is an open-source business
process automation platform.
CVE-2026-42457 (vCluster Platform provides a Kubernetes platform for managing
virtual ...)
NOT-FOR-US: vCluster Platform
CVE-2026-42334 (Mongoose is a MongoDB object modeling tool designed to work in
an asyn ...)
- TODO: check
+ NOT-FOR-US: Automattic Mongoose (different from src:mongoose)
CVE-2026-42283 (DevSpace is a client-only developer tool for cloud-native
development ...)
NOT-FOR-US: DevSpace
CVE-2026-42281 (MagicMirror\xb2 is an open source modular smart mirror
platform. Prior ...)
@@ -1319,7 +1319,7 @@ CVE-2026-38740 (Foscam VD1 Video Doorbell before
V5.3.13_1072 is vulnerable to C
CVE-2026-2347 (Authorization bypass through User-Controlled key vulnerability
in Akil ...)
TODO: check
CVE-2026-27886 (Strapi is an open source headless content management system.
Strapi ve ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2026-27680 (Due to improper input handling under certain conditions, SAP
NetWeaver ...)
NOT-FOR-US: SAP
CVE-2026-24712 (Northern.tech CFEngine Enterprise and Community before 3.21.8,
3.24.3, ...)
@@ -1329,13 +1329,13 @@ CVE-2026-24711 (Northern.tech CFEngine Enterprise
before 3.21.8, 3.24.3, and 3.2
CVE-2026-24710 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and
3.27.0 al ...)
TODO: check
CVE-2026-23998 (Fleet is open source device management software. Prior to
version 4.81 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-22707 (Strapi is an open source headless content management system.
In Strapi ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2026-22706 (Strapi is an open source headless content management system.
In Strapi ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2026-22599 (Strapi is an open source headless content management system.
In versio ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2026-21730 (Verba is affected by a Stored Cross-Site Scripting (XSS)
vulnerability ...)
TODO: check
CVE-2026-20224 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
@@ -1355,7 +1355,7 @@ CVE-2025-68421 (Comarch ERP Optima client makes use of a
hard-coded password for
CVE-2025-68420 (ComarchERP Optima client connects to a database using a high
privilege ...)
TODO: check
CVE-2025-64526 (Strapi is an open source headless content management system.
In Strapi ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2025-62628 (Unsafe OpenSSL initialization within some AMD optional tools
may allow ...)
TODO: check
CVE-2025-62625 (Improper privilege management in the KVM key download
component could ...)
@@ -1381,13 +1381,13 @@ CVE-2025-62308 (HCL AION is affected by a vulnerability
where sensitive backend
CVE-2025-62305 (HCL AION is affected by a vulnerability where certain
operations may t ...)
NOT-FOR-US: HCL
CVE-2025-15025 (Authorization bypass through User-Controlled key vulnerability
in Yord ...)
- TODO: check
+ NOT-FOR-US: Yordam
CVE-2025-15024 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Yordam
CVE-2025-15023 (Incorrect Authorization vulnerability in Yordam Information
Technology ...)
- TODO: check
+ NOT-FOR-US: Yordam
CVE-2025-12008 (Authorization bypass through User-Controlled key vulnerability
in APPY ...)
- TODO: check
+ NOT-FOR-US: Yaay Social Media App
CVE-2025-11024 (Improper neutralization of special elements used in an SQL
command ('S ...)
TODO: check
CVE-2026-6479 (Uncontrolled recursion in PostgreSQL SSL and GSS negotiation
allows an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40897bc864840e057ffffa8718f1da6a4373a690
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40897bc864840e057ffffa8718f1da6a4373a690
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
