Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6df33b8f by Moritz Muehlenhoff at 2026-05-17T15:07:06+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -411,7 +411,7 @@ CVE-2026-39053 (Oinone Pamirs 7.0.0 contains an XML
External Entity (XXE) issue
CVE-2026-39052 (Oinone Pamirs 7.0.0 contains a code execution vulnerability
via Script ...)
NOT-FOR-US: Oinone Pamirs
CVE-2026-38728 (An issue in Nodemailer smtp_server before v.3.18.3 allows a
remote att ...)
- TODO: check
+ NOT-FOR-US: Node smtp-server
CVE-2026-35194 (Code injection in SQL code generation in Apache Flink 1.15.0
through 1 ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-34253 (A buffer underflow vulnerability has been identified in the
ogg123 uti ...)
@@ -623,7 +623,7 @@ CVE-2025-48513 (Use of uninitialized resource within the
AMD Platform Management
CVE-2025-48512 (Incorrect default permissions in the installation directory
for the AM ...)
TODO: check
CVE-2025-29944 (A buffer overflow vulnerability within AMD Sensor Fusion Hub
Driver ca ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-29938 (An unchecked return value within the AMD Platform Management
Framework ...)
TODO: check
CVE-2025-29937 (An out of bounds read within the AMD Platform Management
Framework (PM ...)
@@ -645,7 +645,7 @@ CVE-2024-36345 (Improper input validation in the AMD
OverDrive (AOD) System Mana
CVE-2024-36334 (Improper verification of cryptographic signature in the Radeon
RGB too ...)
TODO: check
CVE-2024-36333 (A DLL hijacking vulnerability in the AMD Cleanup Utility could
allow a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36332 (Improper isolation of GPU HW register space could allow a
privileged a ...)
TODO: check
CVE-2024-36323 (Improper isolation of VCN-JPEG HW register space could allow a
malicio ...)
@@ -1247,7 +1247,7 @@ CVE-2026-44312 (css_parser is a Ruby CSS parser. Prior to
2.1.0 and 1.22.0, the
NOTE: Fixed by:
https://github.com/premailer/css_parser/commit/35e689c904225add78e0c488cf04bad052666449
(v2.1.0)
NOTE: Fixed by:
https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18
(v1.22.0)
CVE-2026-44308 (Spring Cloud AWS simplifies using AWS managed services in a
Spring and ...)
- TODO: check
+ NOT-FOR-US: Spring Cloud AWS
CVE-2026-44283 (etcd is a distributed key-value store for the data of a
distributed sy ...)
- etcd <unfixed> (bug #1136829)
NOTE:
https://github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5
@@ -1325,9 +1325,9 @@ CVE-2026-27680 (Due to improper input handling under
certain conditions, SAP Net
CVE-2026-24712 (Northern.tech CFEngine Enterprise and Community before 3.21.8,
3.24.3, ...)
TODO: check
CVE-2026-24711 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and
3.27.0 ha ...)
- TODO: check
+ NOT-FOR-US: CFEngine Enterprise
CVE-2026-24710 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and
3.27.0 al ...)
- TODO: check
+ NOT-FOR-US: CFEngine Enterprise
CVE-2026-23998 (Fleet is open source device management software. Prior to
version 4.81 ...)
NOT-FOR-US: Fleet
CVE-2026-22707 (Strapi is an open source headless content management system.
In Strapi ...)
@@ -1337,7 +1337,7 @@ CVE-2026-22706 (Strapi is an open source headless content
management system. In
CVE-2026-22599 (Strapi is an open source headless content management system.
In versio ...)
NOT-FOR-US: Strapi
CVE-2026-21730 (Verba is affected by a Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Verba
CVE-2026-20224 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
NOT-FOR-US: Cisco
CVE-2026-20210 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
@@ -1347,21 +1347,21 @@ CVE-2026-20209 (A vulnerability in the web UI of Cisco
Catalyst SD-WAN Manager,
CVE-2026-20182 (May 2026: This security advisory provides the details and fix
informat ...)
NOT-FOR-US: Cisco
CVE-2026-1630 (WEBCON BPS is vulnerable to Reflected XSS via one of parameters
used b ...)
- TODO: check
+ NOT-FOR-US: WEBCON BPS
CVE-2025-69443 (Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML
page, w ...)
- TODO: check
+ NOT-FOR-US: coleam00 Archon
CVE-2025-68421 (Comarch ERP Optima client makes use of a hard-coded password
for a dat ...)
- TODO: check
+ NOT-FOR-US: Comarch ERP Optima
CVE-2025-68420 (ComarchERP Optima client connects to a database using a high
privilege ...)
- TODO: check
+ NOT-FOR-US: Comarch ERP Optima
CVE-2025-64526 (Strapi is an open source headless content management system.
In Strapi ...)
NOT-FOR-US: Strapi
CVE-2025-62628 (Unsafe OpenSSL initialization within some AMD optional tools
may allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-62625 (Improper privilege management in the KVM key download
component could ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-62619 (Missing authentication in the KVM key download endpoint could
allow an ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-62317 (HCL AION is affected by a vulnerability where sensitive
information ma ...)
NOT-FOR-US: HCL
CVE-2025-62316 (HCL AION is affected by a vulnerability where certain
security-related ...)
@@ -1389,7 +1389,7 @@ CVE-2025-15023 (Incorrect Authorization vulnerability in
Yordam Information Tech
CVE-2025-12008 (Authorization bypass through User-Controlled key vulnerability
in APPY ...)
NOT-FOR-US: Yaay Social Media App
CVE-2025-11024 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: Akili
CVE-2026-6479 (Uncontrolled recursion in PostgreSQL SSL and GSS negotiation
allows an ...)
{DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
@@ -1840,7 +1840,7 @@ CVE-2026-42548 (Flight is an extensible micro-framework
for PHP. Prior to 3.18.1
CVE-2026-42463 (SQLBot is an intelligent Text-to-SQL system based on large
language mo ...)
NOT-FOR-US: SQLBot
CVE-2026-42409 (When an HTTP/2 profile and an iRule containing the
HTTP::redirector HT ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42408 (When BIG-IP DNS is provisioned, a vulnerability exists in an
undisclos ...)
NOT-FOR-US: F5
CVE-2026-42406 (A vulnerability exists in BIG-IP and BIG-IQ systems where a
highly pri ...)
@@ -2007,7 +2007,7 @@ CVE-2026-32673 (A vulnerability exists in BIG-IP scripted
monitors that may allo
CVE-2026-32643 (A vulnerability exists in BIG-IP and BIG-IQ systems where a
highly pri ...)
NOT-FOR-US: F5
CVE-2026-31156 (A path injection vulnerability exists in OpenPLC v3
(2c82b0e79c53f8c1f ...)
- TODO: check
+ NOT-FOR-US: OpenPLC
CVE-2026-30906 (Untrusted search path in the installer for Zoom Rooms for
Windows befo ...)
NOT-FOR-US: Zoom
CVE-2026-30905 (External Control of File Name or Path in the Zoom Workplace
VDI Plugin ...)
@@ -2021,9 +2021,9 @@ CVE-2026-2695 (A command injection vulnerability was
discoveredin TeamViewer DEX
CVE-2026-2515 (The Hostinger Reach \u2013 AI-Powered Email Marketing for
WordPress pl ...)
NOT-FOR-US: WordPress plugin
CVE-2026-29206 (Insufficient sanitization of SQL queries in the `sqloptimizer`
utility ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2026-29205 (Incorrect privileges management and insufficient path
filtering allow ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2026-28758 (When BIG-IP DNS is provisioned, a vulnerability exists in the
gtm_adda ...)
NOT-FOR-US: F5
CVE-2026-28383 (A request to the Grafana plugin resources endpoint can cause
unbounded ...)
@@ -2039,15 +2039,15 @@ CVE-2026-28374 (Editors could delete any annotation,
even those they do not have
CVE-2026-25705 (A vulnerability has been identified in [Rancher's
Extensions](https:// ...)
NOT-FOR-US: SUSE
CVE-2026-25107 (ELECOM wireless LAN access point devices use a hard-coded
cryptographi ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2026-24464 (When running in Appliance mode, a directory traversal
vulnerability ex ...)
NOT-FOR-US: F5
CVE-2026-22677 (Hermes WebUI prior to 0.51.44 - Release T contains a path
traversal vu ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-21821 (The HCL BigFix SCM Reporting site contains an outdated and
unsupported ...)
NOT-FOR-US: HCL
CVE-2026-20916 (An authenticated iControl REST user with low privileges can
create or ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-1659 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-1338 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -2109,21 +2109,21 @@ CVE-2026-0236 (A code injection vulnerability in Palo
Alto Networks Prisma\xae B
CVE-2026-0235 (A race condition vulnerability in Palo Alto Networks Prisma\xae
Browse ...)
NOT-FOR-US: Palo Alto Networks
CVE-2025-32425 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2025-29338 (NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from
v17.92.1.p149.43 To ...)
- TODO: check
+ NOT-FOR-US: NXPAutoGPT
CVE-2025-28344 (striso-control-firmware 54c9722 is vulnerable to Buffer
Overflow in fu ...)
- TODO: check
+ NOT-FOR-US: striso-control-firmware
CVE-2025-28343 (striso-control-firmware 54c9722 is vulnerable to Buffer
Overflow in fu ...)
- TODO: check
+ NOT-FOR-US: striso-control-firmware
CVE-2025-27853 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2
5.0) al ...)
- TODO: check
+ NOT-FOR-US: Garmin
CVE-2025-27852 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2
5.0) al ...)
- TODO: check
+ NOT-FOR-US: Garmin
CVE-2025-27851 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2
5.0) al ...)
- TODO: check
+ NOT-FOR-US: Garmin
CVE-2025-27850 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2
5.0) al ...)
- TODO: check
+ NOT-FOR-US: Garmin
CVE-2025-15345 (The MapGeo \u2013 Interactive Geo Maps plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14870 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -2137,41 +2137,41 @@ CVE-2025-13874 (GitLab has remediated an issue in
GitLab CE/EE affecting all ver
CVE-2025-12669 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2024-55045 (Firmament-Autopilot FMT-Firmware commit de5aec was discovered
to conta ...)
- TODO: check
+ NOT-FOR-US: Firmament-Autopilot FMT-Firmware
CVE-2024-51395 (Buffer Overflow vulnerability in Ardupiot Copter Latest commit
92693e0 ...)
- TODO: check
+ NOT-FOR-US: Ardupiot Copter
CVE-2024-51394 (Buffer Overflow vulnerability in Ardupiot Copter Latest commit
92693e0 ...)
- TODO: check
+ NOT-FOR-US: Ardupiot Copter
CVE-2024-48519 (Buffer Overflow vulnerability in Ardupilot rover commit
v.c56439b04516 ...)
- TODO: check
+ NOT-FOR-US: Ardupiot Copter
CVE-2024-47091 (Privilege escalation in the mk_mysql agent plugin on Windows
in Checkm ...)
TODO: check
CVE-2020-37226 (Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2020-37225 (Powie's WHOIS Domain Check 0.9.31 contains a persistent
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Powie WHOIS Domain Check
CVE-2020-37224 (Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2020-37223 (IObit Uninstaller 9.5.0.15 contains an unquoted service path
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: IObit Uninstaller
CVE-2020-37222 (Kuicms Php EE 2.0 contains a persistent cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Kuicms Php EE
CVE-2020-37221 (Atomic Alarm Clock 6.3 contains a stack overflow vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: Atomic Alarm Clock
CVE-2020-37220 (Huawei HG630 V2 router contains an authentication bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-37219 (Joomla com_fabrik 3.9.11 contains a directory traversal
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2020-37218 (Joomla com_hdwplayer 4.2 contains an SQL injection
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2020-37217 (Easy2Pilot 7 contains a cross-site request forgery
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Easy2Pilot
CVE-2020-37174 (WOOF Products Filter for WooCommerce 1.2.3 contains a
persistent cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-37169 (WordPress Plugin ultimate-member 2.1.3 contains a local file
inclusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-37168 (Ecommerce Systempay 1.0 contains a weak cryptographic
implementation v ...)
- TODO: check
+ NOT-FOR-US: Ecommerce Systempay
CVE-2026-8500 (Web::Passwd versions through 0.03 for Perl is vulnerable to
RCE. Web: ...)
NOT-FOR-US: Web::Passwd Perl module
CVE-2026-42945 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
@@ -2633,11 +2633,11 @@ CVE-2026-34645 (Adobe Commerce versions 2.4.9-beta1,
2.4.8-p4, 2.4.7-p9, 2.4.6-p
CVE-2026-33570 (PowerSYSTEM Center REST API endpoint for devices allows a low
privileg ...)
NOT-FOR-US: PowerSYSTEM Center
CVE-2026-32661 (Stack-based buffer overflow vulnerability exists in
GUARDIANWALL MailS ...)
- TODO: check
+ NOT-FOR-US: GUARDIANWALL
CVE-2026-2725 (Incorrect authorization in the "submitted together" feature in
Gerrit ...)
TODO: check
CVE-2026-26289 (PowerSYSTEM Center REST API endpoint for device account export
allows ...)
- TODO: check
+ NOT-FOR-US: PowerSYSTEM Center REST API
CVE-2026-23827 (A heap-based buffer overflow vulnerability exists in a Network
managem ...)
NOT-FOR-US: HPE
CVE-2026-23826 (A vulnerability in a network management service of AOS-8
Operating Sys ...)
@@ -2671,11 +2671,11 @@ CVE-2025-9988 (The Broadstreet plugin for WordPress is
vulnerable to unauthorize
CVE-2025-9987 (The Broadstreet plugin for WordPress is vulnerable to Sensitive
Inform ...)
NOT-FOR-US: WordPress plugin
CVE-2025-65088 (An Out-of-Bounds Read vulnerability is present in
Ashlar-Vellum Cobalt ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum
CVE-2025-65087 (An Out-of-Bounds Read vulnerability is present in
Ashlar-Vellum Cobalt ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum
CVE-2025-65086 (An Out-of-Bounds Write vulnerability is present in
Ashlar-Vellum Cobal ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum
CVE-2025-62627 (An untrusted pointer dereference in the ionic cloud driver for
VMWare ...)
TODO: check
CVE-2025-62624 (A heap-based buffer overflow in the ionic cloud driver for
VMware ESXi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6df33b8f5a90c8308d0d5b0d0ce28f880e62ff24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6df33b8f5a90c8308d0d5b0d0ce28f880e62ff24
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
