Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
452ffea2 by Salvatore Bonaccorso at 2026-05-17T16:43:31+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1331,7 +1331,7 @@ CVE-2026-40893 (Gotenberg is a Docker-powered stateless
API for PDF files. Prior
CVE-2026-38740 (Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to
Clearte ...)
NOT-FOR-US: Foscam VD1 Video Doorbell
CVE-2026-2347 (Authorization bypass through User-Controlled key vulnerability
in Akil ...)
- TODO: check
+ NOT-FOR-US: E-Commerce Website
CVE-2026-27886 (Strapi is an open source headless content management system.
Strapi ve ...)
NOT-FOR-US: Strapi
CVE-2026-27680 (Due to improper input handling under certain conditions, SAP
NetWeaver ...)
@@ -3402,17 +3402,17 @@ CVE-2026-31221 (PyTorch-Lightning versions 2.6.0 and
earlier contain an insecure
CVE-2026-31220 (PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are
vulnerabl ...)
NOT-FOR-US: PySyft (Syft Datasite/Server)
CVE-2026-31219 (The _load_model() function in the neural_magic_training.py
script of t ...)
- TODO: check
+ NOT-FOR-US: nebuly-ai/optimate
CVE-2026-31218 (The _load_model() function in the neural_magic_training.py
script of t ...)
- TODO: check
+ NOT-FOR-US: nebuly-ai/optimate
CVE-2026-31217 (The _load_model() function in the neural_magic_training.py
script of t ...)
- TODO: check
+ NOT-FOR-US: nebuly-ai/optimate
CVE-2026-31216 (The nexent v1.7.5.2 backend service contains an unauthorized
arbitrary ...)
NOT-FOR-US: nexent
CVE-2026-31215 (The nexent v1.7.5.2 backend service contains an unauthorized
arbitrary ...)
NOT-FOR-US: nexent
CVE-2026-31214 (The torch-checkpoint-shrink.py script in the ml-engineering
project in ...)
- TODO: check
+ NOT-FOR-US: ml-engineering
CVE-2026-30810 (Server-Side Request Forgery vulnerability allows Privilege
Escalation ...)
NOT-FOR-US: Pandora FMS
CVE-2026-30808 (Session Fixation vulnerability allows Session Hijacking via
crafted se ...)
@@ -3424,11 +3424,11 @@ CVE-2026-30805 (Insecure Default Initialization of
Resource vulnerability allows
CVE-2026-2993 (The AI Chatbot & Workflow Automation by AIWU plugin for
WordPress is v ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2465 (Incorrect Authorization vulnerability in E-Kalite Software
Hardware En ...)
- TODO: check
+ NOT-FOR-US: Turboard
CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2026-29204 (Insufficient ownership check in `clientarea.php` allows an
authenticat ...)
- TODO: check
+ NOT-FOR-US: WebPros WHMCS
CVE-2026-27851 (When safe filter is used with variable expansion, all
following pipeli ...)
- dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
[bookworm] - dovecot <not-affected> (Vulnerable code introduced later)
@@ -3472,33 +3472,33 @@ CVE-2026-20914 (Null pointer dereference for some
Intel(R) QAT software drivers
CVE-2026-20905 (Improper input validation for some Intel(R) QAT software
drivers for W ...)
TODO: check
CVE-2026-20887 (Improper access control for some Intel Vision software for all
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20881 (Divide by zero for some Intel(R) QAT software drivers for
Windows befo ...)
TODO: check
CVE-2026-20879 (Out-of-bounds write for the Intel(R) Data Center Graphics
Driver for V ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20794 (Buffer overflow for the Intel(R) Data Center Graphics Driver
for VMwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20793 (Unchecked return value for some Intel(R) QAT software drivers
for Wind ...)
TODO: check
CVE-2026-20782 (Buffer overflow for some Intel(R) QAT software drivers for
Windows bef ...)
TODO: check
CVE-2026-20772 (Uncontrolled search path for some Intel(R) Connectivity
Performance Su ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20771 (Null pointer dereference for some Intel(R) QAT software
drivers for Wi ...)
TODO: check
CVE-2026-20767 (Improper input validation for some Intel(R) QAT software
drivers for W ...)
TODO: check
CVE-2026-20754 (Improper conditions check in some firmware for some Intel(R)
NPU Drive ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20753 (Integer overflow in the UEFI firmware for the Slim Bootloader
may allo ...)
TODO: check
CVE-2026-20751 (Out-of-bounds read for the Intel(R) Data Center Graphics
Driver for VM ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20738 (Untrusted pointer dereference for some Intel(R) QuickAssist
Adapter 89 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20718 (Incorrect default permissions for some Intel(R) NPU Driver
software in ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2026-20717 (Improper input validation for some Intel(R) QAT software
drivers for W ...)
TODO: check
CVE-2026-20714 (Out-of-bounds write for some Intel(R) QAT software drivers for
Windows ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452ffea2e362580cc4a2d2c7f12de3d4c106984e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452ffea2e362580cc4a2d2c7f12de3d4c106984e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
