Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4db9697c by security tracker role at 2026-05-19T07:13:53+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-8851 (SOGo 5.12.7 contains a SQL injection vulnerability in the
Access Contr ...)
TODO: check
CVE-2026-8838 (Unsafe use of Python's eval() on server-received data in the
vector_in ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-8830 (A flaw was found in Keycloak. An authenticated user can bypass
configu ...)
TODO: check
CVE-2026-8814 (Versions of the package exifreader before 4.39.0 are vulnerable
to Imp ...)
@@ -9,7 +9,7 @@ CVE-2026-8814 (Versions of the package exifreader before 4.39.0
are vulnerable t
CVE-2026-8813 (This affects versions of the package exifreader before 4.39.0.
A craft ...)
TODO: check
CVE-2026-4137 (In mlflow/mlflow versions prior to 3.11.0, the
`get_or_create_nfs_tmp_ ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2026-47311 (Heap-based buffer overflow vulnerability in Samsung Open
Source Escarg ...)
TODO: check
CVE-2026-47310 (Use after free vulnerability in Samsung Open Source Escargot
allows Po ...)
@@ -33,9 +33,9 @@ CVE-2026-45245 (Summarize prior to 0.15.1 contains a
vulnerability in the hover
CVE-2026-45244 (Summarize prior to 0.15.1 contains a missing authorization
vulnerabili ...)
TODO: check
CVE-2026-33565 (in OpenHarmony v6.0 and prior versions allow a local attacker
cause DO ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-33514 (Discourse is an open-source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33234 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
TODO: check
CVE-2026-33233 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
@@ -51,13 +51,13 @@ CVE-2026-32323 (Mullvad VPN is a VPN client app for desktop
and mobile. When usi
CVE-2026-32312 (GLPI is a free asset and IT management software package. In
versions 1 ...)
TODO: check
CVE-2026-32244 (Discourse is an open-source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30950 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
TODO: check
CVE-2026-28751 (in OpenHarmony v6.0 and prior versions allow a local attacker
cause DO ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-28733 (in OpenHarmony v6.0 and prior versions allow a local attacker
arbitrar ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-27964 (FacturaScripts is an open source accounting and invoicing
software. Ve ...)
TODO: check
CVE-2026-27892 (FacturaScripts is an open source accounting and invoicing
software. In ...)
@@ -65,37 +65,37 @@ CVE-2026-27892 (FacturaScripts is an open source accounting
and invoicing softwa
CVE-2026-27891 (FacturaScripts is an open source accounting and invoicing
software. Ve ...)
TODO: check
CVE-2026-27781 (in OpenHarmony v6.0 and prior versions allow a local attacker
cause DO ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-27766 (in OpenHarmony v6.0 and prior versions allow a local attacker
cause in ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-27737 (BigBlueButton is an open-source virtual classroom. In versions
prior t ...)
TODO: check
CVE-2026-27648 (in OpenHarmony v6.0 and prior versions allow a remote attacker
arbitra ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-27130 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
Version ...)
TODO: check
CVE-2026-26978 (FreePBX is an open source IP PBX. In versions below 16.0.71
and 17.0.6 ...)
TODO: check
CVE-2026-25850 (in OpenHarmony v6.0 and prior versions allow a local attacker
cause in ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-25781 (in OpenHarmony v6.0 and prior versions allow a local attacker
cause DO ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-25244 (WebdriverIO is a test automation framework for unit, e2e and
component ...)
TODO: check
CVE-2026-25110 (in OpenHarmony v6.0 and prior versions allow a local attacker
cause DO ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-24792 (in OpenHarmony v6.0 and prior versions allow a remote attacker
arbitra ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2026-22810 (Joplin is an open source note-taking and to-do application
that organi ...)
TODO: check
CVE-2026-22069 (A local privilege escalation vulnerability exists in O+
Connect becaus ...)
TODO: check
CVE-2026-21789 (HCL Connections contains a broken access control vulnerability
that ma ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-65954 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS
server in t ...)
TODO: check
CVE-2025-15609 (The Fortis for WooCommerce WordPress plugin before 1.3.1 may
leak sens ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-45137
NOT-FOR-US: Rust anchor-lang
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0144.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4db9697cf4d5baa314d39390cf45af689f080e8d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4db9697cf4d5baa314d39390cf45af689f080e8d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
