Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
caa5c789 by Salvatore Bonaccorso at 2026-05-20T21:15:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -468,9 +468,9 @@ CVE-2026-41470 (LIVE555 before 2026.04.22 contains an
authorization bypass vulne
CVE-2026-3985 (The Creative Mail \u2013 Easier WordPress & WooCommerce Email
Marketin ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39309 (Trilium Notes is a cross-platform, hierarchical note taking
applicatio ...)
- TODO: check
+ NOT-FOR-US: Trilium Notes
CVE-2026-39250 (An authorization vulnerability exists in Innoshop 0.6.0. After
logging ...)
- TODO: check
+ NOT-FOR-US: Innoshop
CVE-2026-37982 (A flaw was found in Keycloak. This authentication
vulnerability allows ...)
- keycloak <itp> (bug #1088287)
CVE-2026-37981 (A flaw was found in Keycloak. A broken access control
vulnerability in ...)
@@ -480,15 +480,15 @@ CVE-2026-37979 (A flaw was found in Keycloak. This access
control vulnerability
CVE-2026-37978 (A flaw was found in Keycloak. A low-privilege administrator
with the ' ...)
- keycloak <itp> (bug #1088287)
CVE-2026-37281 (An OS command injection vulnerability in the /stream-to-vlc
Express ro ...)
- TODO: check
+ NOT-FOR-US: hitarth-gg Zenshin
CVE-2026-36829 (An authentication bypass vulnerability exists in the embedded
HTTP ser ...)
- TODO: check
+ NOT-FOR-US: Panabit PAP-XM320
CVE-2026-36828 (A command injection vulnerability exists in the
/cgi-bin/tools/ajax_cm ...)
- TODO: check
+ NOT-FOR-US: Panabit PAP-XM320
CVE-2026-36827 (A command injection vulnerability exists in Panabit PAP-XM320
up to an ...)
- TODO: check
+ NOT-FOR-US: Panabit PAP-XM320
CVE-2026-35593 (Trilium Notes is an open-source, cross-platform hierarchical
note taki ...)
- TODO: check
+ NOT-FOR-US: Trilium Notes
CVE-2026-35086 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-34970 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caa5c789448687bc9ba41f63fdbfdbcaa1516a82
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caa5c789448687bc9ba41f63fdbfdbcaa1516a82
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
