Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1aac113d by Salvatore Bonaccorso at 2026-05-20T21:44:29+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,9 +28,9 @@ CVE-2026-8486 (Allocation of resources without limits or
throttling vulnerabilit
CVE-2026-8485 (Uncontrolled Memory Allocation vulnerability in Progress
Software MOVE ...)
NOT-FOR-US: Progress Software
CVE-2026-8469 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phenixdigital phoenix_storybook
CVE-2026-8467 (Code Injection vulnerability in phenixdigital phoenix_storybook
allows ...)
- TODO: check
+ NOT-FOR-US: phenixdigital phoenix_storybook
CVE-2026-8342
REJECTED
CVE-2026-7613 (The Cost of Goods by PixelYourSite plugin for WordPress is
vulnerable ...)
@@ -40,13 +40,13 @@ CVE-2026-6728 (The Slider Revolution plugin for WordPress
is vulnerable to Sensi
CVE-2026-6405 (The Anomify AI \u2013 Anomaly Detection and Alerting plugin for
WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2026-5783 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: CityPLus
CVE-2026-5200 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and
Marketing Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4293 (The affectedKieback & Peter DDC building controllersare
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Kieback & Peter DDC building controllers
CVE-2026-47068 (Authorization Bypass Through User-Controlled Key vulnerability
in phen ...)
- TODO: check
+ NOT-FOR-US: phoenix_storybook
CVE-2026-45584 (Heap-based buffer overflow in Microsoft Defender allows an
unauthorize ...)
NOT-FOR-US: Microsoft
CVE-2026-45498 (Microsoft Defender Denial of Service Vulnerability)
@@ -56,13 +56,13 @@ CVE-2026-45443 (Missing Authorization vulnerability in
ADD-ONS.ORG PDF for Eleme
CVE-2026-44933 (`PluginScript` attempts to `chroot` the plugin to the
`repoManagerRoot ...)
TODO: check
CVE-2026-44926 (InfoScale CmdServer before 7.4.2 mishandles access control.)
- TODO: check
+ NOT-FOR-US: InfoScale CmdServer
CVE-2026-44925 (Cross-Site Request Forgery (CSRF) vulnerability in InfoScale
v.9.1.3 O ...)
- TODO: check
+ NOT-FOR-US: InfoScale
CVE-2026-44924 (InfoScale VIOM 9.1.3 allows XSS.)
- TODO: check
+ NOT-FOR-US: InfoScale
CVE-2026-44923 (SQL injection in InfoScale VIOM before v9.1.3 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: InfoScale
CVE-2026-42834 (Improper link resolution before file access ('link following')
in Azur ...)
NOT-FOR-US: Microsoft
CVE-2026-42383 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -70,7 +70,7 @@ CVE-2026-42383 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2026-41091 (Improper link resolution before file access ('link following')
in Micr ...)
NOT-FOR-US: Microsoft
CVE-2026-39047 (Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: EPSON
CVE-2026-35070 (Dell SmartFabric Storage Software, versions prior to 1.4.5,
contains a ...)
NOT-FOR-US: Dell / EMC
CVE-2026-30691 (Cross-Site Scripting (XSS) vulnerability in
@cyntler/react-doc-viewer ...)
@@ -499,7 +499,7 @@ CVE-2026-35086 (Improper Control of Generation of Code
('Code Injection') vulner
CVE-2026-34970 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
TODO: check
CVE-2026-34883 (An issue was discovered in the Portrait Dell Color Management
applicat ...)
- TODO: check
+ NOT-FOR-US: Portrait
CVE-2026-34754 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
TODO: check
CVE-2026-34744 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
@@ -513,21 +513,21 @@ CVE-2026-34463 (Mantis Bug Tracker (MantisBT) is an open
source issue tracker. V
CVE-2026-34390 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
TODO: check
CVE-2026-34358 (CtrlPanel is open-source billing software for hosting
providers. Versi ...)
- TODO: check
+ NOT-FOR-US: CtrlPanel
CVE-2026-34246 (CtrlPanel is open-source billing software for hosting
providers. Versi ...)
- TODO: check
+ NOT-FOR-US: CtrlPanel
CVE-2026-34241 (CtrlPanel is open-source billing software for hosting
providers. Versi ...)
- TODO: check
+ NOT-FOR-US: CtrlPanel
CVE-2026-34234 (CtrlPanel is open-source billing software for hosting
providers. In ve ...)
- TODO: check
+ NOT-FOR-US: CtrlPanel
CVE-2026-34233 (CtrlPanel is open-source billing software for hosting
providers. In ve ...)
- TODO: check
+ NOT-FOR-US: CtrlPanel
CVE-2026-34216 (CtrlPanel is open-source billing software for hosting
providers. In ve ...)
- TODO: check
+ NOT-FOR-US: CtrlPanel
CVE-2026-34154 (Discourse is an open-source discussion platform. In versions
prior to ...)
NOT-FOR-US: Discourse
CVE-2026-33741 (EspoCRM is an open source customer relationship management
application ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2026-33642 (Kitty is a cross-platform GPU based terminal. In versions
0.46.2 and b ...)
TODO: check
CVE-2026-33637 (Faraday is an HTTP client library abstraction layer that
provides a co ...)
@@ -557,7 +557,7 @@ CVE-2026-32738 (libheif is a HEIF and AVIF file format
decoder and encoder. In v
NOTE:
https://github.com/strukturag/libheif/security/advisories/GHSA-7f2h-cmpf-v9ww
NOTE:
https://github.com/strukturag/libheif/commit/bdaa37728442800497ea224bd232ca25e2f9bdff
(v1.22.0)
CVE-2026-32134 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging
Platform. ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2026-31986 (Use of Hard-coded Cryptographic Key vulnerability in Apache
OFBiz. Th ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-31910 (Server-Side Request Forgery (SSRF) vulnerability in Apache
OFBiz. Thi ...)
@@ -580,11 +580,11 @@ CVE-2026-31072 (The JSONSerializer and CBORSerializer in
APScheduler (all versio
- apscheduler <unfixed>
NOTE: https://gist.github.com/nedlir/11fb77f35a59cbba73392a086b02a9c6
CVE-2026-31071 (API endpoints in LalanaChami Pharmacy Management System
(commit 5c3d02 ...)
- TODO: check
+ NOT-FOR-US: LalanaChami Pharmacy Management System
CVE-2026-31070 (The LalanaChami Pharmacy Management System (commit 5c3d028)
allows una ...)
- TODO: check
+ NOT-FOR-US: LalanaChami Pharmacy Management System
CVE-2026-31069 (BillaBear (all versions prior to Jan 2026) contains a SQL
Injection vu ...)
- TODO: check
+ NOT-FOR-US: BillaBear
CVE-2026-30118 (scalar/astro v0.1.13 was discovered to contain a Server-Side
Request F ...)
TODO: check
CVE-2026-30117 (scalar/astro v0.1.13 was discovered to contain an arbitrary
file uploa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aac113dd65cc3d4a80a8aded0fce1d38ed9bf57
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aac113dd65cc3d4a80a8aded0fce1d38ed9bf57
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
