Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
53762235 by Moritz Muehlenhoff at 2026-05-20T23:28:13+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -78,13 +78,13 @@ CVE-2026-39047 (Buffer Overflow vulnerability in EPSON
L14150 FL27PB allows a re
CVE-2026-35070 (Dell SmartFabric Storage Software, versions prior to 1.4.5,
contains a ...)
NOT-FOR-US: Dell / EMC
CVE-2026-30691 (Cross-Site Scripting (XSS) vulnerability in
@cyntler/react-doc-viewer ...)
- TODO: check
+ NOT-FOR-US: @cyntler/react-doc-viewer
CVE-2026-27424 (Missing Authorization vulnerability in WP Chill Image Photo
Gallery Fi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27405 (Missing Authorization vulnerability in Magepeople inc.
WpBookingly all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-25602 (Insufficient Verification of Data Authenticity vulnerability
in Mesalv ...)
- TODO: check
+ NOT-FOR-US: Meona
CVE-2026-24573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24425 (Twig versions 2.16.x and 3.9.0 through 3.25.x contain a
sandbox bypass ...)
@@ -92,9 +92,9 @@ CVE-2026-24425 (Twig versions 2.16.x and 3.9.0 through 3.25.x
contain a sandbox
CVE-2026-22554 (MediaArea MediaInfoLib Channel Splitting heap-based buffer
overflow vu ...)
TODO: check
CVE-2026-22315 (Incorrect Privilege Assignment vulnerability in Mesalvo Meona
Client L ...)
- TODO: check
+ NOT-FOR-US: Meona
CVE-2026-22314 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Meona
CVE-2026-21836 (The HCL DominoIQ RAG feature isaffected bya Broken Access
Control vuln ...)
NOT-FOR-US: HCL
CVE-2026-20240 (In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11,
and 9.3.12 ...)
@@ -104,17 +104,17 @@ CVE-2026-20239 (In Splunk Enterprise versions below
10.2.2 and 10.0.5, and Splun
CVE-2026-20238 (In Splunk AI Toolkit versions below 5.7.3, a low-privileged
user that ...)
NOT-FOR-US: Cisco
CVE-2026-20223 (A vulnerability in the access validation of internal REST
APIs of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20206 (A vulnerability in the BrowserBot component of Cisco
ThousandEyes Ente ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20199 (A vulnerability in the SSL certificate handling of Cisco
ThousandEyes ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20171 (A vulnerability in the Border Gateway Protocol
(BGP) enforce-firs ...)
NOT-FOR-US: Cisco
CVE-2026-0857 (Cleartext Storage of Sensitive Information in Memory
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Meona
CVE-2026-0856 (Improper Access Control vulnerability in Mesalvo Meona Client
Launcher ...)
- TODO: check
+ NOT-FOR-US: Meona
CVE-2025-32750 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an
Exposure of ...)
NOT-FOR-US: Dell / EMC
CVE-2025-31985 (HCL BigFix Service Management (SM) is affected by a security
misconfig ...)
@@ -122,7 +122,7 @@ CVE-2025-31985 (HCL BigFix Service Management (SM) is
affected by a security mis
CVE-2025-31973 (HCL BigFix Service Management (SM) is susceptible to a
Configuration ...)
NOT-FOR-US: HCL
CVE-2025-11954 (Cross-Site request forgery (CSRF) vulnerability in Sitemio
Information ...)
- TODO: check
+ NOT-FOR-US: Sitemio
CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address
derivat ...)
TODO: check
CVE-2026-41073
@@ -273,7 +273,7 @@ CVE-2026-8711 (NGINX JavaScript has a vulnerability when
the js_fetch_proxydirec
- libnginx-mod-js <unfixed>
NOTE: https://my.f5.com/manage/s/article/K000161307
CVE-2026-8706 (Firefox for iOS hosted Reader mode on an unauthenticated local
web ser ...)
- TODO: check
+ NOT-FOR-US: Firefox for iOS
CVE-2026-8685 (The Infility Global plugin for WordPress is vulnerable to SQL
Injectio ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8627 (The Correct Prices plugin for WordPress is vulnerable to
Reflected Cro ...)
@@ -385,7 +385,7 @@ CVE-2026-6095 (Improper Neutralization of Input During Web
Page Generation ("Cro
CVE-2026-6072 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin
for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6009 (Java Deserialisation Vulnerability in Jaspersoft Reports
Library leads ...)
- TODO: check
+ - jasperreports <removed>
CVE-2026-5804 (An improper authentication vulnerability was discovered in the
Motorol ...)
NOT-FOR-US: Lenovo
CVE-2026-5776 (The Email Encoder WordPress plugin before 2.4.7 does not
escape email ...)
@@ -465,7 +465,7 @@ CVE-2026-43634 (HestiaCP versions 1.2.0 through 1.9.4
contain an IP spoofing vul
CVE-2026-43633 (HestiaCP versions 1.9.0 through 1.9.4 contain a
deserialization vulner ...)
NOT-FOR-US: Hestia Control Panel
CVE-2026-42526 (In the AWS Secrets Manager and SSM Parameter Store secrets
backends of ...)
- NOT-FOR-US: AWS Secrets Manager
+ NOT-FOR-US: Apache Airflow provider
CVE-2026-42100 (Improper Handling of Syntactically Invalid Structure in Sparx
Pro Clou ...)
NOT-FOR-US: Sparx Systems
CVE-2026-42099 (Sparx Pro Cloud Server is vulnerable to a Race Condition in
the /data_ ...)
@@ -620,7 +620,7 @@ CVE-2026-29220 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2026-29207 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-27173 (JWT tokens that were used by workers in Kubernetes Executors
have been ...)
- TODO: check
+ NOT-FOR-US: Apache Airflow provider
CVE-2026-24215 (NVIDIA Triton Inference Server contains a vulnerability in the
DALI ba ...)
NOT-FOR-US: NVIDIA
CVE-2026-24214 (NVIDIA Triton Inference Server contains a vulnerability in the
DALI ba ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5376223504197ef3e1390f0f7fb5417d3dfcef0b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5376223504197ef3e1390f0f7fb5417d3dfcef0b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
