Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
097ec720 by Salvatore Bonaccorso at 2026-05-21T21:20:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-9157 (Improper input validation, Unrestricted upload of file with
dangerous ...)
- TODO: check
+ NOT-FOR-US: Gmission
CVE-2026-9089 (The ConnectWise Automate\u2122 Agent does not fully verify the
authent ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2026-5434 (Honeywell Control Network Module (CNM)contains insertion of
sensitive ...)
NOT-FOR-US: Honeywell
CVE-2026-5433 (Honeywell Control Network Module (CNM)contains command
injection vulne ...)
@@ -13,79 +13,79 @@ CVE-2026-4858 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x
<= 11.5.3, 11.4.x <=
CVE-2026-4055 (Mattermost versions 11.5.x <= 11.5.1 fail to validate
team-level run_c ...)
TODO: check
CVE-2026-48249 (Open ISES Tickets before 3.44.2 disables TLS certificate
verification ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48248 (Open ISES Tickets before 3.44.2 disables TLS certificate
verification ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48247 (Open ISES Tickets before 3.44.2 disables TLS certificate
verification ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48246 (Open ISES Tickets before 3.44.2 disables TLS certificate
verification ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48245 (Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps
API key ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48244 (Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps
API key ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48243 (Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages
reverse- ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48242 (Open ISES Tickets before 3.44.2 contains hardcoded MySQL
database conn ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48241 (Open ISES Tickets before 3.44.2 contains hardcoded MySQL
database cred ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48240 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48239 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48238 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48237 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48236 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48235 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48234 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48233 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48232 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48231 (Open ISES Tickets before 3.44.2 contains a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48230 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48229 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48228 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48227 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48226 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48225 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48224 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48223 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48222 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48221 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48220 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48219 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48218 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48217 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48216 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48215 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48214 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48213 (Open ISES Tickets before 3.44.2 contains a reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48207 (Deserialization of untrusted data in Apache Fory PyFory.
PyFory's Redu ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-45760 ((Externally Controlled Reference to a Resource in Another
Sphere), (Au ...)
@@ -450,7 +450,7 @@ CVE-2026-48172 (LiteSpeed User-End cPanel Plugin before
2.4.5 allows privilege e
CVE-2026-47782 (Android App "RoboForm Password Manager" provided by Siber
Systems, Inc ...)
NOT-FOR-US: Siber Systems
CVE-2026-47099 (TeleJSON prior to 6.0.0 contains a DOM-based cross-site
scripting vuln ...)
- TODO: check
+ NOT-FOR-US: TeleJSON
CVE-2026-45444 (Unrestricted Upload of File with Dangerous Type vulnerability
in WP Sw ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-40165 (authentik is an open-source identity provider. Versions
2025.12.4 and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/097ec7202cbd2b8300656f078f4c4904fe303f06
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/097ec7202cbd2b8300656f078f4c4904fe303f06
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
