Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6cdce59 by Salvatore Bonaccorso at 2026-05-22T21:52:34+02:00
Process some new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,23 +41,23 @@ CVE-2026-8684 (The MotoPress Hotel Booking plugin for
WordPress is vulnerable to
CVE-2026-8679 (The AudioIgniter plugin for WordPress is vulnerable to Insecure
Direct ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8673 (Unprotected transport of credentials vulnerability in syslink
software ...)
- TODO: check
+ NOT-FOR-US: Avantra
CVE-2026-8672 (Use of default password vulnerability in syslink software AG
Avantra o ...)
- TODO: check
+ NOT-FOR-US: Avantra
CVE-2026-8671 (Insertion of sensitive information into log file vulnerability
in sysl ...)
- TODO: check
+ NOT-FOR-US: Avantra
CVE-2026-8670 (Insufficient session expiration vulnerability in syslink
software AG A ...)
- TODO: check
+ NOT-FOR-US: Avantra
CVE-2026-8477 (Improper enforcement of the sealed-entry workflow in the entry
sensiti ...)
NOT-FOR-US: Devolutions
CVE-2026-8381 (A broken access control vulnerability exists in the TeamViewer
DEX Pla ...)
NOT-FOR-US: TeamViewer
CVE-2026-8353 (Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS
via page ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8347 (Concrete CMS 9.5.0 and below is vulnerable to IDOR +
wrong-authorizati ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8340 (Concrete CMS 9.5.0 and below is vulnerable to CSRF via
Backend\File::a ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7798 (The FluentCRM \u2013 Email Newsletter, Automation, Email
Marketing, Em ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7636 (The Slider by Soliloquy \u2013 Responsive Image Slider for
WordPress p ...)
@@ -95,55 +95,55 @@ CVE-2026-44417 (The fix forCVE-2025-48913: Apache CXF:
Untrusted JMS configurati
CVE-2026-42627 (In Arm ArmNN through 2026-03-27, an integer overflow in
TensorShape::G ...)
TODO: check
CVE-2026-42626 (HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not
properly ma ...)
- TODO: check
+ NOT-FOR-US: HP ENVY 5000 series printers
CVE-2026-42506 (Parsing arbitrary HTML which is then rendered using Render can
result ...)
TODO: check
CVE-2026-42502 (Parsing arbitrary HTML which is then rendered using Render can
result ...)
TODO: check
CVE-2026-40172 (authentik is an open-source identity provider. In versions
prior to 20 ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-40166 (authentik is an open-source identity provider. In versions
prior to 20 ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-3636 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-3473 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-39970 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior
contain a ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39969 (TypeBot is a chatbot builder tool. In versions 3.16.0 and
prior, the W ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39968 (TypeBot is a chatbot builder tool. In versions 3.15.2 and
prior, the f ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39967 (TypeBot is a chatbot builder tool. In versions 3.15.2 and
prior, the b ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39966 (TypeBot is a chatbot builder tool. In versions 3.15.2, the
getLinkedTy ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39965 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior
contain a ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39964 (TypeBot is a chatbot builder tool. In versions prior to
3.16.0, the Ty ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39821 (The ToASCII and ToUnicode functions incorrectly accept
Punycode-encode ...)
TODO: check
CVE-2026-37470 (An issue in ClipBucket v5 v.5.5.2 allows an attacker to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2026-36228 (Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a
remote ...)
- TODO: check
+ NOT-FOR-US: Easy Chat Server
CVE-2026-36227 (Directory Traversal vulnerability in Easy Chat Server 3.1
allows a rem ...)
- TODO: check
+ NOT-FOR-US: Easy Chat Server
CVE-2026-36226 (Cross Site Scripting vulnerability in Advantech
WebAccess/SCADA 8.0-20 ...)
NOT-FOR-US: Advantech
CVE-2026-34207 (TypeBot is a chatbot builder tool. In versions prior to
3.16.0, SSRF p ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-33712 (Typebot is a chatbot builder tool. In versions 3.15.2 and
prior, the p ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-32253 (Sunshine is a self-hosted game stream host for Moonlight. In
versions ...)
- TODO: check
+ NOT-FOR-US: Sunshine
CVE-2026-28735 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-28445 (Typebot is a chatbot builder tool. In versions 3.15.2 and
prior, the R ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-28444 (Typebot is a chatbot builder tool. In versions 3.15.2 and
prior, the g ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-27136 (Parsing arbitrary HTML which is then rendered using Render can
result ...)
TODO: check
CVE-2026-25681 (Parsing arbitrary HTML which is then rendered using Render can
result ...)
@@ -355,15 +355,15 @@ CVE-2026-39827 (An authenticated SSH client that
repeatedly opened channels whic
NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
NOTE: https://github.com/golang/go/issues/35127
CVE-2026-34911 (A malicious actor with access to the network and low
privileges could ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-34910 (A malicious actor with access to the network could exploit an
Improper ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-34909 (A malicious actor with access to the network could exploit a
Path Trav ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-34908 (A malicious actor with access to the network could exploit an
Improper ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-33000 (A malicious actor with access to the network and high
privileges could ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-2518 (The FastX theme for WordPress is vulnerable to unauthorized
limited pl ...)
NOT-FOR-US: WordPress plugin
CVE-2026-22678 (Webmin before 2.641 contains a stored cross-site scripting
vulnerabili ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6cdce596b5537d8c520c6b513eacc5a58cb02b7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6cdce596b5537d8c520c6b513eacc5a58cb02b7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
