Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4d385d1 by Salvatore Bonaccorso at 2026-05-26T22:19:39+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -62,9 +62,9 @@ CVE-2026-8479 (IEC 60870-5-104 used in bidirectional mode in
RTU500 is vulnerabl
CVE-2026-8174 (Zohocorp Zoho Mail wordpress plugin is vulnerable toCross-Site
request ...)
NOT-FOR-US: Zoho
CVE-2026-8047 (The affected products perform improper length checking when
parsing in ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-8046 (The affected products insufficiently verify authorization when
deletin ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-7454 (A maliciously crafted WRL file, when parsed through Autodesk
3ds Max, ...)
NOT-FOR-US: Autodesk
CVE-2026-7453 (A maliciously crafted WRL file, when parsed through Autodesk
3ds Max, ...)
@@ -76,11 +76,11 @@ CVE-2026-7451 (A maliciously crafted TIF file, when parsed
through Autodesk 3ds
CVE-2026-7450 (A maliciously crafted PAR file, when parsed through Autodesk
3ds Max, ...)
NOT-FOR-US: Autodesk
CVE-2026-7374 (A flaw was found in KubeVirt's virt-handler component. This
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: KubeVirt
CVE-2026-7310 (A heap-based buffer overflow vulnerability exists in XML parser
functi ...)
NOT-FOR-US: Hitachi Energy
CVE-2026-7251 (Eppendorf BioFlo 320is vulnerable to due to VNC server using a
hard-co ...)
- TODO: check
+ NOT-FOR-US: Eppendorf
CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim
Fix 021 ...)
NOT-FOR-US: IBM
CVE-2026-48905 (Lack of input filtering leads to an XSS vector in the HTML
filter code ...)
@@ -104,99 +104,101 @@ CVE-2026-48897 (Insufficient state checks lead to a
vector that allows to bypass
CVE-2026-48896 (Insufficient state checks lead to a vector that allows to
bypass 2FA c ...)
NOT-FOR-US: Joomla
CVE-2026-48864 (A flaw was found in libsolv. This heap buffer overflow occurs
during t ...)
- TODO: check
+ - libsolv <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460425
+ NOTE: Not considered a security risk per upstream, as issue is in solv
file parser
CVE-2026-48697 (FastNetMon Community Edition through 1.2.9 does not verify TLS
certifi ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48696 (FastNetMon Community Edition through 1.2.9 has a buffer
overflow, a di ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48695 (FastNetMon Community Edition through 1.2.9 contains an OS
command inje ...)
NOT-FOR-US: MikroTik
CVE-2026-48694 (FastNetMon Community Edition through 1.2.9 contains a
configuration in ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48693 (FastNetMon Community Edition through 1.2.9 is vulnerable to a
local sy ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48692 (FastNetMon Community Edition through 1.2.9 exposes a gRPC API
server o ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48691 (FastNetMon Community Edition through 1.2.9 contains an integer
overflo ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48690 (FastNetMon Community Edition through 1.2.9 contains an integer
overflo ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48689 (FastNetMon Community Edition through 1.2.9 contains an
off-by-one heap ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48688 (FastNetMon Community Edition through 1.2.9 contains multiple
out-of-bo ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48687 (FastNetMon Community Edition through 1.2.9 contains an OS
command inje ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48686 (FastNetMon Community Edition through 1.2.9 contains a
stack-based buff ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48685 (FastNetMon Community Edition through 1.2.9 has out-of-bounds
memory ac ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48684 (FastNetMon Community Edition through 1.2.9 contains an
out-of-bounds r ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48683 (FastNetMon Community Edition through 1.2.9 contains an
out-of-bounds r ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48136 (When Compliance is enabled on Check Point Multi-Domain
Management, an ...)
- TODO: check
+ NOT-FOR-US: Check Point Multi-Domain Management
CVE-2026-48135 (A Check Point HTTP-based service can incorrectly handle
malformed HTTP ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48134 (When the DLP is active, the UserCheck Web Portal contains an
input-han ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48133 (When the Identity Awareness blade is enabled with
Browser-Based Authen ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48132 (The Security Gateway does not correctly validate a length
value in cer ...)
TODO: check
CVE-2026-48131 (The VPN service may mishandle an unexpected IKE fragment value
receive ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48126 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.8 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-48091
REJECTED
CVE-2026-47728 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0,
Bugsink ...)
- TODO: check
+ NOT-FOR-US: Bugsink
CVE-2026-47716 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0,
In affec ...)
- TODO: check
+ NOT-FOR-US: Bugsink
CVE-2026-47715 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0,
Bugsink ...)
- TODO: check
+ NOT-FOR-US: Bugsink
CVE-2026-47202 (Kavita is a cross platform reading server. Prior to 0.9.0.2,
an Improp ...)
- TODO: check
+ NOT-FOR-US: Kavita
CVE-2026-46624 (Twenty is an open source CRM. From 1.7.7 through 1.16.7, a
critical Re ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2026-46620 (e107 is a content management system (CMS). Prior to 2.3.5,
e107 CMS do ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-46431 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.7 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-46430 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.7 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-46368 (luci-app-https-dns-proxy through 2025.12.29-5 \u2014 an
optional LuCI ...)
- TODO: check
+ NOT-FOR-US: luci-app-https-dns-proxy
CVE-2026-45728 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.7 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-45721 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.7 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-45247 (Mirasvit Full Page Cache Warmer for Magento 2 before version
1.11.12 c ...)
TODO: check
CVE-2026-45082 (Karakeep is a elf-hostable bookmark-everything app. A
Server-Side Requ ...)
TODO: check
CVE-2026-44776 (Kavita is a cross platform reading server. Prior to 0.9.0, the
downloa ...)
- TODO: check
+ NOT-FOR-US: Kavita
CVE-2026-44775 (Kavita is a cross platform reading server. Prior to 0.9.0, the
ReaderC ...)
- TODO: check
+ NOT-FOR-US: Kavita
CVE-2026-44749 (The SAP Gateway allows attackers to inject content into error
messages ...)
NOT-FOR-US: SAP
CVE-2026-44730 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2026-44729 (Twenty is an open source CRM. In 1.18.0 and earlier, the file
serving ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2026-44728 (Babel is a compiler for writing next generation JavaScript.
From 7.12. ...)
TODO: check
CVE-2026-44723 (Vowpal Wabbit is a machine learning system. The workflow
.github/workf ...)
- TODO: check
+ NOT-FOR-US: Vowpal Wabbit
CVE-2026-44707 (Chatwoot is a customer engagement suite. From 2.14.0 to before
4.13.0, ...)
- TODO: check
+ NOT-FOR-US: Chatwoot
CVE-2026-44706 (Chatwoot is a customer engagement suite. From 2.2.0 to before
4.11.2, ...)
- TODO: check
+ NOT-FOR-US: Chatwoot
CVE-2026-44680 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper,
Unit of ...)
- TODO: check
+ NOT-FOR-US: MikroORM
CVE-2026-44669 (FACTION is a PenTesting Report Generation and Collaboration
Framework. ...)
TODO: check
CVE-2026-44668 (FACTION is a PenTesting Report Generation and Collaboration
Framework. ...)
@@ -204,29 +206,29 @@ CVE-2026-44668 (FACTION is a PenTesting Report Generation
and Collaboration Fram
CVE-2026-44667 (FACTION is a PenTesting Report Generation and Collaboration
Framework. ...)
TODO: check
CVE-2026-44502 (Bugsink is a self-hosted error tracking tool. Prior to 2.1.3,
Bugsink\ ...)
- TODO: check
+ NOT-FOR-US: Bugsink
CVE-2026-44469 (The affected product extracts installation files to a
temporary direct ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-44468 (The affected product creates a directory with insecure default
permiss ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-44410 (This vulnerability stems from a business logic flaw.Attackers
can expl ...)
NOT-FOR-US: ZTE
CVE-2026-44314 (Traccar is an open source GPS tracking system. Prior to
6.13.0, Device ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2026-43982 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.6 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-43981 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.6 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-43936 (e107 is a content management system (CMS). Prior to 2.3.4, you
can acc ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-43935 (e107 is a content management system (CMS). Prior to 2.3.4, a
Host Head ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-43934 (e107 is a content management system (CMS). Prior to 2.3.4, a
Broken Ac ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-43919
REJECTED
CVE-2026-42785 (OpenKM 6.3.12 contains a remote code execution vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2026-42448 (Magic Wormhole makes it possible to get arbitrary-sized files
and dire ...)
TODO: check
CVE-2026-42425 (OpenKM 6.3.12 contains an unrestricted SQL execution
vulnerability tha ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d385d1fb2ac1debe94e2c312ae0d77ad22c85a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d385d1fb2ac1debe94e2c312ae0d77ad22c85a
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
