Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8773bdec by Salvatore Bonaccorso at 2026-05-30T08:58:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -223,21 +223,21 @@ CVE-2026-44611 (Danelec MacGregor Voyage Data Recorder
passwords are stored with
CVE-2026-44518 (liboqs is a C-language cryptographic library that provides
implementat ...)
- liboqs <removed>
CVE-2026-44239 (FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5,
the Das ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2026-44238 (FreePBX is an open source IP PBX. Prior to 16.0.50 and
17.0.11, the CD ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2026-44237 (FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX
api mod ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2026-43917 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.19 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-42965 (A flaw was found in the OpenShift Router. A user with
EndpointSlice wr ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift Router
CVE-2026-42951 (An authenticated user can download a backup of theDanelec
MacGregor Vo ...)
- TODO: check
+ NOT-FOR-US: Danelec
CVE-2026-42941 (TheDanelec MacGregor Voyage Data Recorder device includes a
default u ...)
- TODO: check
+ NOT-FOR-US: Danelec
CVE-2026-42929 (Danelec MacGregor Voyage Data Recorder includes default
accounts with ...)
- TODO: check
+ NOT-FOR-US: Danelec
CVE-2026-41159 (Mermaid is a JavaScript tool that uses Markdown-inspired text
to creat ...)
TODO: check
CVE-2026-41150 (Mermaid is a JavaScript tool that uses Markdown-inspired text
to creat ...)
@@ -247,7 +247,7 @@ CVE-2026-40528 (OpenSC before 0.27.0, fixed in commit
0358817, contains a stack
CVE-2026-40510 (OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a
stack bu ...)
TODO: check
CVE-2026-40425 (The administrator account for the Danelec MacGregor Voyage
Data Recor ...)
- TODO: check
+ NOT-FOR-US: Danelec
CVE-2026-3655 (The OTP Login With Phone Number, OTP Verification plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39292 (Falco Solutions PHPPageBuilder v0.31.0 contains an
unrestricted file u ...)
@@ -1237,7 +1237,7 @@ CVE-2026-6226 (The Frontend Admin by DynamiApps plugin
for WordPress is vulnerab
CVE-2026-4944 (vllm-project/vllm version 0.14.1 contains a vulnerability where
the `t ...)
- vllm <itp> (bug #1095237)
CVE-2026-4377 (DlinkDWR-X1820 router uses weak default password generated from
its IM ...)
- TODO: check
+ NOT-FOR-US: Dlink
CVE-2026-4334 (The Shariff Wrapper plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49238 (An issue was discovered in Canonical Multipass before version
1.16.3. ...)
@@ -1427,11 +1427,11 @@ CVE-2026-44394 (An issue was discovered in OpenStack
Keystone before 29.0.2. The
NOTE: https://bugs.launchpad.net/keystone/+bug/2150379
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
CVE-2026-44358 (Espressif Shared GitHub DangerJS is a reusable GitHub Action
CI Danger ...)
- TODO: check
+ NOT-FOR-US: Espressif Shared GitHub DangerJS
CVE-2026-43979 (Local Deep Research is an AI-powered research assistant for
deep, iter ...)
- TODO: check
+ NOT-FOR-US: Local Deep Research
CVE-2026-43898 (SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6,
sandbox- ...)
- TODO: check
+ NOT-FOR-US: SandboxJS Node module
CVE-2026-43000 (An issue was discovered in OpenStack Keystone before 29.0.2.
When comb ...)
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
@@ -1452,13 +1452,13 @@ CVE-2026-41565 (CryptX versions before 0.088_001 for
Perl have a stack buffer ov
NOTE: Fixed by:
https://github.com/DCIT/perl-CryptX/commit/57e69e541b0718ca8724c2f61514322a2d859bc1
(v0.088)
NOTE: Fixed by:
https://github.com/DCIT/perl-CryptX/commit/7e56347d420aaf43b2ee1586f4a230492ccf1642
(v0.089)
CVE-2026-41185 (When Calico is configured with the Azure IPAM plugin, the
Calico CNI b ...)
- TODO: check
+ NOT-FOR-US: Calico
CVE-2026-41184 (In Calico, the install-cni init container logs the rendered
CNI config ...)
- TODO: check
+ NOT-FOR-US: Calico
CVE-2026-41160 (EspoCRM is an open source customer relationship management
application ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2026-41141 (EspoCRM is an open source customer relationship management
application ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2026-40914 (A vulnerability exists in Apache Artemis whereby an
application using ...)
TODO: check
CVE-2026-38707 (A command injection vulnerability exists in the IPSec VPN
feature of I ...)
@@ -2288,11 +2288,11 @@ CVE-2026-44590 (Sherlock hunts down social media
accounts by username across soc
NOTE: Only affects the GitHub Actions workflow for the src:sherlock
upstream project
NOTE:
https://github.com/sherlock-project/sherlock/security/advisories/GHSA-v6wr-ccr4-x8g9
CVE-2026-44247 (Volcano is a Kubernetes-native batch scheduling system. Prior
to v1.14 ...)
- TODO: check
+ NOT-FOR-US: Volcano
CVE-2026-42877 (FacturaScripts is an open source accounting and invoicing
software. In ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2026-42197 (RELATE is a web-based courseware package. Versions prior to
commit 555 ...)
- TODO: check
+ NOT-FOR-US: RELATE
CVE-2026-3173 (The Meta Field Block plugin for WordPress is vulnerable to
Insecure Di ...)
NOT-FOR-US: WordPress plugin
CVE-2026-33552 (Northern.tech Mender Enterprise Server before 4.1.1 has
Incorrect Acce ...)
@@ -2655,9 +2655,9 @@ CVE-2026-44316 (free5GC is an open-source implementation
of the 5G core network.
CVE-2026-44315 (free5GC is an open-source implementation of the 5G core
network. Prior ...)
NOT-FOR-US: free5GC
CVE-2026-42879 (FacturaScripts is an open source accounting and invoicing
software. In ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2026-42878 (FacturaScripts is an open source accounting and invoicing
software. Pr ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2026-42791 (Improper Certificate Validation vulnerability in Erlang OTP
public_key ...)
- erlang 1:27.3.4.12+dfsg-1
[bookworm] - erlang <not-affected> (Vulnerable code not present)
@@ -2751,109 +2751,109 @@ CVE-2026-42726 (Missing Authorization vulnerability
in Strategy11 Team AWP Class
CVE-2026-42725 (Authorization Bypass Through User-Controlled Key vulnerability
in WP W ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-42553 (Cinny is a Matrix client. Prior to 4.10.3, A remote
authenticated atta ...)
- TODO: check
+ NOT-FOR-US: Cinny
CVE-2026-42459 (free5GC is an open-source implementation of the 5G core
network. Prior ...)
- TODO: check
+ NOT-FOR-US: free5GC
CVE-2026-42328 (go-ipld-prime is an implementation of the InterPlanetary
Linked Data ( ...)
- TODO: check
+ NOT-FOR-US: go-ipld-prime
CVE-2026-42280 (Auth0.js is a client-side JavaScript library for Auth0. From
8.11.0 to ...)
- TODO: check
+ NOT-FOR-US: Auth0 Auth0.js library
CVE-2026-42184 (Tauri is a framework for building binaries for all major
desktop platf ...)
- TODO: check
+ NOT-FOR-US: Tauri
CVE-2026-42083 (free5GC is an open-source implementation of the 5G core
network. Prior ...)
- TODO: check
+ NOT-FOR-US: free5GC
CVE-2026-42082 (free5GC is an open-source implementation of the 5G core
network. Prior ...)
- TODO: check
+ NOT-FOR-US: free5GC
CVE-2026-42081 (free5GC is an open-source implementation of the 5G core
network. Prior ...)
- TODO: check
+ NOT-FOR-US: free5GC
CVE-2026-41704 (AgentClient#handle_method (lines 264-303) processes every NATS
reply. ...)
TODO: check
CVE-2026-41009 (When the director sends a long-running request (e.g.
compile_package), ...)
TODO: check
CVE-2026-40852 (A highly authenticated attacker can alter the config generator
injecti ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40851 (A local attacker can perform a confusion attack on the
cfgparser via a ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40850 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40849 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40848 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40847 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40846 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40845 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40844 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40843 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40842 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40841 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40840 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40839 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40838 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40837 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40836 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40835 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40834 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40833 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40832 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40831 (An low privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40830 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40829 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40828 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40827 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40826 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40825 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40824 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40823 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40822 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40821 (A high privileged remote attacker can exploit an
unauthenticated SQL I ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40819 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40818 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40817 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40816 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40815 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40814 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40813 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40812 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40811 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-40810 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2026-3897 (The Livemesh Addons for Beaver Builder plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3896 (The Livemesh SiteOrigin Widgets plugin for WordPress is
vulnerable to ...)
@@ -4729,9 +4729,9 @@ CVE-2026-44444 (Lumiverse is a full-featured AI chat
application. Prior to 0.9.7
CVE-2026-44443 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, cons ...)
NOT-FOR-US: Lumiverse
CVE-2026-44214 (eventsource-encoder encodes events as well-formed
EventSource/Server S ...)
- TODO: check
+ NOT-FOR-US: eventsource-encoder
CVE-2026-44213 (The OpenTelemetry.Exporter.Instana exports telemetry to
Instana backen ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry.Exporter.Instana
CVE-2026-44209 (Banks generates meaningful LLM prompts using a template
language that ...)
NOT-FOR-US: Banks
CVE-2026-43988 (Vanetza is an open-source implementation of the ETSI C-ITS
protocol su ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8773bdec13e2f52191bb9d4336355d00f476848c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8773bdec13e2f52191bb9d4336355d00f476848c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
