Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12f60b82 by security tracker role at 2026-06-02T07:14:11+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2026-9050 (The Slider Revolution plugin for WordPress in versions
6.0.0-6.7.55 an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9048 (The Slider Revolution plugin for WordPress is vulnerable to
Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8293 (The Really Simple Security WordPress plugin before 9.5.10.1
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8206 (The Kirki \u2013 Freeform Page Builder, Website Builder &
Customizer p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49491 (Pixa Bank 2.0 contains an SQL injection vulnerability that
allows unau ...)
TODO: check
CVE-2026-49433 (The DeepAI endpoint 'https://api.deepai.org/change_user_email'
accepts ...)
@@ -27,39 +27,39 @@ CVE-2026-40965 (Cloud Foundry UAA versions v76.12.0 through
v78.12.0 are vulnera
CVE-2026-40964 (Authentication Bypass in cf-auth-proxy in Cloud Foundry
Foundation all ...)
TODO: check
CVE-2026-3871 (A buffer overflow vulnerability in the UPnP DeletePortMapping()
comman ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-3870 (A buffer overflow vulnerability in the UPnP AddPortMapping()
command i ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-3722 (The Auto Image Attributes From Filename With Bulk Updater (Add
Alt Tex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3198 (MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to
enforc ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2026-37234 (FlexRIC v2.0.0 allows a single SCTP connection to bind
multiple xapp_i ...)
TODO: check
CVE-2026-28586 (In multiple functions of AppOpsService.java, there is a
possible missi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28581 (In fixInitiatingUserIfNecessary of CallIntentProcessor.java,
there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28580 (In multiple functions, there is a possible desync in
persistence due t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28578 (In multiple functions of DevicePolicyManagerService.java,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28577 (In addWindow of WindowManagerService.java, there is a possible
tapjack ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28511 (eLabFTW is an open source electronic lab notebook. Prior to
version 5. ...)
TODO: check
CVE-2026-25879 (Langroid is a framework for building
large-language-model-powered appl ...)
TODO: check
CVE-2026-25277 (Memory corruption while using Strongbox due to buffer
overflow.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25276 (Memory corruption while using Strongbox due to missing bounds
check.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25260 (Memory Corruption when accessing shared buffers without
validation of ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25259 (Memory corruption while processing multiple IOCTL command for
escape o ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25258 (Memory corruption while processing IOCTL calls for escape
operations.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24782 (Kiteworks is a private data network (PDN). Prior to version
9.3.0,ulti ...)
TODO: check
CVE-2026-24761 (Kiteworks is a private data network (PDN). Prior to version
9.3.0, an ...)
@@ -77,25 +77,25 @@ CVE-2026-24752 (Kiteworks is a private data network (PDN).
Prior to version 9.3.
CVE-2026-24751 (Kiteworks is a private data network (PDN). Prior to version
9.3.0, a r ...)
TODO: check
CVE-2026-24092 (Memory Corruption when processing fastboot commands to set
display mod ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24091 (Memory corruption while processing fastboot commands with
improperly f ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24090 (Cryptographic issue while processing partition table entries
allows un ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24089 (Memory corruption while processing fastboot commands with
invalid inpu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24088 (Cryptographic Issue while processing a specific partition
which allows ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24087 (Memory corruption while processing fastboot OEM commands.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24085 (Memory Corruption when processing display command line
information due ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-10583 (A security vulnerability has been detected in nextlevelbuilder
GoClaw ...)
TODO: check
CVE-2026-10581 (A flaw has been found in DedeCMS 5.7.88. Affected by this
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2026-10568 (A vulnerability was detected in itsourcecode Fees Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10567 (A security vulnerability has been detected in 1Panel-dev
CordysCRM up ...)
TODO: check
CVE-2026-10566 (A weakness has been identified in FoundationAgents MetaGPT up
to 0.8.2 ...)
@@ -103,9 +103,9 @@ CVE-2026-10566 (A weakness has been identified in
FoundationAgents MetaGPT up to
CVE-2026-10565 (A security flaw has been discovered in Open5GS up to 2.7.6.
The impact ...)
TODO: check
CVE-2026-10559 (A flaw has been found in SourceCodester Pizzafy Ecommerce
System 1.0. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10558 (A vulnerability was detected in SourceCodester Pizzafy
Ecommerce Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10550 (A weakness has been identified in elunez eladmin up to 2.7.
This vulne ...)
TODO: check
CVE-2026-10548 (A security flaw has been discovered in NousResearch
hermes-agent up to ...)
@@ -117,23 +117,23 @@ CVE-2026-10528 (A security flaw has been discovered in
Orthanc DICOM Server up t
CVE-2026-10514 (A vulnerability has been found in 1Panel-dev CordysCRM up to
1.6.2. Th ...)
TODO: check
CVE-2026-10510 (Cross-Site Scripting (XSS) in GeniexWebView component in
Transsion AI ...)
- TODO: check
+ NOT-FOR-US: TECNO Mobile
CVE-2026-10302 (A flaw has been found in itsourcecode Fees Management System
1.0. The ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10301 (A vulnerability was detected in itsourcecode Fees Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10300 (A security vulnerability has been detected in SGLang
0.5.10.post1. Imp ...)
TODO: check
CVE-2026-10299 (A weakness has been identified in code-projects Online
Hospital Manage ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-10298 (A security flaw has been discovered in ggml-org whisper.cpp up
to 1.8. ...)
TODO: check
CVE-2026-10297 (A vulnerability was identified in itsourcecode Fees Management
System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10296 (A vulnerability was determined in itsourcecode Fees Management
System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10295 (A vulnerability was found in SourceCodester Customer Review
App 1.0. A ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10294 (A vulnerability has been found in PackageKit up to 1.3.5.
Affected is ...)
TODO: check
CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306.
This imp ...)
@@ -143,153 +143,153 @@ CVE-2026-10292 (A vulnerability was detected in UTT
HiPER 1200GW up to 2.5.3-170
CVE-2026-10291 (A security vulnerability has been detected in Enderfga
claw-orchestrat ...)
TODO: check
CVE-2026-10290 (A weakness has been identified in code-projects Hotel and
Tourism Rese ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-10289 (A security flaw has been discovered in code-projects Hotel and
Tourism ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-10288 (A vulnerability was identified in code-projects Hotel and
Tourism Rese ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-10287 (A vulnerability was determined in SourceCodester SEO Meta Tag
Extracto ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10286 (A vulnerability was found in CodeAstro Payroll System 1.0.
This affect ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-10285 (A vulnerability has been found in DevaslanPHP
project-management up to ...)
TODO: check
CVE-2026-10284 (A flaw has been found in DevaslanPHP project-management up to
2.0.0-be ...)
TODO: check
CVE-2026-10100 (The Simple Custom Login Page plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0100 (In Load of LoadedArsc.cpp, there is a possible out of bounds
write due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0099 (In onNullBinding of HostEmulationManager.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0098 (In getCallingPackageName of Shared.java, there is a possible
way to by ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0097 (In multiple locations, there is a possible way to bypass user
interact ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0096 (In getAppLabel of ForgetDeviceDialogFragment.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0095 (In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to
trigger ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0094 (In getApplicationLabel of KeyChainActivity.java, there is a
possible w ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0093 (In multiple locations, there is a possible misleading UI due to
obfusc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0091 (In multiple locations, there is a possible way to execute code
in the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0089 (In multiple functions of PackageInstallerService.java, there is
a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0088 (In getCallingAppLabel of CertInstaller.java, there is a
possible way t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0087 (In approvalLevelForDomainInternal of
DomainVerificationService.java, t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0086 (In onCreate of DisableSupervisionActivity.kt, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0085 (In applySimpleFieldMaxSize of DataRowHandler.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0080 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0079 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0078 (In setGlobalProxy of DevicePolicyManagerService.java, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0077 (In resumeConfigurationDispatch of ActivityRecord.java, there is
a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0076 (In validateNode of ResourceTypes.cpp, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0075 (In multiple functions, there is a possible way to access the
contacts ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0074 (In getPreferredSize of LauncherProcessImageListener.kt, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0070 (In multiple functions of DevicePolicyManagerService.java, there
is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0069 (In verifySignature of ApkChecksums.java, there is a possible
way to ca ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0067 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0061 (In multiple functions of WindowState.java, there is a possible
way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0060 (In updateState of
GraphicsDriverEnableAngleAsSystemDriverController.ja ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0059 (In multiple functions of sdp_discovery.cc, there is a possible
way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0056 (In setTo of ResourceTypes.cpp, there is a possible read out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0055 (In createSessionInternal of PackageInstallerService.java, there
is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0052 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0051 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0050 (In handleBondStateChanged of AdapterService.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0048 (In hide of WindowState.java, there is a possible way to trick
the user ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0046 (In InputInterceptor of Letterbox.java, there is a possible way
to tric ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0045 (In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible
bypass ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0044 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0043 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0042 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0041 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0040 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0039 (In multiple functions of ubsan_throwing_runtime.cpp, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0036 (In startAnimation of StageCoordinator.java, there is a possible
tapjac ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0018 (In multiple functions of AccessibilityManagerService.java,
there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0016 (In updateProvidersWhenServiceRemoved of
CredentialManagerService.java, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0009 (In multiple locations, there is a possible tapjacking due to a
logic e ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-70099 (A NULL pointer dereference in the ext4_dir_en_get_name_len
function in ...)
TODO: check
CVE-2025-59614 (Memory Corruption when sending random number generator command
with in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59613 (Memory Corruption when output buffer size is smaller than
input buffer ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59612 (Memory corruption in windows drivers while sending incorrect
trusted a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59611 (Memory corruption in diagnostic services due to absence of
input valid ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59610 (Memory Corruption when processing IOCTL requests with
mismatched API v ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59609 (Information Disclosure when processing advertisement frames
with malfo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59606 (Memory Corruption when writing to invalid memory locations
occurs due ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59605 (Memory Corruption when processing device identifier strings
that excee ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59604 (Memory Corruption when running a memory copy operation due to
invalid ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59601 (Information Disclosure when resetting device to factory
default settin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-48652 (In performPreInstallChecks of InstallRepository.kt, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48649 (In multiple locations, there is a possible way to reset
user-selected ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48648 (In isSameApp of NotificationManagerService.java, there is a
possible p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48616 (In multiple functions of KeyguardViewMediator.java , there is
a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48595 (In multiple locations, there is a possible way to achieve code
executi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48570 (In multiple functions of PipTaskOrganizer.java, there is a
possible wa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-32348 (In multiple locations, there is a possible background activity
launch ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-26418 (In setUserDisclaimerAcknowledged of
CarDevicePolicyService.java, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-22426 (In many functions of ComputerEngine.java, there is a possible
way to a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-22424 (In multiple locations, there is a possible way to reveal
images across ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-25718 (Dr\xe4ger Infinity Explorer C700 contains a privilege
escalation vulne ...)
TODO: check
CVE-2019-25716 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors
contain ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12f60b82b497aef85e64403d405ebe5cc5aca3df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12f60b82b497aef85e64403d405ebe5cc5aca3df
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
