Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d97fbef by Salvatore Bonaccorso at 2026-06-03T09:08:36+02:00
Process some NFUsProcess some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -89,45 +89,45 @@ CVE-2026-49943 (CZ.NIC BIRD Internet Routing Daemon through
2.19.0 contains a st
CVE-2026-49782 (Missing Authorization vulnerability in Elementor Elementor
Website Bui ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-49754 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: elixir-mint Mint
CVE-2026-49753 (Inconsistent Interpretation of HTTP Requests ('HTTP
Request/Response S ...)
- TODO: check
+ NOT-FOR-US: elixir-mint Mint
CVE-2026-48862 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: elixir-mint Mint
CVE-2026-48861 (Improper Neutralization of CRLF Sequences ('CRLF Injection')
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: elixir-mint Mint
CVE-2026-47117 (OpenMed before 1.5.2 contains a remote code execution
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenMed
CVE-2026-46718 (Use of Externally-Controlled Input to Select Classes or Code
('Unsafe ...)
TODO: check
CVE-2026-45686 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45685 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45684 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45683 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45682 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45681 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45680 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45679 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45678 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45676 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45554 (NiceGUI is a Python-based UI framework. Prior to version
3.12.0, two F ...)
- TODO: check
+ NOT-FOR-US: NiceGUI
CVE-2026-45553 (NiceGUI is a Python-based UI framework. Prior to version
3.12.0, ui.re ...)
- TODO: check
+ NOT-FOR-US: NiceGUI
CVE-2026-45080 (Klaw is a self-service Apache Kafka Topic
Management/Governance tool/p ...)
- TODO: check
+ NOT-FOR-US: Klaw
CVE-2026-44367 (Klaw is a self-service Apache Kafka Topic
Management/Governance tool/p ...)
- TODO: check
+ NOT-FOR-US: Klaw
CVE-2026-43965 (Path traversal vulnerability in Gleam's dependency management
allows a ...)
TODO: check
CVE-2026-42795 (Symlink following vulnerability in Gleam's Hex package export
allows f ...)
@@ -143,9 +143,9 @@ CVE-2026-42669 (Missing Authorization vulnerability in
EventPrime allows Exploit
CVE-2026-42654 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-42074 (OpenClaude is an open-source coding-agent command line
interface for c ...)
- TODO: check
+ NOT-FOR-US: OpenClaude
CVE-2026-42073 (OpenClaude is an open-source coding-agent command line
interface for c ...)
- TODO: check
+ NOT-FOR-US: OpenClaude
CVE-2026-41918 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
NOT-FOR-US: Siemens
CVE-2026-40780 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
@@ -155,11 +155,11 @@ CVE-2026-40715 (Dell ThinOS 10, versions prior to
ThinOS10 2602_10.0765, contain
CVE-2026-40713 (Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765,
contain an Im ...)
NOT-FOR-US: Dell / EMC
CVE-2026-40619 (A high security vulnerability affecting Security Center main
server in ...)
- TODO: check
+ NOT-FOR-US: Gentec
CVE-2026-40571 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2026-40314 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2026-3620 (The Word Replacer plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3514 (In version 3.6.19 of prefecthq/prefect, an authentication
bypass vulne ...)
@@ -177,23 +177,23 @@ CVE-2026-39550 (Deserialization of Untrusted Data
vulnerability in Elated-Themes
CVE-2026-38978 (transmission through 4.1.1 was found to have a clickjacking
weakness i ...)
TODO: check
CVE-2026-35718 (A path traversal vulnerability in the
/admin/downloadMedias.cgi endpoi ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK
CVE-2026-35717 (A stack-based buffer overflow in the export_language.cgi
binary in VIV ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK
CVE-2026-35716 (A stack-based buffer overflow in the motion_privacy.cgi binary
in VIVO ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK
CVE-2026-35447 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2026-35443 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2026-34907 (Wirtualna Uczelnia is vulnerable to Reflected Cross\u2011Site
Scriptin ...)
- TODO: check
+ NOT-FOR-US: Wirtualna Uczelnia
CVE-2026-34906 (Server-Side Template Injection (SSTI) in Wirtualna Uczelnia
allows an ...)
- TODO: check
+ NOT-FOR-US: Wirtualna Uczelnia
CVE-2026-34460 (NamelessMC is website software for Minecraft servers. In
versions 2.2. ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2026-33398 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2026-33244 (React Router is a router for React. In versions 7.5.1 through
7.13.1, ...)
TODO: check
CVE-2026-32685 (Path traversal vulnerability in Gleam's handling of custom
documentati ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d97fbef0a80b28549bf03fbf668e48c86544239
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d97fbef0a80b28549bf03fbf668e48c86544239
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
