Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7342e4de by security tracker role at 2026-06-04T19:14:05+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2026-8916 (Out-of-bounds write vulnerability in Samsung
Open Source rlottie
CVE-2026-8762
REJECTED
CVE-2026-8653 (The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable
to gen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8037 (OS Command Injection Remote Code Execution Vulnerability in API
in Pro ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7774 (tarfile.data_filter could be bypassed using crafted link
entries, incl ...)
TODO: check
CVE-2026-7764 (An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi
kernel ...)
@@ -41,15 +41,15 @@ CVE-2026-50206 (Incoming VPN network profile settings fail
to process special ch
CVE-2026-50205 (System log files output unencrypted SMTP server authentication
passwor ...)
TODO: check
CVE-2026-50076 (Deserialization of Untrusted Data in the Java replace-resolve
path in ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50033 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-4881 (In affected versions of Octopus Server, permissions were not
checked c ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2026-4104 (Authorization bypass through User-Controlled SQL primary key
vulnerabi ...)
TODO: check
CVE-2026-49771 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49510 (Integer overflow or wraparound vulnerability in Samsung Open
Source rl ...)
TODO: check
CVE-2026-49204 (Leftover debug modules contain fixed credentials for internal
AWS Cogn ...)
@@ -79,7 +79,7 @@ CVE-2026-49186 (The local MQTT broker does not enforce
topic-level Access Contro
CVE-2026-49185 (The FieldX MDM adb messaging topic passes unverified payloads
directly ...)
TODO: check
CVE-2026-49077 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48480 (The netty incubator codec.bhttp is a java language binary http
parser. ...)
TODO: check
CVE-2026-48040 (The netty incubator codec.bhttp is a java language binary http
parser. ...)
@@ -107,9 +107,9 @@ CVE-2026-45431 (This vulnerability exists in GX Earth ONT
models due to improper
CVE-2026-45287 (OpenTelemetry-Go is the Go implementation of OpenTelemetry.
Prior to v ...)
TODO: check
CVE-2026-44682 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-44609 (Local privilege escalation due to EXE hijacking vulnerability.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-43986 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
TODO: check
CVE-2026-43985 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
@@ -121,7 +121,7 @@ CVE-2026-43926 (FOSSBilling is a free, open-source billing
and client management
CVE-2026-43924 (FOSSBilling is a free, open-source billing and client
management syste ...)
TODO: check
CVE-2026-42061 (Local privilege escalation due to excessive permissions
assigned to ch ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-41860 (CWE-326 in BOSH allows a local attacker to steal Basic-auth
credential ...)
TODO: check
CVE-2026-41859 (A network man-in-the-middle between nats-sync and the BOSH
director ca ...)
@@ -145,7 +145,7 @@ CVE-2026-41065 (Tautulli is a Python based monitoring and
tracking tool for Plex
CVE-2026-41011 (PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1"
where tgz = ...)
TODO: check
CVE-2026-41010 (ReleaseJob#unpack builds job_dir = File.join(@release_dir,
'jobs', nam ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40898 (quic-go is an implementation of the QUIC protocol in Go. Prior
to vers ...)
TODO: check
CVE-2026-40605 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
@@ -153,7 +153,7 @@ CVE-2026-40605 (Tautulli is a Python based monitoring and
tracking tool for Plex
CVE-2026-40495 (FOSSBilling is a free, open-source billing and client
management syste ...)
TODO: check
CVE-2026-3820 (There is a vulnerability in the Supermicro BMC SMTP service at
Superm ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2026-38570 (bacnet_stack 1.3.1 contains an Out-of-bounds Read in
bacnet_tag_number ...)
TODO: check
CVE-2026-37700 (Cross Site Scripting vulnerability in MaxSite CMS v.109.2
allows a rem ...)
@@ -181,7 +181,7 @@ CVE-2026-35904 (Incorrect access control in the web
management interface of T3 T
CVE-2026-2596
REJECTED
CVE-2026-28318 (SolarWinds Serv-U is susceptible to specially crafted POST
requests th ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2026-26825 (A use-of-uninitialized memory vulnerability exists in libxls
1.6.3 whe ...)
TODO: check
CVE-2026-26824 (libxls through version 1.6.3 contains a use of uninitialized
memory vu ...)
@@ -191,9 +191,9 @@ CVE-2026-25551 (Seagull Software BarTender 2021 R1 through
12.0.1contains an ins
CVE-2026-25550 (Seagull Software BarTender 2010, 2016, and 2019 contain an
unauthentic ...)
TODO: check
CVE-2026-22055 (Active IQ OneCollect version 2.7.3 contains hard-coded
credentials tha ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2026-22054 (Active IQ Config Advisor version 6.7.3 contains hard-coded
credentials ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2026-10880 (OSNexus QuantaStor SDS Manager is vulnerable to SQL injection
in the l ...)
TODO: check
CVE-2026-10868 (A mass assignment vulnerability exists in the MISP user edit
functiona ...)
@@ -225,13 +225,13 @@ CVE-2026-10813 (A flaw has been found in LMCache up to
0.4.6. This affects the f
CVE-2026-10812 (A vulnerability was detected in zilliztech GPTCache up to
0.1.44. Affe ...)
TODO: check
CVE-2026-10811 (A security vulnerability has been detected in itsourcecode
Fees Manage ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10810 (A weakness has been identified in itsourcecode Fees Management
System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10809 (A security flaw has been discovered in itsourcecode Fees
Management Sy ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10808 (A vulnerability was identified in itsourcecode Fees Management
System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10807 (A vulnerability was determined in mjperpinosa stumasy. The
impacted el ...)
TODO: check
CVE-2026-10806 (A vulnerability was found in mjperpinosa stumasy. The affected
element ...)
@@ -241,7 +241,7 @@ CVE-2026-10805 (A flaw was found in NetworkManager. This
local privilege escalat
CVE-2026-10804 (A vulnerability has been found in Streamlit up to 1.53.0.
Impacted is ...)
TODO: check
CVE-2026-10803 (A flaw has been found in MLflow up to 3.10.0. This issue
affects the f ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2026-10802 (A vulnerability was detected in keystonejs keystone up to
20260319. Th ...)
TODO: check
CVE-2026-10801 (A security vulnerability has been detected in modelscope
ms-swift up t ...)
@@ -261,7 +261,7 @@ CVE-2026-10771 (A vulnerability was found in crmeb
crmeb_java 1.4. Affected is t
CVE-2026-10766 (A vulnerability has been found in mlrun up to 1.12.0-rc3. This
impacts ...)
TODO: check
CVE-2026-10737 (The SP Project & Document Manager plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10597 (OMICARD EDM developed by ITPison has a Insecure Direct Object
Referenc ...)
TODO: check
CVE-2026-10305 (Out-of-bounds read vulnerability in Samsung Open Source
rlottie allows ...)
@@ -279,23 +279,23 @@ CVE-2025-67446 (Improper Authentication (Authentication
Bypass) exists in Neterb
CVE-2025-65640 (Cross Site Scripting (XSS) vulnerability in the "Task in
Progress / Re ...)
TODO: check
CVE-2025-62338 (The HCL BigFix Cloud Lifecycle Management is affected by Lack
Of Input ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-59874 (HCL Hive Telco Observability is affected by a Required
directives miss ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52612 (HCL iControl was affected by Export CSV - CSV Injection
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52611 (HCL iControl v4.0.0 was affected by Unhandled Exception -
Stack Trace ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52609 (HCL iControl was affected by Missing Security Headers
vulnerability. w ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52608 (HCL iControl was affected by Missing Cookie Attributes
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52606 (HCL iControl was affected by Weak Input Validation
vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-46638 (Dell BSAFE SSL-J contains an allocation of resources without
limits or ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-12694 (A local privilege escalation vulnerability exists in
Forcepoint VPN Cl ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2019-25745 (WordPress Plugin Google Review Slider 6.1 contains a
time-based blind ...)
TODO: check
CVE-2019-25744 (WordPress Popup Builder 3.49 contains a persistent cross-site
scriptin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7342e4de8895e0c0283e3fcf8719a4fe91bf6650
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7342e4de8895e0c0283e3fcf8719a4fe91bf6650
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
