Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6925334f by security tracker role at 2026-06-05T19:14:21+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2026-9088 (A flaw was found in org.keycloak.services. An
administrator with
CVE-2026-8914 (In Teltonika Networks RUTOS devices, running versions 7.22
through 7.2 ...)
TODO: check
CVE-2026-8714 (A denial-of-service vulnerability exists in the RTSP server
component ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-7763 (A heap-based buffer overflow vulnerability in the morse.ko
HaLow Wi-Fi ...)
TODO: check
CVE-2026-7762 (A heap-based buffer overflow vulnerability in the dot11ah.ko
HaLow Wi- ...)
TODO: check
CVE-2026-7473 (On affected platforms running Arista EOS where a tunnel
decapsulation ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2026-6274 (Improper Authentication, Missing authentication for critical
function, ...)
TODO: check
CVE-2026-6209
@@ -21,13 +21,13 @@ CVE-2026-6208
CVE-2026-6207
REJECTED
CVE-2026-5589 (An integer underflow in bt_mesh_sol_recv() in the Bluetooth
Mesh solic ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-5415 (The WP Captcha PRO (the premium version of the Advanced Google
reCAPTC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5411 (The WP Captcha PRO (the premium version of the Advanced Google
reCAPTC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5066 (A potential out-of-bounds write/read exists in the TLS socket
connect ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-50733 (Markdown Preview Enhanced before 0.8.28 parses WaveDrom
diagrams by ev ...)
TODO: check
CVE-2026-50590 (In Mimecast Incydr before 2.6.0, arbitrary file access can
occur.)
@@ -49,21 +49,21 @@ CVE-2026-50231 (Lyrion Music Server 9.2.0 contains an
unauthenticated stored cro
CVE-2026-50230 (Lyrion Music Server 9.2.0 contains an unauthenticated
reflected cross- ...)
TODO: check
CVE-2026-49777 (Improper Validation of Specified Quantity in Input
vulnerability in Sh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49493 (Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced
code bl ...)
TODO: check
CVE-2026-49492 (Markdown Preview Enhanced before 0.8.28 opens external files
and links ...)
TODO: check
CVE-2026-48907 (A vulnerability in the JCE editor extension for Joomla allows
the crea ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48579 (Improper authorization in Microsoft Exchange Online allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48567 (Authentication bypass by spoofing in Azure HorizonDB allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47655 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47644 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-46511 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
TODO: check
CVE-2026-46496 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. A ...)
@@ -101,7 +101,7 @@ CVE-2026-45744 (Termix is a web-based server management
platform with SSH termin
CVE-2026-45743 (Termix is a web-based server management platform with SSH
terminal, tu ...)
TODO: check
CVE-2026-45497 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45327 (TinyIce is a streaming server for audio and video. In versions
0.8.95 ...)
TODO: check
CVE-2026-45291 (Cloudburst Network provides network components used within
Cloudburst ...)
@@ -109,7 +109,7 @@ CVE-2026-45291 (Cloudburst Network provides network
components used within Cloud
CVE-2026-45290 (Cloudburst Network provides network components used within
Cloudburst ...)
TODO: check
CVE-2026-42824 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41567 (Moby is an open source container framework. In versions prior
to 29.5. ...)
TODO: check
CVE-2026-41522 (Iris is a web collaborative platform that helps incident
responders sh ...)
@@ -129,53 +129,53 @@ CVE-2026-36501 (An issue in the
Externalizable.readExternal() component of Contr
CVE-2026-36500 (An issue in the cluster-admin:backup-datastore component of
Controller ...)
TODO: check
CVE-2026-2379 (On affected platforms with hardware IPSec support running
Arista EOS w ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2026-25659 (Ericsson Packet Core Gateway (PCG) versions prior to 1.30
contain an I ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2026-25658 (Ericsson Packet Core Gateway (PCG) versions prior to 1.30
contain an I ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2026-25657 (Ericsson Packet Core Gateway (PCG) versions prior to 1.30
contain an I ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2026-21837 (HCL Digital Experience is affected by an OS command injection
vulnerab ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21826 (HCL Digital Experience and HCL Digital Experience Compose
could be sus ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21825 (HCL Digital Experience Compose is affected by a reflected
cross-site s ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21404 (NAVTOR NavBox through version 4.16.1.20 contains hard-coded
credential ...)
TODO: check
CVE-2026-21038 (Improper input validation in Samsung Android USB Driver for
Windows pr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21037 (Improper input validation in Samsung Members prior to version
5.8.01.5 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21036 (Improper authorization in Samsung Internet prior to version
30.0.0.39 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21035 (Improper input validation in Samsung Plus TV prior to version
1.0.28.6 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21034 (Improper export of android application components in Samsung
Auto prio ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21033 (Improper export of android application components in
ExpressHomeWidget ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21032 (Improper export of android application components in
SmartHomeWidgetRe ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21031 (Improper authorization in AppBlock prior to SMR Jun-2026
Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21030 (Improper access control in MediaTek Audio HAL prior to SMR
Jun-2026 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21029 (Improper export of android application components in Galaxy
Editing Se ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21028 (Improper access control in AuditLogService prior to SMR
Jun-2026 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21027 (Improper export of android application components in
ImsSettings prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21026 (Improper export of android application components in
SpriteWallpaper p ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21025 (Incorrect privilege assignment in Telephony prior to SMR
Jun-2026 Rele ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21017 (Improper handling of insufficient privileges in
SecTelephonyProvider p ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20245 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager,
formerly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-11369 (The Comment API (GET /api/Comment and POST /api/Comment) in
the affect ...)
TODO: check
CVE-2026-11362 (DataDog::DogStatsd versions through 0.07 for Perl allow metric
injecti ...)
@@ -187,15 +187,15 @@ CVE-2026-11346 (A Server-Side Request Forgery (SSRF)
vulnerability in the custom
CVE-2026-11345 (An Improper Authentication vulnerability in the
/api/Cdn/GetFile endpo ...)
TODO: check
CVE-2026-11344 (A vulnerability was found in code-projects Vehicle Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-11342 (A vulnerability has been found in code-projects Hotel and
Tourism Rese ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-11341 (A flaw has been found in D-Link DWR-M920 up to 1.1.50. The
impacted el ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-11339 (A vulnerability was detected in D-Link DWR-M920 up to 1.1.50.
The affe ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-11338 (A security vulnerability has been detected in SourceCodester
Ship Ferr ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-11337 (A vulnerability was found in tittuvarghese
CollegeManagementSystem 3e4 ...)
TODO: check
CVE-2026-11336 (A vulnerability has been found in tittuvarghese
CollegeManagementSyste ...)
@@ -1075,15 +1075,15 @@ CVE-2026-10881 (Out of bounds read and write in ANGLE
in Google Chrome prior to
CVE-2026-10879 (DBI versions before 1.648 for Perl have a heap overflow when
preparsin ...)
TODO: check
CVE-2026-10878 (A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70.
Affecte ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-10877 (A security vulnerability has been detected in SourceCodester
Ship Ferr ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10876 (A weakness has been identified in SourceCodester Ship Ferry
Ticket Res ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10875 (A security flaw has been discovered in projectworlds Online
Art Galler ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-10874 (A vulnerability was identified in projectworlds Online Art
Gallery Sho ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-10873 (A vulnerability was determined in Shibby Tomato 1.28.0000.
Impacted is ...)
TODO: check
CVE-2026-10872 (A vulnerability was found in Shibby Tomato 1.28.0000. This
issue affec ...)
@@ -1095,33 +1095,33 @@ CVE-2026-10870 (A flaw has been found in Shibby Tomato
1.28.0000. This affects t
CVE-2026-10732 (All versions of the package decompress are vulnerable to
Arbitrary Fil ...)
TODO: check
CVE-2026-10586 (The Gutenberg Essential Blocks \u2013 Page Builder for
Gutenberg Block ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10580 (The Hippoo Mobile App for WooCommerce plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8873 (On affected platforms running Arista EOS with IPsec configured,
a spec ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-71318 (NetMan 204 fails to enforce authentication on its
administrative pages ...)
TODO: check
CVE-2025-71317 (NetMan 204 contains a hard-coded backdoor account with the
username an ...)
TODO: check
CVE-2025-5090 (CVX is not resilient to unexpected messages from a connected
switch. T ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-5089 (In a CVX cluster, an EOS switch connected to a CVX server is
not resil ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-5088 (An authenticated Redis session could be used to obtain full
root acces ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-59174 (Ericsson Packet Core Controller (PCC) versions prior to 1.39
contain a ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2024-6858 (In Arista\u2019s EOS when in 802.1X mode, multi-auth
unauthenticated h ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2024-27892 (Affected platforms running Arista EOS with OpenConfig
configured, a gN ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2024-27891 (On affected platforms running Arista EOS with MACsec and
egress ACLs c ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2024-27890 (Affected platforms running Arista EOS with OpenConfig
configured, a gN ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2023-5502 (On affected platforms running Arista EOS with 802.1x
authentication co ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2026-50593 (Graphite before 1.3.15 has an integer underflow and resultant
out-of-b ...)
- graphite2 1.3.15-2
NOTE: Fixed by:
https://github.com/silnrsi/graphite/commit/ad78c6b7319909e1540c1b134e115ced03417866
(1.3.15)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6925334f50b29fcebfc7a18c59b897466ca76844
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6925334f50b29fcebfc7a18c59b897466ca76844
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
