Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6c284ac7 by Salvatore Bonaccorso at 2026-06-05T22:05:03+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2026-9270 (DataDog::DogStatsd versions through 0.07 for Perl allow metric
injecti ...)
- TODO: check
+ NOT-FOR-US: DataDog::DogStatsd Perl module
CVE-2026-9088 (A flaw was found in org.keycloak.services. An administrator
with deleg ...)
TODO: check
CVE-2026-8914 (In Teltonika Networks RUTOS devices, running versions 7.22
through 7.2 ...)
- TODO: check
+ NOT-FOR-US: Teltonika Networks
CVE-2026-8714 (A denial-of-service vulnerability exists in the RTSP server
component ...)
NOT-FOR-US: TPLink
CVE-2026-7763 (A heap-based buffer overflow vulnerability in the morse.ko
HaLow Wi-Fi ...)
- TODO: check
+ NOT-FOR-US: Morse Micro HaLowLink
CVE-2026-7762 (A heap-based buffer overflow vulnerability in the dot11ah.ko
HaLow Wi- ...)
- TODO: check
+ NOT-FOR-US: Morse Micro HaLowLink
CVE-2026-7473 (On affected platforms running Arista EOS where a tunnel
decapsulation ...)
NOT-FOR-US: Arista Networks
CVE-2026-6274 (Improper Authentication, Missing authentication for critical
function, ...)
- TODO: check
+ NOT-FOR-US: Redline WR3200
CVE-2026-6209
REJECTED
CVE-2026-6208
@@ -29,31 +29,31 @@ CVE-2026-5411 (The WP Captcha PRO (the premium version of
the Advanced Google re
CVE-2026-5066 (A potential out-of-bounds write/read exists in the TLS socket
connect ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-50733 (Markdown Preview Enhanced before 0.8.28 parses WaveDrom
diagrams by ev ...)
- TODO: check
+ NOT-FOR-US: Markdown Preview Enhanced
CVE-2026-50590 (In Mimecast Incydr before 2.6.0, arbitrary file access can
occur.)
- TODO: check
+ NOT-FOR-US: Mimecast Incydr
CVE-2026-50589 (In OpenStack Ironic 32 through 35.0.1, an unauthenticated
malicious us ...)
TODO: check
CVE-2026-50265 (A flaw was found in libinput. A local attacker with access to
/dev/uin ...)
TODO: check
CVE-2026-50235 (Lyrion Music Server 9.2.0 contains a reflected cross-site
scripting vu ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50234 (Lyrion Music Server 9.2.0 contains a path traversal
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50233 (Lyrion Music Server 9.2.0 contains an arbitrary directory
listing vuln ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50232 (Lyrion Music Server 9.2.0 contains a stored cross-site
scripting vulne ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50231 (Lyrion Music Server 9.2.0 contains an unauthenticated stored
cross-sit ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50230 (Lyrion Music Server 9.2.0 contains an unauthenticated
reflected cross- ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-49777 (Improper Validation of Specified Quantity in Input
vulnerability in Sh ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-49493 (Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced
code bl ...)
- TODO: check
+ NOT-FOR-US: Markdown Preview Enhanced
CVE-2026-49492 (Markdown Preview Enhanced before 0.8.28 opens external files
and links ...)
- TODO: check
+ NOT-FOR-US: Markdown Preview Enhanced
CVE-2026-48907 (A vulnerability in the JCE editor extension for Joomla allows
the crea ...)
NOT-FOR-US: Joomla
CVE-2026-48579 (Improper authorization in Microsoft Exchange Online allows an
unauthor ...)
@@ -65,69 +65,69 @@ CVE-2026-47655 (Exposure of sensitive information to an
unauthorized actor in Mi
CVE-2026-47644 (Improper neutralization of special elements in output used by
a downst ...)
NOT-FOR-US: Microsoft
CVE-2026-46511 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46496 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. A ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46399 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. T ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46396 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. A ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46395 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46394 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46393 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. A ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46392 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46391 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. S ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46390 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. S ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46389 (UDS Identity Config builds the Keycloak configuration image
(realm, pl ...)
- TODO: check
+ NOT-FOR-US: UDS Identity Config
CVE-2026-45750 (Termix is a web-based server management platform with SSH
terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45749 (Termix is a web-based server management platform with SSH
terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45748 (Termix is a web-based server management platform with SSH
terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45746 (Termix is a web-based server management platform with SSH
terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45745 (Termix is a web-based server management platform with SSH
terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45744 (Termix is a web-based server management platform with SSH
terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45743 (Termix is a web-based server management platform with SSH
terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45497 (Improper neutralization of special elements used in a command
('comman ...)
NOT-FOR-US: Microsoft
CVE-2026-45327 (TinyIce is a streaming server for audio and video. In versions
0.8.95 ...)
- TODO: check
+ NOT-FOR-US: TinyIce
CVE-2026-45291 (Cloudburst Network provides network components used within
Cloudburst ...)
- TODO: check
+ NOT-FOR-US: Cloudburst Network
CVE-2026-45290 (Cloudburst Network provides network components used within
Cloudburst ...)
- TODO: check
+ NOT-FOR-US: Cloudburst Network
CVE-2026-42824 (Improper neutralization of special elements used in a command
('comman ...)
NOT-FOR-US: Microsoft
CVE-2026-41567 (Moby is an open source container framework. In versions prior
to 29.5. ...)
TODO: check
CVE-2026-41522 (Iris is a web collaborative platform that helps incident
responders sh ...)
- TODO: check
+ NOT-FOR-US: DFIR-IRIS
CVE-2026-41518 (Chartbrew is an open-source web application that can connect
directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-41249 (CoreShop is a Pimcore enhanced eCommerce solution. In versions
5.0.1 t ...)
- TODO: check
+ NOT-FOR-US: CoreShop
CVE-2026-38579 (Multiple reflected Cross-Site Scripting (XSS) vulnerabilities
in damas ...)
- TODO: check
+ NOT-FOR-US: damasac thaipalliative_lte
CVE-2026-38500
REJECTED
CVE-2026-37737 (sanic-cors version 2.2.0 and prior contains an improper
regular expres ...)
- TODO: check
+ NOT-FOR-US: sanic-cors
CVE-2026-36501 (An issue in the Externalizable.readExternal() component of
Controller ...)
- TODO: check
+ NOT-FOR-US: OpenDayLight
CVE-2026-36500 (An issue in the cluster-admin:backup-datastore component of
Controller ...)
- TODO: check
+ NOT-FOR-US: OpenDayLight
CVE-2026-2379 (On affected platforms with hardware IPSec support running
Arista EOS w ...)
NOT-FOR-US: Arista Networks
CVE-2026-25659 (Ericsson Packet Core Gateway (PCG) versions prior to 1.30
contain an I ...)
@@ -143,7 +143,7 @@ CVE-2026-21826 (HCL Digital Experience and HCL Digital
Experience Compose could
CVE-2026-21825 (HCL Digital Experience Compose is affected by a reflected
cross-site s ...)
NOT-FOR-US: HCL
CVE-2026-21404 (NAVTOR NavBox through version 4.16.1.20 contains hard-coded
credential ...)
- TODO: check
+ NOT-FOR-US: NAVTOR NavBox
CVE-2026-21038 (Improper input validation in Samsung Android USB Driver for
Windows pr ...)
NOT-FOR-US: Samsung Mobile
CVE-2026-21037 (Improper input validation in Samsung Members prior to version
5.8.01.5 ...)
@@ -177,15 +177,15 @@ CVE-2026-21017 (Improper handling of insufficient
privileges in SecTelephonyProv
CVE-2026-20245 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager,
formerly ...)
NOT-FOR-US: Cisco
CVE-2026-11369 (The Comment API (GET /api/Comment and POST /api/Comment) in
the affect ...)
- TODO: check
+ NOT-FOR-US: linqi
CVE-2026-11362 (DataDog::DogStatsd versions through 0.07 for Perl allow metric
injecti ...)
- TODO: check
+ NOT-FOR-US: DataDog::DogStatsd Perl module
CVE-2026-11347 (The linqi application contains hardcoded cryptographic keys.
Additiona ...)
- TODO: check
+ NOT-FOR-US: linqi
CVE-2026-11346 (A Server-Side Request Forgery (SSRF) vulnerability in the
custom proce ...)
- TODO: check
+ NOT-FOR-US: linqi
CVE-2026-11345 (An Improper Authentication vulnerability in the
/api/Cdn/GetFile endpo ...)
- TODO: check
+ NOT-FOR-US: linqi
CVE-2026-11344 (A vulnerability was found in code-projects Vehicle Management
System 1 ...)
NOT-FOR-US: code-projects
CVE-2026-11342 (A vulnerability has been found in code-projects Hotel and
Tourism Rese ...)
@@ -197,27 +197,27 @@ CVE-2026-11339 (A vulnerability was detected in D-Link
DWR-M920 up to 1.1.50. Th
CVE-2026-11338 (A security vulnerability has been detected in SourceCodester
Ship Ferr ...)
NOT-FOR-US: SourceCodester
CVE-2026-11337 (A vulnerability was found in tittuvarghese
CollegeManagementSystem 3e4 ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11336 (A vulnerability has been found in tittuvarghese
CollegeManagementSyste ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11335 (A flaw has been found in tittuvarghese CollegeManagementSystem
3e47633 ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11334 (A vulnerability was detected in tittuvarghese
CollegeManagementSystem ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11333 (A security vulnerability has been detected in tittuvarghese
CollegeMan ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11332 (A flaw was found in ansible-core. The ansible-galaxy role
install comm ...)
TODO: check
CVE-2026-11330 (A weakness has been identified in thedotmack claude-mem up to
11.0.1. ...)
- TODO: check
+ NOT-FOR-US: thedotmack claude-mem
CVE-2026-11329 (A vulnerability has been found in onnx onnx-mlir up to
0.5.0.0. Affect ...)
- TODO: check
+ NOT-FOR-US: onnx onnx-mlir
CVE-2026-11326 (OpenAI Atlas before 1.2025.288.15 exposed privileged browser
APIs to w ...)
- TODO: check
+ NOT-FOR-US: OpenAI Atlas
CVE-2026-11322 (Hermes WebUI prior to v0.51.221 contains a path traversal
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-11312 (A vulnerability was found in bytedance InfiniStore up to
0.2.33. The i ...)
- TODO: check
+ NOT-FOR-US: bytedance InfiniStore
CVE-2026-11309 (Insufficient policy enforcement in History in Google Chrome
prior to 1 ...)
TODO: check
CVE-2026-11308 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
@@ -1332,11 +1332,11 @@ CVE-2026-36175 (An issue in the U-Boot component of
GNCC GP5 v7.1.76 allows phys
CVE-2026-36174 (GNCC GP5 v7.1.76 was discovered to store sensitive wireless
network in ...)
NOT-FOR-US: GNCC GP5
CVE-2026-35906 (An undocumented debug CGI endpoint in T3 Technology CPE models
T625Pro ...)
- TODO: check
+ NOT-FOR-US: T3 Technology
CVE-2026-35905 (T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and
T7281 v1 ...)
- TODO: check
+ NOT-FOR-US: T3 Technology
CVE-2026-35904 (Incorrect access control in the web management interface of T3
Technol ...)
- TODO: check
+ NOT-FOR-US: T3 Technology
CVE-2026-2596
REJECTED
CVE-2026-28318 (SolarWinds Serv-U is susceptible to specially crafted POST
requests th ...)
@@ -1346,9 +1346,9 @@ CVE-2026-26825 (A use-of-uninitialized memory
vulnerability exists in libxls 1.6
CVE-2026-26824 (libxls through version 1.6.3 contains a use of uninitialized
memory vu ...)
TODO: check
CVE-2026-25551 (Seagull Software BarTender 2021 R1 through 12.0.1contains an
insecure ...)
- TODO: check
+ NOT-FOR-US: Seagull Software BarTender
CVE-2026-25550 (Seagull Software BarTender 2010, 2016, and 2019 contain an
unauthentic ...)
- TODO: check
+ NOT-FOR-US: Seagull Software BarTender
CVE-2026-22055 (Active IQ OneCollect version 2.7.3 contains hard-coded
credentials tha ...)
NOT-FOR-US: NetApp
CVE-2026-22054 (Active IQ Config Advisor version 6.7.3 contains hard-coded
credentials ...)
@@ -1673,33 +1673,33 @@ CVE-2026-36603 (Mercusys AC12G (EU) V1 router with
firmware AC12G(EU)_V1_200909
CVE-2026-36602 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 disclo ...)
NOT-FOR-US: Mercusys
CVE-2026-36576 (An OS command injection vulnerability in the app.py component
of openl ...)
- TODO: check
+ NOT-FOR-US: openlabs docker-wkhtmltopdf-aas
CVE-2026-36574 (A DLL hijacking vulnerability in Wassimulator (GitHub)
CactusViewer v2 ...)
- TODO: check
+ NOT-FOR-US: Wassimulator (GitHub) CactusViewer
CVE-2026-36460 (Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable
to a Cr ...)
NOT-FOR-US: Dovestones Softwares ADPhonebook
CVE-2026-35085 (A remote attacker with user privileges can exploit a stack
buffer over ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35084 (A remote attacker with user privileges can exploit a stack
buffer over ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35083 (A remote attacker with user privileges can exploit a stack
buffer over ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35082 (The ugw-logread method allows a remote attacker with user
privileges t ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35081 (The ugw-logstop method allows a remote attacker with user
privileges t ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35080 (The ugw-restoreinfo method allows a remote attacker with user
privileg ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35079 (The ugw-restore method allows a remote attacker with user
privileges t ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35078 (The ugw-logstop method allows a remote attacker with user
privileges ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35077 (The ugw-delete-file method allows a remote attacker with user
privileg ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35076 (The bac-scanresult method allows a remote attacker with user
privilege ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35075 (An unauthenticated remote attacker can recover a default, hard
coded p ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-26379 (Koha versions up to 25.11 contain a Server-Side Request
Forgery (SSRF) ...)
TODO: check
CVE-2026-26378 (Cross Site Scripting vulnerability in Koha 25.11 and before
allows a r ...)
@@ -1709,7 +1709,7 @@ CVE-2026-20233 (A vulnerability in the web-based user
interface of Cisco Webex M
CVE-2026-20230 (A vulnerability in Cisco Unified Communications Manager
(Unified CM) a ...)
NOT-FOR-US: Cisco
CVE-2026-20175 (A vulnerability in Cisco Finesse could allow an
unauthenticated, remot ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-10729 (An HTML injection vulnerability in the notification email for
"Slow Re ...)
TODO: check
CVE-2026-10722 (A vulnerability has been found in cilium ebpf up to 0.21.0.
This affec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c284ac78932ae0d3106f620e91a6d09058eb19c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c284ac78932ae0d3106f620e91a6d09058eb19c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
