Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bff0ec79 by Salvatore Bonaccorso at 2026-06-06T10:17:14+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73,27 +73,27 @@ CVE-2026-6240 (A stack-based buffer overflow vulnerability
exists in Tapo C520WS
CVE-2026-6239 (A stack\u2011based buffer overflow vulnerability exists in Tapo
C520WS ...)
NOT-FOR-US: TPLink
CVE-2026-46493 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. V ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46401 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. V ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46400 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. S ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46398 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. S ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46397 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46357 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-45779 (OpenXDMoD is an open framework for collecting and analyzing
HPC metric ...)
- TODO: check
+ NOT-FOR-US: OpenXDMoD
CVE-2026-45778 (OpenXDMoD is an open framework for collecting and analyzing
HPC metric ...)
- TODO: check
+ NOT-FOR-US: OpenXDMoD
CVE-2026-45777 (OpenXDMoD is an open framework for collecting and analyzing
HPC metric ...)
- TODO: check
+ NOT-FOR-US: OpenXDMoD
CVE-2026-45776 (OpenXDMoD is an open framework for collecting and analyzing
HPC metric ...)
- TODO: check
+ NOT-FOR-US: OpenXDMoD
CVE-2026-45758 (Guardrails AI is a Python framework that helps build AI
applications. ...)
- TODO: check
+ NOT-FOR-US: Guardrails AI
CVE-2026-45409 (Internationalized Domain Names in Applications (IDNA) for
Python provi ...)
TODO: check
CVE-2026-45300 (The AsyncHttpClient (AHC) library allows Java applications to
easily e ...)
@@ -115,23 +115,23 @@ CVE-2026-25621 (A Reports application infrastructure
vulnerability exists in Ari
CVE-2026-25620 (An encrypted password command injection vulnerability exists
in the Ca ...)
NOT-FOR-US: Arista Networks
CVE-2026-11431 (A path traversal vulnerability exists in the Projects Service
download ...)
- TODO: check
+ NOT-FOR-US: Altium
CVE-2026-11429 (A path traversal vulnerability exists in the Git Service
component sha ...)
- TODO: check
+ NOT-FOR-US: Altium
CVE-2026-11424 (A server-side request forgery (SSRF) vulnerability exists in a
GraphQL ...)
- TODO: check
+ NOT-FOR-US: Altium
CVE-2026-11423 (A path traversal vulnerability exists in the Altium Enterprise
Server ...)
- TODO: check
+ NOT-FOR-US: Altium
CVE-2026-11422 (Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28
contains ...)
- TODO: check
+ NOT-FOR-US: Markdown Preview Enhanced
CVE-2026-11420 (Two path traversal vulnerabilities in the Network Installation
Service ...)
- TODO: check
+ NOT-FOR-US: Altium
CVE-2026-11419 (A path traversal vulnerability exists in the Altium Enterprise
Server ...)
- TODO: check
+ NOT-FOR-US: Altium
CVE-2026-11416 (MoviePilot contains a path traversal vulnerability in the
AliPan, U115 ...)
- TODO: check
+ NOT-FOR-US: MoviePilot
CVE-2026-11414 (A hard-coded cryptographic key is used by Altium Enterprise
Server to ...)
- TODO: check
+ NOT-FOR-US: Altium
CVE-2026-11401 (An untrusted search path issue in the GlobalDatabasePlugin in
the AWS ...)
NOT-FOR-US: Amazon
CVE-2026-11400 (An untrusted search path issue in the GlobalDatabasePlugin in
the AWS ...)
@@ -1666,15 +1666,15 @@ CVE-2026-10875 (A security flaw has been discovered in
projectworlds Online Art
CVE-2026-10874 (A vulnerability was identified in projectworlds Online Art
Gallery Sho ...)
NOT-FOR-US: Project Worlds
CVE-2026-10873 (A vulnerability was determined in Shibby Tomato 1.28.0000.
Impacted is ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10872 (A vulnerability was found in Shibby Tomato 1.28.0000. This
issue affec ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10871 (A vulnerability has been found in Shibby Tomato 1.28.0000.
This vulner ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10870 (A flaw has been found in Shibby Tomato 1.28.0000. This affects
the fun ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10732 (All versions of the package decompress are vulnerable to
Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: Node decompress module
CVE-2026-10586 (The Gutenberg Essential Blocks \u2013 Page Builder for
Gutenberg Block ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10580 (The Hippoo Mobile App for WooCommerce plugin for WordPress is
vulnerab ...)
@@ -1682,9 +1682,9 @@ CVE-2026-10580 (The Hippoo Mobile App for WooCommerce
plugin for WordPress is vu
CVE-2025-8873 (On affected platforms running Arista EOS with IPsec configured,
a spec ...)
NOT-FOR-US: Arista Networks
CVE-2025-71318 (NetMan 204 fails to enforce authentication on its
administrative pages ...)
- TODO: check
+ NOT-FOR-US: NetMan
CVE-2025-71317 (NetMan 204 contains a hard-coded backdoor account with the
username an ...)
- TODO: check
+ NOT-FOR-US: NetMan
CVE-2025-5090 (CVX is not resilient to unexpected messages from a connected
switch. T ...)
NOT-FOR-US: Arista Networks
CVE-2025-5089 (In a CVX cluster, an EOS switch connected to a CVX server is
not resil ...)
@@ -1941,35 +1941,35 @@ CVE-2026-22055 (Active IQ OneCollect version 2.7.3
contains hard-coded credentia
CVE-2026-22054 (Active IQ Config Advisor version 6.7.3 contains hard-coded
credentials ...)
NOT-FOR-US: NetApp
CVE-2026-10880 (OSNexus QuantaStor SDS Manager is vulnerable to SQL injection
in the l ...)
- TODO: check
+ NOT-FOR-US: OSNexus QuantaStor SDS Manager
CVE-2026-10868 (A mass assignment vulnerability exists in the MISP user edit
functiona ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10864 (A vulnerability in the MISP dashboard widgets allowed an
authenticated ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10863 (A security issue was fixed in the correlations
over-correlation endpoi ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10861 (An open redirect vulnerability existed in MISP
UsersController::routea ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10860 (A logic error in the MISP CRUD component delete handler
allowed valida ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10856 (A URL validation flaw in the MISP dashboard button widget
allowed a cr ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10855 (An authorization flaw existed in the MISP Event Template
Importer over ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10854 (A visibility control issue in the event template creation
workflow all ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-10843 (A flaw was found in the OpenShift Cloud Credential Operator
Mint-mode ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift
CVE-2026-10840 (A flaw was found in the OpenShift Pipelines operator. The
tekton-sched ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift
CVE-2026-10815 (A vulnerability was found in LakshayD02
Hostel-Management-System-PHP u ...)
- TODO: check
+ NOT-FOR-US: LakshayD02 Hostel-Management-System-PHP
CVE-2026-10814 (A vulnerability has been found in milvus-io milvus up to
2.6.13. This ...)
- TODO: check
+ NOT-FOR-US: milvus-io milvus
CVE-2026-10813 (A flaw has been found in LMCache up to 0.4.6. This affects the
functio ...)
- TODO: check
+ NOT-FOR-US: LMCache
CVE-2026-10812 (A vulnerability was detected in zilliztech GPTCache up to
0.1.44. Affe ...)
- TODO: check
+ NOT-FOR-US: zilliztech GPTCache
CVE-2026-10811 (A security vulnerability has been detected in itsourcecode
Fees Manage ...)
NOT-FOR-US: itsourcecode System
CVE-2026-10810 (A weakness has been identified in itsourcecode Fees Management
System ...)
@@ -1979,51 +1979,51 @@ CVE-2026-10809 (A security flaw has been discovered in
itsourcecode Fees Managem
CVE-2026-10808 (A vulnerability was identified in itsourcecode Fees Management
System ...)
NOT-FOR-US: itsourcecode System
CVE-2026-10807 (A vulnerability was determined in mjperpinosa stumasy. The
impacted el ...)
- TODO: check
+ NOT-FOR-US: mjperpinosa stumasy
CVE-2026-10806 (A vulnerability was found in mjperpinosa stumasy. The affected
element ...)
- TODO: check
+ NOT-FOR-US: mjperpinosa stumasy
CVE-2026-10805 (A flaw was found in NetworkManager. This local privilege
escalation vu ...)
TODO: check
CVE-2026-10804 (A vulnerability has been found in Streamlit up to 1.53.0.
Impacted is ...)
- TODO: check
+ NOT-FOR-US: Streamlit
CVE-2026-10803 (A flaw has been found in MLflow up to 3.10.0. This issue
affects the f ...)
NOT-FOR-US: mlflow
CVE-2026-10802 (A vulnerability was detected in keystonejs keystone up to
20260319. Th ...)
- TODO: check
+ NOT-FOR-US: keystonejs/keystone
CVE-2026-10801 (A security vulnerability has been detected in modelscope
ms-swift up t ...)
- TODO: check
+ NOT-FOR-US: modelscope ms-swift
CVE-2026-10800 (A weakness has been identified in PaddlePaddle FastDeploy up
to 2.4.1. ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle FastDeploy
CVE-2026-10796 (nvm (Node Version Manager) through 0.40.4 executes arbitrary
commands ...)
TODO: check
CVE-2026-10783 (A security flaw has been discovered in gradio-app gradio
6.14.0. This ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2026-10777 (A vulnerability was identified in ealpha072
Student-Management-System ...)
- TODO: check
+ NOT-FOR-US: ealpha072 Student-Management-System
CVE-2026-10775 (A vulnerability was determined in sgl-project SGLang up to
0.5.11. Aff ...)
- TODO: check
+ NOT-FOR-US: sgl-project SGLang
CVE-2026-10771 (A vulnerability was found in crmeb crmeb_java 1.4. Affected is
the fun ...)
- TODO: check
+ NOT-FOR-US: crmeb crmeb_java
CVE-2026-10766 (A vulnerability has been found in mlrun up to 1.12.0-rc3. This
impacts ...)
- TODO: check
+ NOT-FOR-US: mlrun
CVE-2026-10737 (The SP Project & Document Manager plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10597 (OMICARD EDM developed by ITPison has a Insecure Direct Object
Referenc ...)
- TODO: check
+ NOT-FOR-US: ITPison
CVE-2026-10305 (Out-of-bounds read vulnerability in Samsung Open Source
rlottie allows ...)
TODO: check
CVE-2025-71316 (SQLite 'sqldiff.exe' does not securely handle the way the
Microsoft Wi ...)
TODO: check
CVE-2025-69755 (An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03
allows a re ...)
- TODO: check
+ NOT-FOR-US: Neterbit
CVE-2025-67448 (The SMS module in Neterbit NW-431F Router 20241014-IR03 and
before is ...)
- TODO: check
+ NOT-FOR-US: Neterbit
CVE-2025-67447 (The network diagnosis (ping) module in Neterbit NW-431F Router
2024101 ...)
- TODO: check
+ NOT-FOR-US: Neterbit
CVE-2025-67446 (Improper Authentication (Authentication Bypass) exists in
Neterbit NW- ...)
- TODO: check
+ NOT-FOR-US: Neterbit
CVE-2025-65640 (Cross Site Scripting (XSS) vulnerability in the "Task in
Progress / Re ...)
- TODO: check
+ NOT-FOR-US: Arket Globe Document Intelligence
CVE-2025-62338 (HCL BigFix Cloud Lifecycle Management is affected by lack of
input val ...)
NOT-FOR-US: HCL
CVE-2025-59874 (HCL Hive Telco Observability is affected by a Required
directives miss ...)
@@ -2043,45 +2043,45 @@ CVE-2025-46638 (Dell BSAFE SSL-J contains an allocation
of resources without lim
CVE-2025-12694 (A local privilege escalation vulnerability exists in
Forcepoint VPN Cl ...)
NOT-FOR-US: Forcepoint
CVE-2019-25745 (WordPress Plugin Google Review Slider 6.1 contains a
time-based blind ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2019-25744 (WordPress Popup Builder 3.49 contains a persistent cross-site
scriptin ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2019-25743 (WordPress Soliloquy Lite 2.5.6 contains a persistent
cross-site script ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2019-25742 (WordPress Theme Zoner Real Estate 4.1.1 contains a persistent
cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2019-25741 (Mobatek MobaXterm 12.1 contains a structured exception
handling (SEH) ...)
- TODO: check
+ NOT-FOR-US: Mobatek MobaXterm
CVE-2019-25740 (Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Joomla com_jsjobs
CVE-2019-25739 (GigToDo 1.3 contains a persistent cross-site scripting
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: GigToDo
CVE-2019-25738 (WordPress Hybrid Composer 1.4.6 contains an unauthenticated
settings c ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2019-25737 (Live Chat Unlimited 2.8.3 contains a stored cross-site
scripting vulne ...)
- TODO: check
+ NOT-FOR-US: Live Chat
CVE-2019-25736 (LabF nfsAxe 3.7 Ping Client contains a buffer overflow
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: LabF nfsAxe
CVE-2019-25735 (AllPlayer 7.4 contains a local buffer overflow vulnerability
in URL ha ...)
- TODO: check
+ NOT-FOR-US: AllPlayer
CVE-2019-25734 (Contact Form by WD 1.13.1 contains a cross-site request
forgery vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2019-25733 (NetShareWatcher 1.5.8.0 contains a structured exception
handler buffer ...)
- TODO: check
+ NOT-FOR-US: NetShareWatcher
CVE-2019-25732 (PHP EI-Tube Script 3 contains an SQL injection vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: PHP EI-Tube Script
CVE-2019-25731 (Zuz Music 2.1 contains a persistent cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Zuz Music
CVE-2019-25730 (Listing Hub CMS 1.0 contains a SQL injection vulnerability
that allows ...)
- TODO: check
+ NOT-FOR-US: Listing Hub CMS
CVE-2019-25729 (PDF Signer 3.0 contains a server-side template injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: PDF Signer
CVE-2019-25728 (Care2x 2.7 contains multiple SQL injection vulnerabilities
that allow ...)
- TODO: check
+ NOT-FOR-US: Care2x
CVE-2019-25727 (WordPress Plugin ad manager wd 1.0.11 contains an arbitrary
file downl ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2019-25726 (All in One Video Downloader 1.2 contains an SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: All in One Video Downloader
CVE-2026-46741 (Etsy::StatsD versions through 1.002002 for Perl allow metric
injection ...)
NOT-FOR-US: Etsy::StatsD Perl module
CVE-2026-46739 (Net::Statsd versions before 0.13 for Perl allow metric
injections. Th ...)
@@ -2298,13 +2298,13 @@ CVE-2026-20230 (A vulnerability in Cisco Unified
Communications Manager (Unified
CVE-2026-20175 (A vulnerability in Cisco Finesse could allow an
unauthenticated, remot ...)
NOT-FOR-US: Cisco
CVE-2026-10729 (An HTML injection vulnerability in the notification email for
"Slow Re ...)
- TODO: check
+ NOT-FOR-US: Thinkst Applied Research Canarytokens
CVE-2026-10722 (A vulnerability has been found in cilium ebpf up to 0.21.0.
This affec ...)
TODO: check
CVE-2025-70101 (An out-of-bounds read in the ext4_ext_binsearch_idx function
in src/ex ...)
- TODO: check
+ NOT-FOR-US: lwext4
CVE-2025-70100 (A divide-by-zero vulnerability in the ext4_block_set_lb_size
function ...)
- TODO: check
+ NOT-FOR-US: lwext4
CVE-2025-60477 (A NULL pointer dereference in the
gf_filter_pid_resolve_file_template_ ...)
TODO: check
CVE-2025-41259 (SWUpdate before 2026.05 is affected by a time-of-check
time-of-use (TO ...)
@@ -2335,7 +2335,7 @@ CVE-2022-49042 (An inclusion of functionality from
untrusted control sphere vuln
CVE-2022-49036 (An inclusion of functionality from untrusted control sphere
vulnerabil ...)
NOT-FOR-US: Synology
CVE-2019-25720 (Dr\xe4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC
7000, SC 800 ...)
- TODO: check
+ NOT-FOR-US: Draeger
CVE-2026-3276 (unicodedata.normalize() can take excessive CPU time when
processing sp ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
@@ -2865,7 +2865,7 @@ CVE-2026-48861 (Improper Neutralization of CRLF Sequences
('CRLF Injection') vul
CVE-2026-47117 (OpenMed before 1.5.2 contains a remote code execution
vulnerability in ...)
NOT-FOR-US: OpenMed
CVE-2026-46718 (Use of Externally-Controlled Input to Select Classes or Code
('Unsafe ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-45686 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
NOT-FOR-US: OpenTelemetry eBPF Instrumentation
CVE-2026-45685 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
@@ -424945,7 +424945,7 @@ CVE-2022-31116 (UltraJSON is a fast JSON encoder and
decoder written in pure C w
CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of
elasticsear ...)
NOT-FOR-US: opensearch-ruby
CVE-2022-31114 (backpack/crud provides Create, Read, Update & Delete (CRUD)
functions ...)
- TODO: check
+ NOT-FOR-US: Laravel-Backpack
CVE-2022-31113 (Canarytokens is an open source tool which helps track activity
and act ...)
NOT-FOR-US: thinkst/canarytokens
CVE-2022-31112 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -542731,7 +542731,7 @@ CVE-2020-25902 (Blackboard Collaborate Ultra 20.02 is
affected by a cross-site s
CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the
attacker to r ...)
NOT-FOR-US: Spiceworks
CVE-2020-25900 (HelloTalk through 3.4.1 stores full-precision GPS coordinates
even whe ...)
- TODO: check
+ NOT-FOR-US: HelloTalk
CVE-2020-25899
RESERVED
CVE-2020-25898
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bff0ec7920400dbc49289d23a553bedfe068ba7b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bff0ec7920400dbc49289d23a553bedfe068ba7b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
