Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a5e0c57d by Salvatore Bonaccorso at 2026-06-10T06:05:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,13 +8,13 @@ CVE-2026-44235
- librabbitmq 0.16.0-1
NOTE:
https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-9mmv-r8g3-qp46
CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process
to exec ...)
- TODO: check
+ NOT-FOR-US: Logseq
CVE-2026-9213 (A vulnerability inthe affectedNETGEAR gaming routers
allowsattackers w ...)
NOT-FOR-US: Netgear
CVE-2026-9212 (Insufficient authentication and input validation in thelisted
NETGEAR ...)
NOT-FOR-US: Netgear
CVE-2026-9211 (An unauthenticated user on the local network can gain control
of the r ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-9210 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
NOT-FOR-US: Netgear
CVE-2026-8863 (Multiple version of UEFI SHIM bootloaders are vulnerable to
SecureBoo ...)
@@ -28,17 +28,17 @@ CVE-2026-8365 (The Blocksy theme for WordPress is
vulnerable to PHP Object Injec
CVE-2026-8045 (CWE-611 Improper Restriction of XML External Entity Reference
vulnerab ...)
NOT-FOR-US: Schneider Electric
CVE-2026-8025 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: CBS Platform
CVE-2026-7542 (The Slider Revolution plugin for WordPress is vulnerable to
Sensitive ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7486 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: E-Imar
CVE-2026-6899 (Check for certificate revocation only considers the first
matching CRL ...)
- TODO: check
+ NOT-FOR-US: S2OPC library
CVE-2026-5068 (A remote, unauthenticated BLE peer can trigger a 2-byte
out-of-bounds ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-52902 (A path traversal vulnerability was found in awxkit, the CLI
tool for A ...)
- TODO: check
+ NOT-FOR-US: awxkit
CVE-2026-50636 (The RemoteControl API methods invite_participants and
remind_participa ...)
TODO: check
CVE-2026-50635 (LimeSurvey constructs account password-reset links from the
client-sup ...)
@@ -54,17 +54,17 @@ CVE-2026-50507 (Protection mechanism failure in Windows
BitLocker allows an unau
CVE-2026-4058 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49959 (Hermes WebUI before version 0.51.311 contains a remote code
execution ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49958 (Hermes WebUI before version 0.51.303 contains a time-of-check
time-of- ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49957 (Hermes WebUI before version 0.51.269 contains a workspace
boundary byp ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49956 (Hermes WebUI before version 0.51.269 contains a profile
isolation bypa ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49955 (Hermes WebUI before version 0.51.270 contains a resource
exhaustion vu ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49948 (Mem0 versions through 0.2.8, fixed in commit ae7f406, contain
a missin ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-49938 (A improper access control vulnerability in Fortinet
FortiPortal 7.4.0 ...)
NOT-FOR-US: Fortinet
CVE-2026-49848 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
@@ -240,11 +240,11 @@ CVE-2026-47936 (Adobe Experience Manager versions 6.5.24,
LTS SP1, 2026.04 and e
CVE-2026-47935 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
NOT-FOR-US: Adobe
CVE-2026-47901 (Logseq is vulnerable to a sandbox escape flaw where plugins
running in ...)
- TODO: check
+ NOT-FOR-US: Logseq
CVE-2026-47900 (Logseq is vulnerable to a stored cross-site scripting (XSS). A
malicio ...)
- TODO: check
+ NOT-FOR-US: Logseq
CVE-2026-47899 (The Electron preload script in Logseq exposes an API method
that allow ...)
- TODO: check
+ NOT-FOR-US: Logseq
CVE-2026-47656 (Protection mechanism failure in Windows Boot Manager allows an
authori ...)
NOT-FOR-US: Microsoft
CVE-2026-47654 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
@@ -318,7 +318,7 @@ CVE-2026-46747 (A vulnerability has been identified in
SINEC INS (All versions <
CVE-2026-46746 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
NOT-FOR-US: Siemens
CVE-2026-46492 (md-fileserver allows for local viewing of markdown files in a
browser. ...)
- TODO: check
+ NOT-FOR-US: md-fileserver
CVE-2026-45771 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
TODO: check
CVE-2026-45658 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
@@ -614,13 +614,13 @@ CVE-2026-42829 (Improper access control in Windows
Administrator Protection allo
CVE-2026-42828 (Buffer over-read in Windows Projected File System Filter
Driver allows ...)
NOT-FOR-US: Microsoft
CVE-2026-42599 (Svelte is a performance oriented web framework. Prior to
version 5.55. ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-42573 (Svelte is a performance oriented web framework. Prior to
version 5.55. ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-42570 (Svelte devalue is a JavaScript library that serializes values
into str ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-42567 (Svelte is a performance oriented web framework. From version
5.51.5 to ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-41986 (Logic bypass vulnerability in the file system. Impact:
Successful expl ...)
NOT-FOR-US: Huawei
CVE-2026-41985 (UAF vulnerability in the package management module.Impact:
Successful ...)
@@ -652,7 +652,7 @@ CVE-2026-41098 (Improper neutralization of input during web
page generation ('cr
CVE-2026-41092 (Improper access control in Microsoft Kinect allows an
authorized attac ...)
NOT-FOR-US: Microsoft
CVE-2026-41031 (A Stored Cross-Site Scripting vulnerability in Vinna Process
Monitor V ...)
- TODO: check
+ NOT-FOR-US: Vinna Process Monitor
CVE-2026-40639 (Dell Client Platform BIOS contains a Weak Encoding for
Password vulner ...)
NOT-FOR-US: Dell / EMC
CVE-2026-40409 (Windows Universal Disk Format File System Driver (UDFS)
Elevation of P ...)
@@ -664,11 +664,11 @@ CVE-2026-40376 (Improper input validation in Visual
Studio Code allows an unauth
CVE-2026-40371 (Improper handling of insufficient permissions or privileges in
Microso ...)
NOT-FOR-US: Microsoft
CVE-2026-3088 (Unauthenticated users on the local network can cause the router
to bec ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-39170 (SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF)
via craf ...)
- TODO: check
+ NOT-FOR-US: SemCms
CVE-2026-39169 (SEMCMS 5.0 is vulnerable to unauthorized access in
SEMCMS_copy.php.)
- TODO: check
+ NOT-FOR-US: SemCms
CVE-2026-38615 (DedeCMS V5.7.118 is vulnerable to Command Execution in
file_manage_con ...)
NOT-FOR-US: DedeCMS
CVE-2026-36823 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
@@ -748,25 +748,25 @@ CVE-2026-36771 (Shenzhen Tenda Technology Co., Ltd Tenda
W3 Wireless Router v1.0
CVE-2026-36770 (Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3
was disc ...)
NOT-FOR-US: Tenda
CVE-2026-36728 (A markdown based cross-site scripting (XSS) vulnerability in
the AI as ...)
- TODO: check
+ NOT-FOR-US: FastapiAdmin
CVE-2026-36727 (An insecure authentication vulnerability in the
/api/social-sign-in en ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36726 (An arbitrary file deletion vulnerability in the
/api/delete-temp-licen ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36725 (A markdown based cross-site scripting (XSS) vulnerability in
the /syst ...)
- TODO: check
+ NOT-FOR-US: FastapiAdmin
CVE-2026-36724 (An uncaught exception in the /application/job/update/{id}
endpoint of ...)
- TODO: check
+ NOT-FOR-US: FastapiAdmin
CVE-2026-36723 (An unrestricted file rename vulnerability in the
/api/create-user comp ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36722 (An authenticated arbitrary file upload vulnerability in the
/api/creat ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36721 (A lack of cryptographic signature verification in the
validateAccessTo ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36720 (Insecure permissions in bookcars v8.3 allows authenticated
attackers t ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36719 (An information disclosure vulnerability in the
/api/v1/user/info endpo ...)
- TODO: check
+ NOT-FOR-US: AgentChat
CVE-2026-34905 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-34708 (InCopy versions 21.3, 20.5.3 and earlier are affected by a
Stack-based ...)
@@ -820,15 +820,15 @@ CVE-2026-33113 (Improper neutralization of input during
web page generation ('cr
CVE-2026-32193 (Improper limitation of a pathname to a restricted directory
('path tra ...)
NOT-FOR-US: Microsoft
CVE-2026-30141 (An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A
buffer overf ...)
- TODO: check
+ NOT-FOR-US: bitbank2 AnimatedGIF
CVE-2026-2638 (A vulnerability in the quarantine and restore workflow of the
X-VPN ma ...)
- TODO: check
+ NOT-FOR-US: X-VPNmacOS website
CVE-2026-28301 (A vulnerability in which an attacker can provide a crafted
external UR ...)
NOT-FOR-US: SolarWinds
CVE-2026-28262 (Dell iDRAC Tools, versions prior to 11.4.1.0, contains an
Improper Lin ...)
NOT-FOR-US: Dell / EMC
CVE-2026-28237 (Unrestricted resource allocation in AMD uProf may be
exploitable to co ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-26142 (Deserialization of untrusted data in Nuance PowerScribe allows
an unau ...)
NOT-FOR-US: Microsoft
CVE-2026-25699 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
@@ -844,11 +844,11 @@ CVE-2026-24181 (NVIDIA DALI contains a vulnerability in a
component where an att
CVE-2026-24180 (NVIDIA DALI contains a vulnerability in a component where an
attacker ...)
NOT-FOR-US: NVIDIA
CVE-2026-24065 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain
a local ...)
- TODO: check
+ NOT-FOR-US: Waves Central for macOS
CVE-2026-24064 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain
a local ...)
- TODO: check
+ NOT-FOR-US: Waves Central for macOS
CVE-2026-22926 (Omnissa Workspace ONE\xae Assist for macOS contains a Local
Privilege ...)
- TODO: check
+ NOT-FOR-US: Omnissa
CVE-2026-11793 (A stack buffer overflow flaw was found in 389 Directory
Server. The ch ...)
TODO: check
CVE-2026-11792 (A heap buffer overflow flaw was found in 389 Directory Server.
When au ...)
@@ -880,19 +880,19 @@ CVE-2026-10523 (An Authentication Bypass vulnerability
(CWE-288)in IvantiSentry
CVE-2026-10520 (An OS Command Injection vulnerabilityin IvantiSentry
beforetheR10.5.2, ...)
NOT-FOR-US: Ivanti
CVE-2026-10045 (Shenzhen Kangda Xin Intelligent Network Technology Company's
router, m ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Kangda Xin Intelligent Network Technology Company
router
CVE-2026-0466 (Improper access control in AMD uProf may allow a local attacker
with u ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-0420 (An improper implementation of TLS certificate validation
vulnerability ...)
NOT-FOR-US: Netgear
CVE-2026-0419 (Insufficient input validation in NETGEAR JR6150 (AC750 WiFi
Router 802 ...)
NOT-FOR-US: Netgear
CVE-2026-0418 (Insufficient configuration management in the listed
devicesallows auth ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0417 (Insufficient input validation vulnerability in
NETGEARdevicesallows au ...)
NOT-FOR-US: Netgear
CVE-2026-0416 (Authenticated administrators connected to the local network can
modify ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0415 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
NOT-FOR-US: Netgear
CVE-2026-0414 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
@@ -904,7 +904,7 @@ CVE-2026-0412 (Insufficient input validation vulnerability
in NETGEAR JR6150 (AC
CVE-2026-0411 (An information disclosure vulnerability in theNETGEAROrbi
satellites c ...)
NOT-FOR-US: Netgear
CVE-2026-0410 (Authenticated administrators connected to the local network can
gain ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0409 (ANETGEARsecurity issue that could allow an attacker with
ability to in ...)
NOT-FOR-US: Netgear
CVE-2025-67862 (An Internal Asset Exposed to Unsafe Debug Access Level or
State vulner ...)
@@ -920,7 +920,7 @@ CVE-2025-55657 (A NULL pointer dereference in the
gf_odf_vvc_cfg_write_bs functi
CVE-2025-55651 (A NULL pointer dereference in the gf_isom_get_user_data_count
function ...)
TODO: check
CVE-2025-54509 (Improper access control for register interface in the
input-output mem ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-52293 (A segmentation violaton in the gf_hevc_read_sps_bs_internal
function ( ...)
TODO: check
CVE-2025-52292 (A stack buffer overflow in the filein_process function
(in_file.c) of ...)
@@ -928,35 +928,35 @@ CVE-2025-52292 (A stack buffer overflow in the
filein_process function (in_file.
CVE-2025-40808 (A vulnerability has been identified in SIPROTEC 5 6MD84
(CP300) (All v ...)
NOT-FOR-US: Siemens
CVE-2023-43688 (An issue was discovered in Malwarebytes 4.x and 5.x (and
Nebula 2020-1 ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2023-43686 (An issue was discovered in Malwarebytes 4.x and 5.x (and
Nebula 2020-1 ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2017-20251 (WordPress Insert PHP plugin versions before 3.3.1 contain a
PHP code i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20250 (Mac Photo Gallery 3.0 contains a path traversal vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: Mac Photo Gallery
CVE-2017-20249 (Apptha Slider Gallery 1.0 contains an SQL injection
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Apptha Slider Gallery
CVE-2017-20248 (Apptha Slider Gallery 1.0 contains a path traversal
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Apptha Slider Gallery
CVE-2017-20247 (WordPress Plugin PICA Photo Gallery 1.0 contains an SQL
injection vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20246 (KittyCatfish 2.2 plugin for WordPress contains an SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20245 (Wow Viral Signups 2.1 WordPress plugin contains an SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20244 (Wow Forms WordPress Plugin version 2.1 contains an SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20243 (WordPress Car Park Booking Plugin version 13 October 17
contains a tim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20065 (Product Catalog 8 1.2 plugin for WordPress contains an SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20064 (WP Vault 0.8.6.6 contains a local file inclusion vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20063 (Single Personal Message 1.0.3 contains an SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20062 (Simply Poll 1.4.1 plugin for WordPress contains an SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-45446 (Issue summary: The implementations of AES-SIV (RFC 5297) and
AES-GCM-S ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1357,7 +1357,7 @@ CVE-2026-11583 (A vulnerability has been found in
CodeAstro Student Attendance M
CVE-2026-11582 (A flaw has been found in CodeAstro Student Attendance
Management Syste ...)
NOT-FOR-US: CodeAstro
CVE-2026-11572 (Versions of the package degit before 2.8.6, from 3.0.0 and
before 3.3. ...)
- TODO: check
+ NOT-FOR-US: degit
CVE-2026-10862 (The Accordions plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10738 (The jQuery Hover Footnotes plugin for WordPress is vulnerable
to Store ...)
@@ -353464,7 +353464,7 @@ CVE-2023-29148
CVE-2023-29147 (In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass
the det ...)
NOT-FOR-US: Malwarebytes EDR
CVE-2023-29146 (The utility functions used by Malwarebytes EDR 1.0.11 on Linux
for cal ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly
ensure w ...)
NOT-FOR-US: Malwarebytes EDR
CVE-2023-29144 (Malwarebytes 1.0.14 for Linux doesn't properly compute
signatures in s ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5e0c57dd166d029ecda2ee33ba8b02f6e924146
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5e0c57dd166d029ecda2ee33ba8b02f6e924146
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
