Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23a3411a by Moritz Muehlenhoff at 2026-06-10T12:55:41+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -182,7 +182,7 @@ CVE-2026-46491 (SimpleSAMLphp-casserver is a CAS 1.0 and
2.0 compliant CAS serve
CVE-2026-46432 (LMDeploy is a toolkit for compressing, deploying, and serving
large la ...)
NOT-FOR-US: LMDeploy
CVE-2026-46411 (FlashMQ is a MQTT broker/server, designed for multi-CPU
environments. ...)
- TODO: check
+ - flashmq <itp> (bug #1100047)
CVE-2026-46374 (SQLFluff is a modular SQL linter and auto-formatter with
support for m ...)
- sqlfluff <unfixed>
NOTE:
https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-73jc-5mrq-prw7
@@ -204,9 +204,9 @@ CVE-2026-45160 (ESF-IDF is the Espressif Internet of Things
(IOT) Development Fr
CVE-2026-44963 (A vulnerability allowing remote code execution (RCE) on the
Backup Ser ...)
NOT-FOR-US: Veeam
CVE-2026-44716 (Pipecat is an open-source Python framework for building
real-time voic ...)
- TODO: check
+ NOT-FOR-US: Pipecat
CVE-2026-44634 (SimpleBLE is a cross-platform library and bindings for
Bluetooth Low E ...)
- TODO: check
+ NOT-FOR-US: SimpleBLE
CVE-2026-44505 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake
protocol ba ...)
NOT-FOR-US: Nimiq
CVE-2026-41837 (Spring Data REST's Querydsl integration accepts arbitrary
persistent p ...)
@@ -274,11 +274,11 @@ CVE-2026-34709 (Substance3D - Sampler versions 6.0.0 and
earlier are affected by
CVE-2026-34657 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
NOT-FOR-US: Adobe
CVE-2026-34417 (OSCAL-GUI contains a reflected cross-site scripting
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: OSCAL-GUI
CVE-2026-34416 (OSCAL-GUI contains a reflected cross-site scripting
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: OSCAL-GUI
CVE-2026-32856 (Ellucian Banner Self-Service before the April T2 release
(2025-04-23) ...)
- TODO: check
+ NOT-FOR-US: Ellucian Banner Self-Service
CVE-2026-29116 (A vulnerability has been found in some Dahua products could
allow an u ...)
NOT-FOR-US: Dahua
CVE-2026-29115 (A vulnerability has been found in some Dahua products could
allow an a ...)
@@ -329,7 +329,7 @@ CVE-2026-10238
CVE-2025-8444 (The Animation Addons for Elementor \u2013 GSAP Powered
Elementor Addon ...)
NOT-FOR-US: WordPress plugin
CVE-2025-71319 (image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a
denial ...)
- TODO: check
+ NOT-FOR-US: Node image-size
CVE-2025-66281 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
NOT-FOR-US: QNAP
CVE-2025-66280 (An integer overflow or wraparound vulnerability has been
reported to a ...)
@@ -21707,7 +21707,7 @@ CVE-2026-42213 (SolidCAM-GPPL-IDE is an unofficial,
independently developed exte
CVE-2026-42212 (SolidCAM-GPPL-IDE is an unofficial, independently developed
extension, ...)
NOT-FOR-US: SolidCAM-GPPL-IDE
CVE-2026-42209 (FlashMQ is a MQTT broker/server, designed for multi-CPU
environments. ...)
- NOT-FOR-US: FlashMQ
+ - flashmq <itp> (bug #1100047)
CVE-2026-42206 (Roadiz is a polymorphic content management system based on a
node syst ...)
NOT-FOR-US: Roadiz
CVE-2026-42205 (Avo is a framework to create admin panels for Ruby on Rails
apps. Prio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a3411a6425192650ca1e9786e2c78118bd5c77
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a3411a6425192650ca1e9786e2c78118bd5c77
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
