Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e62d3f7 by Moritz Muehlenhoff at 2026-06-11T15:00:48+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -190,7 +190,7 @@ CVE-2026-46609 (Umbraco is an ASP.NET CMS. From version
14.0.0 to before version
CVE-2026-46558 (Plane is an open-source project management tool. Prior to
version 1.3. ...)
NOT-FOR-US: Plane
CVE-2026-46497 (Crawlee is a web scraping and browser automation library. From
version ...)
- TODO: check
+ NOT-FOR-US: Crawlee
CVE-2026-45569 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
NOT-FOR-US: Roxy-WI
CVE-2026-45567 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
@@ -254,7 +254,7 @@ CVE-2026-11884 (A heap buffer overflow flaw was found in
389 Directory Server. W
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2423624
TODO: check upstream details
CVE-2026-11859 (An HTML injection vulnerability in the "fetch links" email
sent by Thi ...)
- TODO: check
+ NOT-FOR-US: Canarytokens
CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be
susceptible ...)
NOT-FOR-US: Symantec
CVE-2026-11596 (In ScreenConnect\u2122 versions prior to 26.2, input
validation within ...)
@@ -264,11 +264,11 @@ CVE-2026-11417 (OS command injection in the
NodejsFunction local bundling pipeli
CVE-2026-10740 (Unbounded memory allocation in the CRYPTO frame reassembler in
s2n-qui ...)
NOT-FOR-US: Amazon
CVE-2026-10721 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection
viaunse ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2025-71330 (image-size through 2.0.2 contains a denial of service
vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Node image-size
CVE-2025-71329 (image-size through 2.0.2 contains a denial of service
vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Node image-size
CVE-2025-6254 (The Doctreat Core plugin for WordPress is vulnerable to
Privilege Esca ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10238 (During an internal security assessment, apotential
out-of-bounds write ...)
@@ -276,7 +276,7 @@ CVE-2025-10238 (During an internal security assessment,
apotential out-of-bounds
CVE-2025-10237 (During an internal security assessment, a potential
vulnerability was ...)
NOT-FOR-US: Lenovo
CVE-2024-58350 (Ghidra before 11.2 contains a use after free vulnerability in
the Slei ...)
- TODO: check
+ - ghidra <itp> (bug #923851)
CVE-2026-XXXX [OnionShare follows symlinks in shared directories, allowing
unintended disclosure of local files]
- onionshare <unfixed>
NOTE:
https://github.com/onionshare/onionshare/security/advisories/GHSA-22p9-r2f5-22mf
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e62d3f7228caf267e6367ccd35905f1dfe1613c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e62d3f7228caf267e6367ccd35905f1dfe1613c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
