Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2af7dcce by Moritz Muehlenhoff at 2026-06-12T17:36:18+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -489,9 +489,9 @@ CVE-2026-46519 (mcp-server-kubernetes is a Model Context
Protocol server for Kub
CVE-2026-45783 (libp2p is a JavaScript Implementation of libp2p networking
stack. Prio ...)
NOT-FOR-US: Node libp2p
CVE-2026-45384 (bit7z is a cross-platform C++ static library that allows the
compressi ...)
- TODO: check
+ NOT-FOR-US: bit7z
CVE-2026-45380 (bit7z is a cross-platform C++ static library that allows the
compressi ...)
- TODO: check
+ NOT-FOR-US: bit7z
CVE-2026-45178 (Idira Secrets Manager Self-Hosted versions 13.8.0 and lower
exhibit im ...)
NOT-FOR-US: Palo Alto Networks
CVE-2026-45177 (Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit
improper ...)
@@ -544,7 +544,7 @@ CVE-2026-42568 (Yamcs is a mission control framework. Prior
to versions 5.13.0 a
CVE-2026-42558 (Xibo is an open source digital signage platform with a web
content man ...)
NOT-FOR-US: Xibo
CVE-2026-42542 (TDengine is an open source, time-series database optimized for
Interne ...)
- TODO: check
+ NOT-FOR-US: TDengine
CVE-2026-42462 (Fedify is a TypeScript library for building federated server
apps powe ...)
NOT-FOR-US: Fedify
CVE-2026-41856 (The Spring GraphQL annotation detection mechanism for
@Controller data ...)
@@ -584,7 +584,7 @@ CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM
Langflow is vulnerab
CVE-2026-3329 (A remote unauthenticated attacker may be able to conduct
credential-gu ...)
NOT-FOR-US: Sonatype
CVE-2026-38581 (SQL Injection vulnerability in damasac thaipalliative_lte
through vers ...)
- TODO: check
+ NOT-FOR-US: thaipalliative_lte
CVE-2026-35273 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2026-2827 (The Open User Map PRO plugin for WordPress is vulnerable to
Stored Cro ...)
@@ -596,7 +596,7 @@ CVE-2026-11986 (A flaw was found in the admin-ui-ext
component of Keycloak, whic
CVE-2026-11956 (A vulnerability was determined in TwiN gatus 5.36.0. Impacted
is the f ...)
NOT-FOR-US: TwiN gatus
CVE-2026-11945 (PostgreSQL Anonymizer contains a vulnerability that allows a
user to g ...)
- TODO: check
+ NOT-FOR-US: PostgreSQL Anonymizer
CVE-2026-11850 (An integer underflow vulnerability was found in MIT krb5 in
the berval ...)
- krb5 <unfixed> (bug #1139821)
[trixie] - krb5 <no-dsa> (Minor issue)
@@ -604,7 +604,7 @@ CVE-2026-11850 (An integer underflow vulnerability was
found in MIT krb5 in the
NOTE: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9206
NOTE:
https://github.com/krb5/krb5/commit/2a5fd83d4436583f2ddc0e193269a4d800ee45c4
CVE-2026-11839 (Unrestricted upload of file with dangerous type vulnerability
in Ba\u0 ...)
- TODO: check
+ NOT-FOR-US: Rotaban
CVE-2026-11816 (Keras versions prior to 3.14.0 are vulnerable to a path
traversal issu ...)
- keras <removed>
[bullseye] - keras <end-of-life> (out of security support for bullseye)
@@ -612,9 +612,9 @@ CVE-2026-11774 (An integer overflow flaw was found in the
SASL I/O layer of 389
- 389-ds-base <unfixed> (bug #1139809)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484916
CVE-2026-11604 (An incorrect buffer size calculation in the epoch key
generator in Ope ...)
- TODO: check
+ NOT-FOR-US: OpenVPN ovpn-dco for Windows
CVE-2026-11561 (Improper neutralization of special elements used in an
expression lang ...)
- TODO: check
+ NOT-FOR-US: Apinizer
CVE-2026-10847 (A local privilege escalation vulnerability exists in Check
Point Ident ...)
NOT-FOR-US: Check Point
CVE-2026-10795 (The UpdraftPlus: WP Backup & Migration Plugin plugin for
WordPress is ...)
@@ -674,7 +674,7 @@ CVE-2024-45636 (IBM Security QRadar EDR 3.12 through
3.12.24 stores user credent
CVE-2024-32110 (Cross-Site request forgery (CSRF) vulnerability in Magepeople
inc. WpE ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-21944 (Improper input validation for DIMM serial presence detect
(SPD) metada ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-40200 (Authorization bypass through User-Controlled key vulnerability
in Esse ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2023-33999 (Improper neutralization of input during web page generation
('cross-si ...)
@@ -943,7 +943,7 @@ CVE-2026-11859 (An HTML injection vulnerability in the
"fetch links" email sent
CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be
susceptible ...)
NOT-FOR-US: Symantec
CVE-2026-11596 (In ScreenConnect\u2122 versions prior to 26.2, input
validation within ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2026-11417 (OS command injection in the NodejsFunction local bundling
pipeline in ...)
NOT-FOR-US: Amazon
CVE-2026-10740 (Unbounded memory allocation in the CRYPTO frame reassembler in
s2n-qui ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2af7dcce43a19bb385539df299c142be30a517f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2af7dcce43a19bb385539df299c142be30a517f2
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
