Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3343b50d by security tracker role at 2026-06-12T19:14:46+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2026-9641 (Crypt::PBKDF2 versions before 0.261630 for
Perl have a weak defau
CVE-2026-9638 (Crypt::PBKDF2 versions before 0.261630 for Perl generate
insecure rand ...)
TODO: check
CVE-2026-9266 (A Missing Required Cryptographic Step vulnerability has been
identifie ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-8828 (A lack of authorization validation in version 1.0.0 or later of
the Ch ...)
TODO: check
CVE-2026-8694 (Improper access control in Devolutions PowerShell Universal
2026.1.7 a ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-7387 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x
<= 10. ...)
TODO: check
CVE-2026-7368 (The Yarbo cloud does not enforce per-device or per-user
authorization. ...)
@@ -41,11 +41,11 @@ CVE-2026-53981 (Cap-go prior to 12.128.2 contains an
account takeover vulnerabil
CVE-2026-53787 (Amasty Order Attributes for Magento 2 before version 4.0.0
contains an ...)
TODO: check
CVE-2026-53726 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-53725 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-53724 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-53722 (Nuxt is an open-source web development framework for Vue.js.
Prior to ...)
TODO: check
CVE-2026-53721 (Nuxt is an open-source web development framework for Vue.js.
From vers ...)
@@ -53,31 +53,31 @@ CVE-2026-53721 (Nuxt is an open-source web development
framework for Vue.js. Fro
CVE-2026-53568 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
TODO: check
CVE-2026-53408 (Improper Authorization in Handler for Custom URL Scheme in
Zoom Workpl ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-53407 (Improper Authorization in Handler for Custom URL Scheme in
Zoom Workpl ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-53406 (Insufficient Verification of Data Authenticity in Remote
Control for Z ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-50645 (There is no restriction on the amount of attachment headers
that a mes ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50634 (A vulnerability in Apache CXF'sJwsJsonContainerRequestFilter
can be ex ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50633 (A JNDI Injection vulnerability has been discovered in Apache
CXF's JCA ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50632 (A further incomplete fix fora previous advisory
CVE-2026-44417(Untrust ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50631 (A race condition in AbstractOAuthDataProvider allows
concurrent reques ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50630 (A CRLF injection vulnerability exists in the OAuth2
AuthorizationUtils ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50629 (The 'clientId' parameter from incoming HTTP requests is
directly conca ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50628 (A logic error in OAuthRequestFilter rejects legitimate
requests origin ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50627 (The JwtAccessTokenValidator class in Apache CXF fails to
validate the ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50623 (An authentication bypass vulnerability exists in the OAuth2
TokenIntro ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50560 (Netty is a network application framework for development of
protocol s ...)
TODO: check
CVE-2026-50244 (The Naxclow platform exposes a registration endpoint that
accepts sign ...)
@@ -119,11 +119,11 @@ CVE-2026-50010 (Netty is a network application framework
for development of prot
CVE-2026-50009 (Netty is a network application framework for development of
protocol s ...)
TODO: check
CVE-2026-50008 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-49993 (Nuxt is an open-source web development framework for Vue.js.
In @nuxt/ ...)
TODO: check
CVE-2026-49875 (Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory
classes ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49347 (Quest Bot is an opensource Discord Bot. Prior to version
1.1.8, any us ...)
TODO: check
CVE-2026-48914 (A flaw was found in QEMU's virtio-blk device. The issue arises
because ...)
@@ -141,13 +141,13 @@ CVE-2026-48043 (Netty is a network application framework
for development of prot
CVE-2026-48006 (Netty is a network application framework for development of
protocol s ...)
TODO: check
CVE-2026-47965 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47739 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
TODO: check
CVE-2026-47691 (Netty is a network application framework for development of
protocol s ...)
TODO: check
CVE-2026-47248 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-47244 (Netty is a network application framework for development of
protocol s ...)
TODO: check
CVE-2026-47236 (Solidtime is an open-source time-tracking app. Prior to
version 0.12.2 ...)
@@ -187,7 +187,7 @@ CVE-2026-47140 (vm2 is an open source vm/sandbox for
Node.js. Prior to version 3
CVE-2026-47139 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
TODO: check
CVE-2026-47138 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-47137 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
TODO: check
CVE-2026-47135 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
@@ -267,7 +267,7 @@ CVE-2026-12065 (A vulnerability was identified in Groww
Stock, Mutual Fund, Gold
CVE-2026-12058 (The connection confirmation pop-up of a specific feature in
the PcSuit ...)
TODO: check
CVE-2026-12043 (Improper handling of HPACK dynamic table size updates in the
AWS Commo ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-11967 (MobaXterm Personal Edition (Portable), in its 26.3 version
(Build 5154 ...)
TODO: check
CVE-2026-11879 (MobaXterm Personal Edition (Portable), in its 26.3 version
(Build 5154 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3343b50d0b54698b57642f437f0e103f66be3c9b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3343b50d0b54698b57642f437f0e103f66be3c9b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
