Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05752999 by Salvatore Bonaccorso at 2026-06-15T21:35:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2026-9278 (The Form Builder CP WordPress plugin before
1.2.47 does not prope
CVE-2026-8935 (The WP MAPS PRO WordPress plugin before 6.1.1 registers an
unauthentic ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8683 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account
for att ...)
- TODO: check
+ NOT-FOR-US: Mattermost Desktop App
CVE-2026-8386 (The WP Go Maps WordPress plugin before 10.0.10 does not
perform any a ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8385 (The WP Go Maps WordPress plugin before 10.0.10 does not
properly enfo ...)
@@ -24,7 +24,7 @@ CVE-2026-8356 (LibreOffice can import presentations in the
legacy binary PPT for
- libreoffice <unfixed>
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-8356
CVE-2026-6517 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict
the al ...)
- TODO: check
+ NOT-FOR-US: Mattermost Desktop App
CVE-2026-6047 (LibreOffice can import documents in the OOXML format (DOCX). A
heap bu ...)
TODO: check
CVE-2026-6045 (LibreOffice can import EMF+ graphics, which may be embedded in
documen ...)
@@ -34,21 +34,21 @@ CVE-2026-6040 (A heap use-after-free existed when importing
the blank-width char
CVE-2026-6039 (LibreOffice can import drawings in the DXF format used by CAD
software ...)
TODO: check
CVE-2026-5482 (Responsive FileManager's allows an unauthenticatedattacker to
upload f ...)
- TODO: check
+ NOT-FOR-US: ResponsiveFilemanager
CVE-2026-5242 (Improper neutralization of formula elements in a CSV file
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Pizzy Library
CVE-2026-5233 (Improper Control of Interaction Frequency vulnerability in MIA
Technol ...)
- TODO: check
+ NOT-FOR-US: Pizzy Library
CVE-2026-5230 (Improper Access Control, Missing Authorization vulnerability in
MIA Te ...)
- TODO: check
+ NOT-FOR-US: Pizzy Library
CVE-2026-5079 (Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1
are vuln ...)
- TODO: check
+ NOT-FOR-US: Node multer
CVE-2026-5038 (Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and
3.0.0-alpha.1 ...)
- TODO: check
+ NOT-FOR-US: Node multer
CVE-2026-52704 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-50100 (Multiple printer drivers provided by Ricoh Company, Ltd. and
KONICA MI ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2026-49757 (Authentication Bypass by Spoofing vulnerability in
team-alembic AshAut ...)
TODO: check
CVE-2026-49294 (Valhalla is an open source routing engine and accompanying
libraries f ...)
@@ -66,31 +66,31 @@ CVE-2026-47777 (Mastodon is a free, open-source social
network server based on A
CVE-2026-44188 (A flaw was found in Ansible Lightspeed. This vulnerability,
related to ...)
TODO: check
CVE-2026-34030 (TheWertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34029 (TheWertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34028 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34027 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34026 (Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, con ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34025 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34024 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34023 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34022 (TheWertheim SafeController Family 65000, Controller 65000 -
AssemblyVe ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-34021 (The Wertheim SafeController 5400, Controller 5400 -
AssemblyVersion 6. ...)
- TODO: check
+ NOT-FOR-US: Wertheim SafeController Software
CVE-2026-20262 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
NOT-FOR-US: Cisco
CVE-2026-12057 (When the application executes the JavaScript script embedded
in the PD ...)
NOT-FOR-US: Foxit
CVE-2026-11860 (Quick.CMS deserializes user-controlled data received over
plaintext HT ...)
- TODO: check
+ NOT-FOR-US: Quick.CMS
CVE-2026-10634 (Zephyr's native TCP stack iterates the global connection list
in net_t ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-64215 (Missing Authorization vulnerability in StylemixThemes
MasterStudy LMS ...)
@@ -100,49 +100,49 @@ CVE-2025-15659 (Contributor Cross Site Scripting (XSS) in
Elizaibots <= 1.0.2 ve
CVE-2025-15658 (Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4
versions ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2019-25746 (WordPress Sliced Invoices 3.8.2 contains an authenticated SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2018-25437 (WordPress CherryFramework Themes 3.1.4 contains an information
disclos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2018-25436 (WordPress Plugin Baggage Freight Shipping Australia 0.1.0
contains an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20084 (WordPress appointment-booking-calendar 1.1.24 contains
multiple privil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20083 (WordPress More Fields Plugin 2.1 contains a cross-site request
forgery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20082 (WordPress Plugin Abtest contains a local file inclusion
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20081 (WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path
traversal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20080 (WordPress Brandfolder plugin version 3.0 and earlier contains
a local ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20079 (WordPress Dharma Booking 2.28.3 and earlier contains a local
file incl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20078 (WordPress IMDb Profile Widget 1.0.8 contains a local file
inclusion vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20077 (WordPress Plugin Photocart Link 1.6 contains a local file
inclusion vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20076 (WordPress Simple-Backup 2.7.11 contains multiple
vulnerabilities that ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20075 (WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary
file up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20074 (WordPress Lazy Content Slider Plugin 3.4 contains a cross-site
request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20073 (Answer My Question 1.3 plugin for WordPress contains an SQL
injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20072 (BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20071 (The 404 Redirection Manager plugin version 1.0 for WordPress
contains ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20070 (WordPress Booking Calendar Contact Form 1.0.23 contains
privilege esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20069 (WordPress Booking Calendar Contact Form 1.0.23 contains an
unauthentic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20068 (WordPress Booking Calendar Contact Form version 1.0.23
contains an una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20067 (WordPress CP Polls 1.0.8 contains a cross-site request forgery
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20066 (WordPress CP Polls 1.0.8 contains a persistent cross-site
scripting vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12205
- libcrypt-dsa-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004653/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05752999ec037cb05bffb2adafa55930d9005b03
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05752999ec037cb05bffb2adafa55930d9005b03
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
