Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c9351eb0 by security tracker role at 2026-06-19T19:14:46+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2026-9143 (There is an incorrect conversion between numeric types
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2026-9142 (There is an insecure default credentials vulnerability in NI
grpc-devi ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2026-8296 (In affected versions of Octopus Server with certain access
levels it w ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2026-6798 (The 2Download Connector for 2DL Hosted Checkout plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-56211 (A remote code execution vulnerability was found in libaom, the
referen ...)
TODO: check
CVE-2026-56210 (A heap-buffer-overflow read vulnerability was found in libaom,
the ref ...)
@@ -15,31 +15,31 @@ CVE-2026-56209 (An arbitrary address write vulnerability
was found in libaom, th
CVE-2026-56208 (A heap buffer overflow vulnerability was found in libaom, the
referenc ...)
TODO: check
CVE-2026-56142 (In JetBrains Hub before 2026.1.13757, 2025.3.148033,
2025.2.148048, 20 ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-56141 (In JetBrains Hub before 2026.1.13757, 2025.3.148033,
2025.2.148048, 20 ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-56138 (AIL framework contains a path traversal vulnerability in the
/objects/ ...)
TODO: check
CVE-2026-53915 (In JetBrains GoLand before 2026.1.3 remote code execution was
possible ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-51846 (In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route
/goform ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51845 (Tenda AC7 v15.03.06.44 contains a stack buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51844 (Tenda AC7 v15.03.06.44 contains a stack buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51843 (Tenda AC7 v15.03.06.44 contains a stack buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-50242 (In JetBrains Hub before 2026.1.13757, 2025.3.148033,
2025.2.148048, 20 ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-4027 (A security vulnerability has been identified in FlexNet Manager
Suite ...)
TODO: check
CVE-2026-4026 (A security vulnerability has been identified in FlexNet Manager
Suite ...)
TODO: check
CVE-2026-49872 (Improper Authentication vulnerability in Apache APISIX. When
the cas- ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49871 (Cross-Site Request Forgery (CSRF) vulnerability in the
cas-auth plugin ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49359 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
TODO: check
CVE-2026-49358 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
@@ -67,65 +67,65 @@ CVE-2026-49271 (libheif is a HEIF and AVIF file format
decoder and encoder. Prio
CVE-2026-49260 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
TODO: check
CVE-2026-49231 (Authentication Bypass by Spoofing vulnerability in opa plugin.
An att ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49230 (Improper Validation of Integrity Check Value vulnerability in
Apache A ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-48895 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in A ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-48141 (There is a memory leak in NI grpc-device BeginSidebandStream
that may ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2026-48140 (There is an unchecked enum cast vulnerability in NI
grpc-device BeginS ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2026-48139 (There is a NULL pointer dereference vulnerability in NI
grpc-device in ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2026-48138 (There is an out-of-bounds read vulnerability in the NI
grpc-device str ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2026-48137 (There is an untrusted pointer dereference vulnerability in the
NI grpc ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2026-47341 (Authentication Bypass by Capture-replay vulnerability in
Apache APISIX ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-47339 (Incorrect Authorization vulnerability in Apache APISIX. An
attacker c ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46461 (Dell Server Hardware Manager, versions prior to 3.2.2,
contains an Imp ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-44939 (A command injection vulnerability in the Rancher Manager
cluster befor ...)
TODO: check
CVE-2026-44915 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in A ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44087 (Insufficient Verification of Data Authenticity vulnerability
in Apache ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44046 (Use of Less Trusted Source vulnerability in Apache APISIX.
Attacker c ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-41156 (Software installed and run as a non-privileged user may
conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-3640 (The STRABL \u2013 A checkout solution plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-39999 (Authentication Bypass by Spoofing vulnerability in Apache
APISIX. The ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-39998 (Improper Input Validation vulnerability in Apache APISIX. The
attacke ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-34192 (Software installed and run as a non-privileged user may
conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-21768 (The compose-rich-editor library (v1.0.0-rc14) used in HCL
Verse for An ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-12706 (A use-after-free vulnerability was found in FFmpeg's RASC
video decode ...)
TODO: check
CVE-2026-12622 (The GridTime 3000 GNSS Time Server has an open redirect
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2026-12621 (Improper neutralization of input during web page generation
XSS vulne ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2026-12620 (The GridTime 3000 GNSS Time Server leaks the access token in
the URL p ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2026-12619 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2026-12238 (The WP Go Maps \u2013 Most Popular Map Plugin plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12104 (OS command injection in the environment and tunnel
configuration funct ...)
TODO: check
CVE-2026-11941 (Cloudflare Quiche was affected by 2 use-after-free
vulnerabilities in ...)
TODO: check
CVE-2026-11576 (The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo
refacto ...)
- TODO: check
+ NOT-FOR-US: Eclipse
CVE-2025-71326 (AVAST Antivirus 25.11 contains an unquoted service path
vulnerability ...)
TODO: check
CVE-2025-62821 (Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds
read bec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9351eb064764ff5a0179ed3979803abce064b5e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9351eb064764ff5a0179ed3979803abce064b5e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
