Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eed9a905 by Moritz Muehlenhoff at 2026-06-22T16:08:59+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -526,25 +526,25 @@ CVE-2026-11576 (The security fix for CVE-2025-0728 in
eclipse-threadx NetX Duo r
CVE-2025-71326 (AVAST Antivirus 25.11 contains an unquoted service path
vulnerability ...)
NOT-FOR-US: AVAST Antivirus
CVE-2025-62821 (Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds
read bec ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-54357 (Joomla com_booking component 2.4.9 contains an information
disclosure ...)
- TODO: check
+ NOT-FOR-US: Joomla! addon
CVE-2023-54353 (Chromacam 4.0.3.0 contains an unquoted service path
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Chromacam
CVE-2022-50971 (Malwarebytes 4.5 contains an unquoted service path
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2021-47985 (Brother SAPSprint 7.60 contains an unquoted service path
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Brother
CVE-2020-37254 (Wondershare PDFelement 5.2.9 contains a privilege escalation
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Wondershare
CVE-2020-37253 (Winstep 18.06.0096 contains an unquoted service path
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Winstep
CVE-2020-37252 (Realtek Audio Service 1.0.0.55 contains an unquoted service
path vulne ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-37251 (RealTimes Desktop Service 18.1.4 contains an unquoted service
path vul ...)
- TODO: check
+ NOT-FOR-US: RealTimes
CVE-2020-37250 (TFTP Broadband 4.3.0.1465 contains an unquoted service path
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: TFTP Broadband
CVE-2019-25762 (Joomla! Component JoomProject 1.1.3.2 contains an information
disclosu ...)
NOT-FOR-US: Joomla! addon
CVE-2019-25761 (Joomla! Component JoomCRM 1.1.1 contains an SQL injection
vulnerabilit ...)
@@ -576,7 +576,7 @@ CVE-2019-25749 (Joomla J-CruisePortal 6.0.4 contains an SQL
injection vulnerabil
CVE-2019-25748 (Joomla JHotelReservation 6.0.7 contains an SQL injection
vulnerability ...)
NOT-FOR-US: Joomla! addon
CVE-2019-25747 (Network Inventory Advisor 5.0.26.0 installs the niaservice
service wit ...)
- TODO: check
+ NOT-FOR-US: Network Inventory Advisor
CVE-2017-20282 (Joomla! Component jCart for OpenCart 2.0 contains an SQL
injection vul ...)
NOT-FOR-US: Joomla! addon
CVE-2017-20281 (Joomla! Component Extra Search 2.2.8 contains an SQL injection
vulnera ...)
@@ -640,27 +640,27 @@ CVE-2017-20253 (Joomla! Component My Projects 2.0
contains an SQL injection vuln
CVE-2017-20252 (Joomla NextGen Editor 2.1.0 contains an SQL injection
vulnerability th ...)
NOT-FOR-US: Joomla! addon
CVE-2016-20095 (Matrix42 Remote Control Host 3.20.0031 contains an unquoted
service pa ...)
- TODO: check
+ NOT-FOR-US: Matrix42 Remote Control Host
CVE-2016-20094 (AnyDesk 2.5.0 contains an unquoted service path vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: AnyDesk
CVE-2016-20093 (Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted
service ...)
- TODO: check
+ NOT-FOR-US: Wise
CVE-2016-20092 (NetDrive 2.6.12 contains an unquoted service path
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NetDrive
CVE-2016-20091 (Windows Firewall Control 4.8.6.0 contains an unquoted service
path vul ...)
- TODO: check
+ NOT-FOR-US: Windows Firewall Control
CVE-2016-20090 (Comodo Dragon Browser versions up to 52.15.25.663 contain a
privilege ...)
- TODO: check
+ NOT-FOR-US: Comodo
CVE-2016-20089 (Iperius Remote 1.7.0 contains an unquoted service path
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Iperius Remote
CVE-2016-20088 (Comodo Chromodo Browser 52.15.25.664 contains an unquoted
service path ...)
- TODO: check
+ NOT-FOR-US: Comodo
CVE-2016-20087 (Fortitude HTTP 1.0.4.0 contains an unquoted service path
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Fortitude HTTP
CVE-2016-20086 (Vembu StoreGrid 4.0 contains an unquoted service path
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Vembu StoreGrid
CVE-2016-20085 (Realtek High Definition Audio Driver 6.0.1.6730 contains an
unquoted s ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2026-55568
- guzzle 7.12.1-1
[trixie] - guzzle <no-dsa> (Minor issue)
@@ -1410,7 +1410,7 @@ CVE-2026-53870 (Hermes Agent before 0.16.0 creates
response_store.db and webhook
CVE-2026-53869 (Hermes Agent before 0.16.0 contains a DNS rebinding
vulnerability in W ...)
NOT-FOR-US: Hermes Agent
CVE-2026-53805 (NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an
unauthentica ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-52716 (Unauthenticated Arbitrary File Deletion in WorkScout-Core <=
1.7.11 ve ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-52707 (Unauthenticated Local File Inclusion in Kastell <= 2.0
versions.)
@@ -1475,7 +1475,7 @@ CVE-2026-48117 (DroneAware is a drone detection platform.
The centralized DroneA
CVE-2026-47340 (Allow authenticated users to access alert instances associated
with al ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-47103 (Python StateMachine versions 3.0.0 before 3.2.0 contains a
remote code ...)
- TODO: check
+ NOT-FOR-US: Python StateMachine
CVE-2026-45436 (Subscriber Broken Access Control in WPBakery Page Builder <=
8.7.2 ver ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-42629 (Unauthenticated Broken Authentication in PowerPack Pro for
Elementor < ...)
@@ -1736,15 +1736,15 @@ CVE-2026-11525 (Impact: When undici parses a Set-Cookie
header, it accepts any S
- node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m
CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX
Gateway Fabr ...)
- TODO: check
+ NOT-FOR-US: NGINX Gateway Fabric
CVE-2026-10850 (Plane CE 1.3.1 allows a low-privileged project member to
submit arbitr ...)
NOT-FOR-US: Plane
CVE-2026-10839 (Open redirection vulnerability in the authentication system
allows an ...)
- TODO: check
+ NOT-FOR-US: Password Manager
CVE-2026-10837 (Open redirection vulnerability due to insufficient validation
of the X ...)
- TODO: check
+ NOT-FOR-US: Password Manager
CVE-2026-10836 (Improper handling of HTTP headers that allows a remote
attacker to man ...)
- TODO: check
+ NOT-FOR-US: Password Manager
CVE-2026-10641 (Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free
role pa ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10094 (A Path Traversal vulnerability affecting SOLIDWORKS Visualize
from SOL ...)
@@ -3933,7 +3933,7 @@ CVE-2026-37216 (Ruoyi 4.8.2 is vulnerable to Cross Site
Scripting (XSS) at the i
CVE-2026-36933 (An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a
physical ...)
NOT-FOR-US: Boyleep K11, y108 firmware
CVE-2026-36670 (A Time-Based Blind SQL Injection vulnerability in the
alias_management ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS Control Panel
CVE-2026-36537 (ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass
during ...)
NOT-FOR-US: ThingsBoard
CVE-2026-36521 (PublicCMS V5.202506.d has a Cross Site Scripting (XSS)
vulnerability i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed9a905f3dbf474e537505f026d0ba180d09091
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed9a905f3dbf474e537505f026d0ba180d09091
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits