Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c4adeb6 by Salvatore Bonaccorso at 2026-06-24T22:46:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -227,13 +227,13 @@ CVE-2026-35025 (ProFTPD through 1.3.9b and 1.3.10rc2
contains an access control
CVE-2026-29034
REJECTED
CVE-2026-13164 (Missing Authentication for Critical Function (CWE-306) in the
Register ...)
- TODO: check
+ NOT-FOR-US: MailerUp
CVE-2026-13163 (Open redirect vulnerability (CWE-601) in the _safe_redirect
function o ...)
- TODO: check
+ NOT-FOR-US: MailerUp
CVE-2026-13150 (Server-Side Request Forgery (SSRF) (CWE-918) in the PDF
generation end ...)
- TODO: check
+ NOT-FOR-US: ccyl13 Pentestify
CVE-2026-13140 (Stored Cross-Site Scripting in the exposed AWS API key store
ofThinkst ...)
- TODO: check
+ NOT-FOR-US: Canarytokens
CVE-2026-12986 (A critical vulnerability in Admin GUI in Payara Server Full
4.x, 5.x, ...)
NOT-FOR-US: Payara
CVE-2026-12760 (A denial-of-service (DoS) vulnerability has been identified in
Tapo C2 ...)
@@ -251,11 +251,11 @@ CVE-2026-11877 (An unauthorized user can modify
configuration through API calls
CVE-2026-10745 (Improper output neutralization for logs vulnerability in
upKeeper Solu ...)
NOT-FOR-US: upKeeper Solutions
CVE-2025-71361 (picklescan before 0.0.29 fails to detect malicious
idlelib.calltip.Cal ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71354 (picklescan before 0.0.29 fails to detect malicious pickle
files that e ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71332 (Flowise through 2.2.7 contains a SQL injection vulnerability
in the im ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-53127 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 7.0.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
@@ -1992,7 +1992,7 @@ CVE-2026-10711 (Missing authentication for critical
function vulnerability in AK
CVE-2026-10609 (A missing authorization flaw was found in the OpenShift
Cluster Loggin ...)
NOT-FOR-US: OpenShift
CVE-2026-10521 (An high privileged remote attacker can access a hidden
configuration m ...)
- TODO: check
+ NOT-FOR-US: MB connect
CVE-2026-0864 (When using the "configparser" module to write configuration
files cont ...)
TODO: check
CVE-2025-71382 (MuPDF before 1.27.0-rc1 contains an uncontrolled recursion
vulnerabili ...)
@@ -2564,7 +2564,7 @@ CVE-2026-12725 (A heap-based buffer overflow was found in
dnsmasq. When DNSSEC v
CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM
Storage Pro ...)
NOT-FOR-US: IBM
CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions
prior t ...)
- TODO: check
+ NOT-FOR-US: Aruba ArubaSign
CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation
vulnerabilit ...)
NOT-FOR-US: Digiwin
CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site
Scripting v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c4adeb6e8ad5a075f62f717d84da836c2924e93
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c4adeb6e8ad5a075f62f717d84da836c2924e93
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits