Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d0f06141 by Salvatore Bonaccorso at 2026-07-14T07:13:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -423,51 +423,51 @@ CVE-2026-40467 (Use After Free vulnerability has been 
found in "io.c" program fi
        - gawk <unfixed>
        NOTE: Fixed by: 
https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=a2d18c74109e41bec29a23098eba2e00057286d8
 CVE-2026-26396 (OpenBMB XAgent v1.0.0 and before is vulnerable to path 
traversal in th ...)
-       TODO: check
+       NOT-FOR-US: OpenBMB XAgent
 CVE-2026-22103 (The NPC start endpoint on the web server at port 8090 is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-22102 (A POST request sent to a specific webserver endpoint can be 
used to wr ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-22100 (The OCPP DataTransfer message `ReserveLogin` is vulnerable to 
command  ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-22099 (The charging station does not require authentication for 
Bluetooth com ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-22098 (Various sensitive information such as passwords and charging 
card UIDs ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-22097 (The firmware update mechanism does not include cryptographic 
signature ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-22096 (The webserver running on port 8090 does not require 
authentication. Th ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-22095 (The network diagnosis endpoint on the web server at port 8090 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-22093 (The EVbee Service Android app uses TLS encrypted communication 
(HTTPS) ...)
-       TODO: check
+       NOT-FOR-US: DC-80
 CVE-2026-15584 (A privilege escalation vulnerability was found in the 
incluster-checks ...)
-       TODO: check
+       NOT-FOR-US: Red Hat OpenShift
 CVE-2026-15574 (A flaw was found in the vllm-orchestrator-gateway component. 
The syste ...)
-       TODO: check
+       NOT-FOR-US: Red Hat OpenShift
 CVE-2026-15559 (A vulnerability was detected in CodeAstro Simple Online Leave 
Manageme ...)
        NOT-FOR-US: CodeAstro
 CVE-2026-15558 (A security vulnerability has been detected in CodeAstro Simple 
Online  ...)
        NOT-FOR-US: CodeAstro
 CVE-2026-15557 (A weakness has been identified in waooAI waoowaoo up to 0.4.1. 
Affecte ...)
-       TODO: check
+       NOT-FOR-US: waooAI waoowaoo
 CVE-2026-15548 (A security vulnerability has been detected in Shibby Tomato up 
to 1.28 ...)
-       TODO: check
+       NOT-FOR-US: Shibby Tomato
 CVE-2026-15547 (A weakness has been identified in Shibby Tomato up to 
1.28.0000. This  ...)
-       TODO: check
+       NOT-FOR-US: Shibby Tomato
 CVE-2026-15546 (A security flaw has been discovered in Shibby Tomato up to 
1.28.0000.  ...)
-       TODO: check
+       NOT-FOR-US: Shibby Tomato
 CVE-2026-15545 (A vulnerability was identified in Shibby Tomato up to 
1.28.0000. Affec ...)
-       TODO: check
+       NOT-FOR-US: Shibby Tomato
 CVE-2026-15544 (A vulnerability was determined in Shibby Tomato up to 
1.28.0000. Affec ...)
-       TODO: check
+       NOT-FOR-US: Shibby Tomato
 CVE-2026-15543 (A vulnerability was found in Tenda CH22 1.0.0.1. This impacts 
the func ...)
        NOT-FOR-US: Tenda
 CVE-2026-15542 (A vulnerability has been found in will-moss Isaiah up to 
1.36.9. This  ...)
-       TODO: check
+       NOT-FOR-US: will-moss Isaiah
 CVE-2026-15541 (A flaw has been found in will-moss Isaiah up to 1.36.9. The 
impacted e ...)
-       TODO: check
+       NOT-FOR-US: will-moss Isaiah
 CVE-2026-15540 (A vulnerability was detected in SourceCodester Online Book 
Store Syste ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-14934 (A Missing Authorization vulnerability in the repository 
creation funct ...)
@@ -475,7 +475,7 @@ CVE-2026-14934 (A Missing Authorization vulnerability in 
the repository creation
 CVE-2026-14906 (Pages with malicious titles could potentially allow saved PDF 
content  ...)
        TODO: check
 CVE-2026-14846 (In version 8.2.1 of PrestaShop, there is a vulnerability 
relating to t ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2026-14453 (This vulnerability is a critical Server-Side Template 
Injection (SSTI) ...)
        NOT-FOR-US: Centreon
 CVE-2026-14165 (An Authorization Bypass Through User-Controlled Key 
vulnerability affe ...)
@@ -503,79 +503,79 @@ CVE-2026-9492 (The MBStorage DRAM lighting control module 
within Gigabyte Contro
 CVE-2026-7162 (Successful exploitation of the integer overflow vulnerability 
could al ...)
        NOT-FOR-US: WinFsp
 CVE-2026-15553 (Enterprise Cloud Database developed by Ragic has a Arbitrary 
File Uplo ...)
-       TODO: check
+       NOT-FOR-US: Ragic
 CVE-2026-15552 (Enterprise Cloud Database developed by Ragic has a Stored 
Cross-Site S ...)
-       TODO: check
+       NOT-FOR-US: Ragic
 CVE-2026-15551 (Integer overflow or wraparound vulnerability in Samsung Open 
Source rl ...)
        TODO: check
 CVE-2026-15539 (A security vulnerability has been detected in SourceCodester 
Online Bo ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-15538 (A weakness has been identified in primefaces primereact up to 
10.9.8.  ...)
-       TODO: check
+       NOT-FOR-US: primefaces primereact
 CVE-2026-15537 (A security flaw has been discovered in SourceCodester Online 
Book Stor ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-15536 (A vulnerability was identified in itsourcecode Hospital 
Management Sys ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-15535 (A vulnerability was determined in AkariAsai self-rag up to 
1fcdc420e48 ...)
-       TODO: check
+       NOT-FOR-US: AkariAsai self-rag
 CVE-2026-15533 (A security flaw has been discovered in DedeCMS 5.7.118. 
Impacted is an ...)
        NOT-FOR-US: DedeCMS
 CVE-2026-15532 (A vulnerability was identified in SourceCodester Online Book 
Store Sys ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-15531 (A vulnerability has been found in yashbhalgat HashNeRF-pytorch 
up to 8 ...)
-       TODO: check
+       NOT-FOR-US: yashbhalgat HashNeRF-pytorch
 CVE-2026-15530 (A flaw has been found in WuzhiCMS up to 4.1.0. Affected by 
this vulner ...)
-       TODO: check
+       NOT-FOR-US: WuzhiCMS
 CVE-2026-15529 (A vulnerability was detected in yzhao062 pyod 
3.5.0/3.5.1/3.5.2. Affec ...)
-       TODO: check
+       NOT-FOR-US: yzhao062 pyod
 CVE-2026-15528 (A vulnerability was found in lamaalrajih kicad-mcp up to 
3.3.1. This i ...)
-       TODO: check
+       NOT-FOR-US: lamaalrajih kicad-mcp
 CVE-2026-15527 (A vulnerability has been found in better-auth better-icons up 
to 1.0.5 ...)
-       TODO: check
+       NOT-FOR-US: better-auth better-icons
 CVE-2026-15526 (A flaw has been found in augmnt augments-mcp-server 7.1.0. 
This issue  ...)
-       TODO: check
+       NOT-FOR-US: augmnt augments-mcp-server
 CVE-2026-15525 (A vulnerability was detected in kLOsk adloop up to 0.9.0. This 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: kLOsk adloop
 CVE-2026-15524 (A security vulnerability has been detected in alioshr 
memory-bank-mcp  ...)
-       TODO: check
+       NOT-FOR-US: alioshr memory-bank-mcp
 CVE-2026-15523 (A weakness has been identified in CodeAstro Simple Online 
Leave Manage ...)
        NOT-FOR-US: CodeAstro
 CVE-2026-15522 (A security flaw has been discovered in tugcantopaloglu 
godot-mcp 2.0.0 ...)
-       TODO: check
+       NOT-FOR-US: tugcantopaloglu godot-mcp
 CVE-2026-15521 (A vulnerability was identified in makafeli 
n8n-workflow-builder up to  ...)
        NOT-FOR-US: n8n
 CVE-2026-15520 (A vulnerability was determined in GNU LibreDWG 
0.13.4-154-g0b573035. T ...)
        TODO: check
 CVE-2026-15519 (A vulnerability was found in usestrix strix up to 1.0.2. This 
affects  ...)
-       TODO: check
+       NOT-FOR-US: usestrix strix
 CVE-2026-15518 (A vulnerability has been found in AREA 17 Twill CMS up to 
3.6.0. The i ...)
-       TODO: check
+       NOT-FOR-US: AREA 17 Twill CMS
 CVE-2026-15517 (A flaw has been found in Jinher OA 1.0. The affected element 
is an unk ...)
-       TODO: check
+       NOT-FOR-US: Jinher OA
 CVE-2026-15516 (A vulnerability was detected in MacCMS Pro up to 
2022.1000.3005. Impac ...)
-       TODO: check
+       NOT-FOR-US: MacCMS Pro
 CVE-2026-15515 (A security vulnerability has been detected in Tencent PC 
Manager 18.1. ...)
-       TODO: check
+       NOT-FOR-US: Tencent PC Manager
 CVE-2026-15514 (A weakness has been identified in Metasoft 
\u7f8e\u7279\u8f6f\u4ef6 Me ...)
-       TODO: check
+       NOT-FOR-US: Metasoft
 CVE-2026-15513 (A security flaw has been discovered in Wavlink WL-NU516U1 
260515. This ...)
        NOT-FOR-US: Wavlink
 CVE-2026-15512 (A vulnerability was identified in pig-mesh Pig up to 3.9.2. 
Affected b ...)
-       TODO: check
+       NOT-FOR-US: pig-mesh Pig
 CVE-2026-15511 (A vulnerability was determined in Comfast CF-WR631AX V3 up to 
2.7.0.8. ...)
-       TODO: check
+       NOT-FOR-US: Comfast
 CVE-2026-15510 (A vulnerability was found in Leantime up to 3.8.0. Affected is 
the fun ...)
-       TODO: check
+       NOT-FOR-US: Leantime
 CVE-2026-15509 (A vulnerability has been found in Leantime up to 3.8.0. This 
impacts t ...)
-       TODO: check
+       NOT-FOR-US: Leantime
 CVE-2026-15508 (A flaw has been found in Helicone ai-gateway up to 
0.2.0-beta.30. This ...)
-       TODO: check
+       NOT-FOR-US: Helicone ai-gateway
 CVE-2026-15507 (A vulnerability was detected in coollabsio Coolify up to 
4.1.1. The im ...)
-       TODO: check
+       NOT-FOR-US: coollabsio Coolify
 CVE-2026-15506 (A security vulnerability has been detected in SecureAge 
CatchPulse up  ...)
-       TODO: check
+       NOT-FOR-US: SecureAge CatchPulse
 CVE-2026-15505 (A weakness has been identified in vnotex vnote up to 3.20.1. 
Impacted  ...)
-       TODO: check
+       NOT-FOR-US: vnotex vnote
 CVE-2026-12582 (The Library Management System WordPress plugin before 3.5.8 
does not s ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12397 (The WP Job Portal  WordPress plugin before 2.5.5 does not 
verify owner ...)
@@ -985,7 +985,7 @@ CVE-2026-34196 (Software installed and run as a 
non-privileged user may conduct
 CVE-2026-2354 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to 
arbitra ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-20744 (The charging station websocket endpoint accepts connections 
without  p ...)
-       TODO: check
+       NOT-FOR-US: Hydro-Quebec
 CVE-2026-1832 (The ThriveDesk \u2013 Live Chat, AI Chatbot, Helpdesk & 
Knowledge Base ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-1382 (The fresh Podcaster plugin for WordPress is vulnerable to 
Stored Cross ...)
@@ -1029,7 +1029,7 @@ CVE-2026-15072 (The KiviCare \u2013 Clinic & Patient 
Management System (EHR) plu
 CVE-2026-15010 (The bbp Style Pack plugin for WordPress is vulnerable to 
Stored Cross- ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-14480 (OpenPLC Runtime v3 contains an authenticated arbitrary file 
write  vul ...)
-       TODO: check
+       NOT-FOR-US: OpenPLC
 CVE-2026-14286
        REJECTED
 CVE-2026-14262 (The Simple JWT Login \u2013 Allows you to use JWT on REST 
endpoints. p ...)
@@ -1432,7 +1432,7 @@ CVE-2026-1946 (The GW AI Website Builder plugin for 
WordPress is vulnerable to u
 CVE-2026-1667 (The SEO Plugin by Squirrly SEO plugin for WordPress is 
vulnerable to A ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-15378 (A flaw was found in the `guardrails-detectors` component. This 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: guardrails-detectors
 CVE-2026-15377 (A vulnerability was determined in Eleveo Call Recording 
Software 9.7.0 ...)
        NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15376 (A vulnerability was found in Eleveo Call Recording Software 
9.7.0. Aff ...)
@@ -1446,7 +1446,7 @@ CVE-2026-15373 (A vulnerability was detected in Eleveo 
Call Recording Software 9
 CVE-2026-15146 (GNU Wget does not validate the IP address provided by an FTP 
PASV resp ...)
        TODO: check
 CVE-2026-15143 (A flaw was found in the file_type content detector of 
guardrails-detec ...)
-       TODO: check
+       NOT-FOR-US: guardrails-detectors
 CVE-2026-15104 (The BetterDocs \u2013 AI Documentation, Knowledge Base, Docs, 
Wikis, F ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-15028 (A flaw was found in libarchive. This vulnerability allows a 
remote att ...)
@@ -1698,19 +1698,19 @@ CVE-2026-15330 (A vulnerability was determined in 
zhayujie CowAgent up to 2.1.1.
 CVE-2026-15329 (A vulnerability was found in zhayujie CowAgent up to 2.1.0. 
This issue ...)
        NOT-FOR-US: zhayujie CowAgent
 CVE-2026-15326 (A vulnerability was identified in halo-dev halo up to 2.24.2. 
This aff ...)
-       TODO: check
+       NOT-FOR-US: Halo
 CVE-2026-15321 (A vulnerability was found in MyEMS up to 6.4.0. The affected 
element i ...)
        NOT-FOR-US: MyEMS
 CVE-2026-15320 (A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. 
This vuln ...)
-       TODO: check
+       NOT-FOR-US: Sipeed PicoClaw
 CVE-2026-15319 (A security vulnerability has been detected in Sipeed PicoClaw 
up to 0. ...)
-       TODO: check
+       NOT-FOR-US: Sipeed PicoClaw
 CVE-2026-15318 (A weakness has been identified in Sipeed PicoClaw up to 0.2.9. 
Affecte ...)
-       TODO: check
+       NOT-FOR-US: Sipeed PicoClaw
 CVE-2026-15317 (A security flaw has been discovered in Sipeed PicoClaw up to 
0.2.9. Af ...)
-       TODO: check
+       NOT-FOR-US: Sipeed PicoClaw
 CVE-2026-15311 (A vulnerability was identified in NousResearch hermes-agent up 
to 2026 ...)
-       TODO: check
+       NOT-FOR-US: NousResearch hermes-agent
 CVE-2026-15302 (The ARMember plugin for WordPress is vulnerable to Directory 
Traversal ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-15301 (The BuddyHolis TableSearch plugin for WordPress is vulnerable 
to Store ...)
@@ -1750,9 +1750,9 @@ CVE-2026-15283 (The WPvivid Backup for MainWP plugin for 
WordPress is vulnerable
 CVE-2026-15282 (The Instant Appointment plugin for WordPress is vulnerable to 
arbitrar ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-15276 (A flaw has been found in pdeljanov Symphonia up to 0.6.0. This 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: pdeljanov Symphonia
 CVE-2026-15274 (A vulnerability was detected in lo48576 fbxcel up to 0.9.0. 
This affec ...)
-       TODO: check
+       NOT-FOR-US: lo48576 fbxcel
 CVE-2026-15271 (A security vulnerability has been detected in TOTOLINK 
A3000RU, A3100R ...)
        NOT-FOR-US: TOTOLINK
 CVE-2026-15270 (A weakness has been identified in D-link DIR-823G 
1.0.2B05_20181207. A ...)
@@ -2984,35 +2984,35 @@ CVE-2026-29008 (U-Boot through 2026.04-rc3 contains an 
integer underflow vulnera
 CVE-2026-29007 (U-Boot through 2026.04-rc3 contains an out-of-bounds read 
vulnerabilit ...)
        TODO: check
 CVE-2026-24700 (An OS command injection vulnerability exists in the 
start_lltd() funct ...)
-       TODO: check
+       NOT-FOR-US: Cisco RV130/RV130W
 CVE-2026-24699 (An OS command injection vulnerability exists in the 
sub_34984() functi ...)
-       TODO: check
+       NOT-FOR-US: Cisco RV130/RV130W
 CVE-2026-24698 (An OS command injection vulnerability exists in the 
save_syslog_to_fil ...)
-       TODO: check
+       NOT-FOR-US: Cisco RV130/RV130W
 CVE-2026-24697 (An OS command injection vulnerability exists in the 
start_bonjour() fu ...)
-       TODO: check
+       NOT-FOR-US: Cisco RV130/RV130W
 CVE-2026-22927 (Omnissa Workspace ONE\xae Tunnel for Windows addresses a   
Local Privi ...)
        NOT-FOR-US: Omnissa
 CVE-2026-15067 (Snowflake Terraform Provider versions prior to 2.18.0 contain 
several  ...)
-       TODO: check
+       NOT-FOR-US: Snowflake Terraform Provider
 CVE-2026-15063 (A flaw was found in the gorch service template, which is part 
of the t ...)
        TODO: check
 CVE-2026-15062 (SQL injection vulnerabilities in the Snowflake Snowpark Python 
SDK (sn ...)
-       TODO: check
+       NOT-FOR-US: Snowflake Snowpark Python SDK
 CVE-2026-15053 (Tanium addressed a denial of service vulnerability in Tanium 
Server.)
        NOT-FOR-US: Tanium
 CVE-2026-15044 (A flaw was found in the TrustyAI Service Operator. When 
deploying serv ...)
-       TODO: check
+       NOT-FOR-US: TrustyAI Service Operator
 CVE-2026-15041 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256 
password v ...)
        TODO: check
 CVE-2026-15036 (A vulnerability was determined in Harness up to 2.28.2. This 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Harness
 CVE-2026-15035 (A vulnerability was found in bentoml OpenLLM 0.6.30. This 
affects the  ...)
-       TODO: check
+       NOT-FOR-US: bentoml OpenLLM
 CVE-2026-15034 (A vulnerability has been found in flask-dashboard 
Flask-MonitoringDash ...)
        TODO: check
 CVE-2026-15033 (A flaw has been found in christopherthielen 
check-peer-dependencies up ...)
-       TODO: check
+       NOT-FOR-US: christopherthielen check-peer-dependencies
 CVE-2026-14967 (BBOT's `github_workflows` module could be induced to write a 
downloade ...)
        TODO: check
 CVE-2026-14966 (BBOT's unarchive module rejects archives containing symlink 
entries be ...)
@@ -3377,7 +3377,7 @@ CVE-2026-36163 (An HTML injection vulnerability in the 
file view endpoint of Liq
 CVE-2026-36162 (An authenticated stored cross-site scripting (XSS) 
vulnerability in th ...)
        NOT-FOR-US: LiquidFiles
 CVE-2026-28378 (The public dashboard deletion endpoint does not enforce 
organization i ...)
-       TODO: check
+       NOT-FOR-US: Grafana Labs
 CVE-2026-23698 (Vtiger CRM through 8.4.0 contains an authenticated remote code 
executi ...)
        NOT-FOR-US: Vtiger CRM
 CVE-2026-23697 (Vtiger CRM before 8.4.0 contains an authenticated file upload 
vulnerab ...)
@@ -3398,9 +3398,9 @@ CVE-2026-14935 (A logic vulnerability was found in 
GStreamer's webrtcbin compone
 CVE-2026-14904 (AWS Research and Engineering Studio (RES) is an open-source 
solution t ...)
        NOT-FOR-US: Amazon
 CVE-2026-14868 (The encryption algorithm used to protect the configuration of 
user acc ...)
-       TODO: check
+       NOT-FOR-US: PcVue
 CVE-2026-14867 (Credentials of built-in users are insecurely stored in the 
User direct ...)
-       TODO: check
+       NOT-FOR-US: PcVue
 CVE-2026-14500 (The Bulk Order Update for WooCommerce plugin for WordPress is 
vulnerab ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-14495 (The DoLogin Security plugin for WordPress is vulnerable to 
Authenticat ...)
@@ -3935,7 +3935,7 @@ CVE-2026-14536 (Improper enforcement of a mandatory 
multi-factor authentication
 CVE-2026-14471 (Improper Neutralization of Special Elements in the 
metrics-service ret ...)
        NOT-FOR-US: Amazon
 CVE-2026-14468 (HashiCorp Terraform Enterprise contained an issue in its 
version contr ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Terraform Enterprise
 CVE-2026-14345 (The WPFunnels \u2013 Funnel Builder for WooCommerce with 
Checkout & On ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13356 (A malicious webpage could interrupt a pending navigation by 
enqueuing  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0f06141a98557d9a6008a7f010dc5ac0683eb90

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0f06141a98557d9a6008a7f010dc5ac0683eb90
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to