[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 4 20:14:11 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7342e4de by security tracker role at 2026-06-04T19:14:05+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2026-8916 (Out-of-bounds write vulnerability in Samsung Open Source rlottie
CVE-2026-8762
REJECTED
CVE-2026-8653 (The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to gen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8037 (OS Command Injection Remote Code Execution Vulnerability in API in Pro ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7774 (tarfile.data_filter could be bypassed using crafted link entries, incl ...)
TODO: check
CVE-2026-7764 (An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel ...)
@@ -41,15 +41,15 @@ CVE-2026-50206 (Incoming VPN network profile settings fail to process special ch
CVE-2026-50205 (System log files output unencrypted SMTP server authentication passwor ...)
TODO: check
CVE-2026-50076 (Deserialization of Untrusted Data in the Java replace-resolve path in ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50033 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-4881 (In affected versions of Octopus Server, permissions were not checked c ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2026-4104 (Authorization bypass through User-Controlled SQL primary key vulnerabi ...)
TODO: check
CVE-2026-49771 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49510 (Integer overflow or wraparound vulnerability in Samsung Open Source rl ...)
TODO: check
CVE-2026-49204 (Leftover debug modules contain fixed credentials for internal AWS Cogn ...)
@@ -79,7 +79,7 @@ CVE-2026-49186 (The local MQTT broker does not enforce topic-level Access Contro
CVE-2026-49185 (The FieldX MDM adb messaging topic passes unverified payloads directly ...)
TODO: check
CVE-2026-49077 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48480 (The netty incubator codec.bhttp is a java language binary http parser. ...)
TODO: check
CVE-2026-48040 (The netty incubator codec.bhttp is a java language binary http parser. ...)
@@ -107,9 +107,9 @@ CVE-2026-45431 (This vulnerability exists in GX Earth ONT models due to improper
CVE-2026-45287 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to v ...)
TODO: check
CVE-2026-44682 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-44609 (Local privilege escalation due to EXE hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-43986 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
TODO: check
CVE-2026-43985 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
@@ -121,7 +121,7 @@ CVE-2026-43926 (FOSSBilling is a free, open-source billing and client management
CVE-2026-43924 (FOSSBilling is a free, open-source billing and client management syste ...)
TODO: check
CVE-2026-42061 (Local privilege escalation due to excessive permissions assigned to ch ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-41860 (CWE-326 in BOSH allows a local attacker to steal Basic-auth credential ...)
TODO: check
CVE-2026-41859 (A network man-in-the-middle between nats-sync and the BOSH director ca ...)
@@ -145,7 +145,7 @@ CVE-2026-41065 (Tautulli is a Python based monitoring and tracking tool for Plex
CVE-2026-41011 (PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = ...)
TODO: check
CVE-2026-41010 (ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', nam ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40898 (quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...)
TODO: check
CVE-2026-40605 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
@@ -153,7 +153,7 @@ CVE-2026-40605 (Tautulli is a Python based monitoring and tracking tool for Plex
CVE-2026-40495 (FOSSBilling is a free, open-source billing and client management syste ...)
TODO: check
CVE-2026-3820 (There is a vulnerability in the Supermicro BMC SMTP service at Superm ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2026-38570 (bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number ...)
TODO: check
CVE-2026-37700 (Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a rem ...)
@@ -181,7 +181,7 @@ CVE-2026-35904 (Incorrect access control in the web management interface of T3 T
CVE-2026-2596
REJECTED
CVE-2026-28318 (SolarWinds Serv-U is susceptible to specially crafted POST requests th ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2026-26825 (A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 whe ...)
TODO: check
CVE-2026-26824 (libxls through version 1.6.3 contains a use of uninitialized memory vu ...)
@@ -191,9 +191,9 @@ CVE-2026-25551 (Seagull Software BarTender 2021 R1 through 12.0.1contains an ins
CVE-2026-25550 (Seagull Software BarTender 2010, 2016, and 2019 contain an unauthentic ...)
TODO: check
CVE-2026-22055 (Active IQ OneCollect version 2.7.3 contains hard-coded credentials tha ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2026-22054 (Active IQ Config Advisor version 6.7.3 contains hard-coded credentials ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2026-10880 (OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the l ...)
TODO: check
CVE-2026-10868 (A mass assignment vulnerability exists in the MISP user edit functiona ...)
@@ -225,13 +225,13 @@ CVE-2026-10813 (A flaw has been found in LMCache up to 0.4.6. This affects the f
CVE-2026-10812 (A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affe ...)
TODO: check
CVE-2026-10811 (A security vulnerability has been detected in itsourcecode Fees Manage ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10810 (A weakness has been identified in itsourcecode Fees Management System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10809 (A security flaw has been discovered in itsourcecode Fees Management Sy ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10808 (A vulnerability was identified in itsourcecode Fees Management System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10807 (A vulnerability was determined in mjperpinosa stumasy. The impacted el ...)
TODO: check
CVE-2026-10806 (A vulnerability was found in mjperpinosa stumasy. The affected element ...)
@@ -241,7 +241,7 @@ CVE-2026-10805 (A flaw was found in NetworkManager. This local privilege escalat
CVE-2026-10804 (A vulnerability has been found in Streamlit up to 1.53.0. Impacted is ...)
TODO: check
CVE-2026-10803 (A flaw has been found in MLflow up to 3.10.0. This issue affects the f ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2026-10802 (A vulnerability was detected in keystonejs keystone up to 20260319. Th ...)
TODO: check
CVE-2026-10801 (A security vulnerability has been detected in modelscope ms-swift up t ...)
@@ -261,7 +261,7 @@ CVE-2026-10771 (A vulnerability was found in crmeb crmeb_java 1.4. Affected is t
CVE-2026-10766 (A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts ...)
TODO: check
CVE-2026-10737 (The SP Project & Document Manager plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10597 (OMICARD EDM developed by ITPison has a Insecure Direct Object Referenc ...)
TODO: check
CVE-2026-10305 (Out-of-bounds read vulnerability in Samsung Open Source rlottie allows ...)
@@ -279,23 +279,23 @@ CVE-2025-67446 (Improper Authentication (Authentication Bypass) exists in Neterb
CVE-2025-65640 (Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Re ...)
TODO: check
CVE-2025-62338 (The HCL BigFix Cloud Lifecycle Management is affected by Lack Of Input ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-59874 (HCL Hive Telco Observability is affected by a Required directives miss ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52612 (HCL iControl was affected by Export CSV - CSV Injection vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52611 (HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52609 (HCL iControl was affected by Missing Security Headers vulnerability. w ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52608 (HCL iControl was affected by Missing Cookie Attributes vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52606 (HCL iControl was affected by Weak Input Validation vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-46638 (Dell BSAFE SSL-J contains an allocation of resources without limits or ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-12694 (A local privilege escalation vulnerability exists in Forcepoint VPN Cl ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2019-25745 (WordPress Plugin Google Review Slider 6.1 contains a time-based blind ...)
TODO: check
CVE-2019-25744 (WordPress Popup Builder 3.49 contains a persistent cross-site scriptin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7342e4de8895e0c0283e3fcf8719a4fe91bf6650
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7342e4de8895e0c0283e3fcf8719a4fe91bf6650
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260604/69510cd7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list