[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 5 20:14:27 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6925334f by security tracker role at 2026-06-05T19:14:21+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2026-9088 (A flaw was found in org.keycloak.services. An administrator with
CVE-2026-8914 (In Teltonika Networks RUTOS devices, running versions 7.22 through 7.2 ...)
TODO: check
CVE-2026-8714 (A denial-of-service vulnerability exists in the RTSP server component ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-7763 (A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi ...)
TODO: check
CVE-2026-7762 (A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi- ...)
TODO: check
CVE-2026-7473 (On affected platforms running Arista EOS where a tunnel decapsulation ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2026-6274 (Improper Authentication, Missing authentication for critical function, ...)
TODO: check
CVE-2026-6209
@@ -21,13 +21,13 @@ CVE-2026-6208
CVE-2026-6207
REJECTED
CVE-2026-5589 (An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solic ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-5415 (The WP Captcha PRO (the premium version of the Advanced Google reCAPTC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5411 (The WP Captcha PRO (the premium version of the Advanced Google reCAPTC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5066 (A potential out-of-bounds write/read exists in the TLS socket connect ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-50733 (Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by ev ...)
TODO: check
CVE-2026-50590 (In Mimecast Incydr before 2.6.0, arbitrary file access can occur.)
@@ -49,21 +49,21 @@ CVE-2026-50231 (Lyrion Music Server 9.2.0 contains an unauthenticated stored cro
CVE-2026-50230 (Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross- ...)
TODO: check
CVE-2026-49777 (Improper Validation of Specified Quantity in Input vulnerability in Sh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49493 (Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code bl ...)
TODO: check
CVE-2026-49492 (Markdown Preview Enhanced before 0.8.28 opens external files and links ...)
TODO: check
CVE-2026-48907 (A vulnerability in the JCE editor extension for Joomla allows the crea ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48579 (Improper authorization in Microsoft Exchange Online allows an unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48567 (Authentication bypass by spoofing in Azure HorizonDB allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47655 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47644 (Improper neutralization of special elements in output used by a downst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-46511 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. P ...)
TODO: check
CVE-2026-46496 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. A ...)
@@ -101,7 +101,7 @@ CVE-2026-45744 (Termix is a web-based server management platform with SSH termin
CVE-2026-45743 (Termix is a web-based server management platform with SSH terminal, tu ...)
TODO: check
CVE-2026-45497 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45327 (TinyIce is a streaming server for audio and video. In versions 0.8.95 ...)
TODO: check
CVE-2026-45291 (Cloudburst Network provides network components used within Cloudburst ...)
@@ -109,7 +109,7 @@ CVE-2026-45291 (Cloudburst Network provides network components used within Cloud
CVE-2026-45290 (Cloudburst Network provides network components used within Cloudburst ...)
TODO: check
CVE-2026-42824 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41567 (Moby is an open source container framework. In versions prior to 29.5. ...)
TODO: check
CVE-2026-41522 (Iris is a web collaborative platform that helps incident responders sh ...)
@@ -129,53 +129,53 @@ CVE-2026-36501 (An issue in the Externalizable.readExternal() component of Contr
CVE-2026-36500 (An issue in the cluster-admin:backup-datastore component of Controller ...)
TODO: check
CVE-2026-2379 (On affected platforms with hardware IPSec support running Arista EOS w ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2026-25659 (Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an I ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2026-25658 (Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an I ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2026-25657 (Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an I ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2026-21837 (HCL Digital Experience is affected by an OS command injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21826 (HCL Digital Experience and HCL Digital Experience Compose could be sus ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21825 (HCL Digital Experience Compose is affected by a reflected cross-site s ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21404 (NAVTOR NavBox through version 4.16.1.20 contains hard-coded credential ...)
TODO: check
CVE-2026-21038 (Improper input validation in Samsung Android USB Driver for Windows pr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21037 (Improper input validation in Samsung Members prior to version 5.8.01.5 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21036 (Improper authorization in Samsung Internet prior to version 30.0.0.39 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21035 (Improper input validation in Samsung Plus TV prior to version 1.0.28.6 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21034 (Improper export of android application components in Samsung Auto prio ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21033 (Improper export of android application components in ExpressHomeWidget ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21032 (Improper export of android application components in SmartHomeWidgetRe ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21031 (Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21030 (Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21029 (Improper export of android application components in Galaxy Editing Se ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21028 (Improper access control in AuditLogService prior to SMR Jun-2026 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21027 (Improper export of android application components in ImsSettings prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21026 (Improper export of android application components in SpriteWallpaper p ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21025 (Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Rele ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21017 (Improper handling of insufficient privileges in SecTelephonyProvider p ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20245 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-11369 (The Comment API (GET /api/Comment and POST /api/Comment) in the affect ...)
TODO: check
CVE-2026-11362 (DataDog::DogStatsd versions through 0.07 for Perl allow metric injecti ...)
@@ -187,15 +187,15 @@ CVE-2026-11346 (A Server-Side Request Forgery (SSRF) vulnerability in the custom
CVE-2026-11345 (An Improper Authentication vulnerability in the /api/Cdn/GetFile endpo ...)
TODO: check
CVE-2026-11344 (A vulnerability was found in code-projects Vehicle Management System 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-11342 (A vulnerability has been found in code-projects Hotel and Tourism Rese ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-11341 (A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted el ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-11339 (A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affe ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-11338 (A security vulnerability has been detected in SourceCodester Ship Ferr ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-11337 (A vulnerability was found in tittuvarghese CollegeManagementSystem 3e4 ...)
TODO: check
CVE-2026-11336 (A vulnerability has been found in tittuvarghese CollegeManagementSyste ...)
@@ -1075,15 +1075,15 @@ CVE-2026-10881 (Out of bounds read and write in ANGLE in Google Chrome prior to
CVE-2026-10879 (DBI versions before 1.648 for Perl have a heap overflow when preparsin ...)
TODO: check
CVE-2026-10878 (A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affecte ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-10877 (A security vulnerability has been detected in SourceCodester Ship Ferr ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10876 (A weakness has been identified in SourceCodester Ship Ferry Ticket Res ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10875 (A security flaw has been discovered in projectworlds Online Art Galler ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-10874 (A vulnerability was identified in projectworlds Online Art Gallery Sho ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-10873 (A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is ...)
TODO: check
CVE-2026-10872 (A vulnerability was found in Shibby Tomato 1.28.0000. This issue affec ...)
@@ -1095,33 +1095,33 @@ CVE-2026-10870 (A flaw has been found in Shibby Tomato 1.28.0000. This affects t
CVE-2026-10732 (All versions of the package decompress are vulnerable to Arbitrary Fil ...)
TODO: check
CVE-2026-10586 (The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Block ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10580 (The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8873 (On affected platforms running Arista EOS with IPsec configured, a spec ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-71318 (NetMan 204 fails to enforce authentication on its administrative pages ...)
TODO: check
CVE-2025-71317 (NetMan 204 contains a hard-coded backdoor account with the username an ...)
TODO: check
CVE-2025-5090 (CVX is not resilient to unexpected messages from a connected switch. T ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-5089 (In a CVX cluster, an EOS switch connected to a CVX server is not resil ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-5088 (An authenticated Redis session could be used to obtain full root acces ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-59174 (Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2024-6858 (In Arista\u2019s EOS when in 802.1X mode, multi-auth unauthenticated h ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2024-27892 (Affected platforms running Arista EOS with OpenConfig configured, a gN ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2024-27891 (On affected platforms running Arista EOS with MACsec and egress ACLs c ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2024-27890 (Affected platforms running Arista EOS with OpenConfig configured, a gN ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2023-5502 (On affected platforms running Arista EOS with 802.1x authentication co ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2026-50593 (Graphite before 1.3.15 has an integer underflow and resultant out-of-b ...)
- graphite2 1.3.15-2
NOTE: Fixed by: https://github.com/silnrsi/graphite/commit/ad78c6b7319909e1540c1b134e115ced03417866 (1.3.15)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6925334f50b29fcebfc7a18c59b897466ca76844
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6925334f50b29fcebfc7a18c59b897466ca76844
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260605/98c74d8a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list