[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 5 21:06:04 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c284ac7 by Salvatore Bonaccorso at 2026-06-05T22:05:03+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2026-9270 (DataDog::DogStatsd versions through 0.07 for Perl allow metric injecti ...)
- TODO: check
+ NOT-FOR-US: DataDog::DogStatsd Perl module
CVE-2026-9088 (A flaw was found in org.keycloak.services. An administrator with deleg ...)
TODO: check
CVE-2026-8914 (In Teltonika Networks RUTOS devices, running versions 7.22 through 7.2 ...)
- TODO: check
+ NOT-FOR-US: Teltonika Networks
CVE-2026-8714 (A denial-of-service vulnerability exists in the RTSP server component ...)
NOT-FOR-US: TPLink
CVE-2026-7763 (A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi ...)
- TODO: check
+ NOT-FOR-US: Morse Micro HaLowLink
CVE-2026-7762 (A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi- ...)
- TODO: check
+ NOT-FOR-US: Morse Micro HaLowLink
CVE-2026-7473 (On affected platforms running Arista EOS where a tunnel decapsulation ...)
NOT-FOR-US: Arista Networks
CVE-2026-6274 (Improper Authentication, Missing authentication for critical function, ...)
- TODO: check
+ NOT-FOR-US: Redline WR3200
CVE-2026-6209
REJECTED
CVE-2026-6208
@@ -29,31 +29,31 @@ CVE-2026-5411 (The WP Captcha PRO (the premium version of the Advanced Google re
CVE-2026-5066 (A potential out-of-bounds write/read exists in the TLS socket connect ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-50733 (Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by ev ...)
- TODO: check
+ NOT-FOR-US: Markdown Preview Enhanced
CVE-2026-50590 (In Mimecast Incydr before 2.6.0, arbitrary file access can occur.)
- TODO: check
+ NOT-FOR-US: Mimecast Incydr
CVE-2026-50589 (In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious us ...)
TODO: check
CVE-2026-50265 (A flaw was found in libinput. A local attacker with access to /dev/uin ...)
TODO: check
CVE-2026-50235 (Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vu ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50234 (Lyrion Music Server 9.2.0 contains a path traversal vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50233 (Lyrion Music Server 9.2.0 contains an arbitrary directory listing vuln ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50232 (Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulne ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50231 (Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-sit ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-50230 (Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross- ...)
- TODO: check
+ NOT-FOR-US: Lyrion Music Server
CVE-2026-49777 (Improper Validation of Specified Quantity in Input vulnerability in Sh ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-49493 (Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code bl ...)
- TODO: check
+ NOT-FOR-US: Markdown Preview Enhanced
CVE-2026-49492 (Markdown Preview Enhanced before 0.8.28 opens external files and links ...)
- TODO: check
+ NOT-FOR-US: Markdown Preview Enhanced
CVE-2026-48907 (A vulnerability in the JCE editor extension for Joomla allows the crea ...)
NOT-FOR-US: Joomla
CVE-2026-48579 (Improper authorization in Microsoft Exchange Online allows an unauthor ...)
@@ -65,69 +65,69 @@ CVE-2026-47655 (Exposure of sensitive information to an unauthorized actor in Mi
CVE-2026-47644 (Improper neutralization of special elements in output used by a downst ...)
NOT-FOR-US: Microsoft
CVE-2026-46511 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46496 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. A ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46399 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. T ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46396 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. A ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46395 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46394 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46393 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. A ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46392 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. P ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46391 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. S ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46390 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. S ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-46389 (UDS Identity Config builds the Keycloak configuration image (realm, pl ...)
- TODO: check
+ NOT-FOR-US: UDS Identity Config
CVE-2026-45750 (Termix is a web-based server management platform with SSH terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45749 (Termix is a web-based server management platform with SSH terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45748 (Termix is a web-based server management platform with SSH terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45746 (Termix is a web-based server management platform with SSH terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45745 (Termix is a web-based server management platform with SSH terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45744 (Termix is a web-based server management platform with SSH terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45743 (Termix is a web-based server management platform with SSH terminal, tu ...)
- TODO: check
+ NOT-FOR-US: Termix
CVE-2026-45497 (Improper neutralization of special elements used in a command ('comman ...)
NOT-FOR-US: Microsoft
CVE-2026-45327 (TinyIce is a streaming server for audio and video. In versions 0.8.95 ...)
- TODO: check
+ NOT-FOR-US: TinyIce
CVE-2026-45291 (Cloudburst Network provides network components used within Cloudburst ...)
- TODO: check
+ NOT-FOR-US: Cloudburst Network
CVE-2026-45290 (Cloudburst Network provides network components used within Cloudburst ...)
- TODO: check
+ NOT-FOR-US: Cloudburst Network
CVE-2026-42824 (Improper neutralization of special elements used in a command ('comman ...)
NOT-FOR-US: Microsoft
CVE-2026-41567 (Moby is an open source container framework. In versions prior to 29.5. ...)
TODO: check
CVE-2026-41522 (Iris is a web collaborative platform that helps incident responders sh ...)
- TODO: check
+ NOT-FOR-US: DFIR-IRIS
CVE-2026-41518 (Chartbrew is an open-source web application that can connect directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-41249 (CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 t ...)
- TODO: check
+ NOT-FOR-US: CoreShop
CVE-2026-38579 (Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damas ...)
- TODO: check
+ NOT-FOR-US: damasac thaipalliative_lte
CVE-2026-38500
REJECTED
CVE-2026-37737 (sanic-cors version 2.2.0 and prior contains an improper regular expres ...)
- TODO: check
+ NOT-FOR-US: sanic-cors
CVE-2026-36501 (An issue in the Externalizable.readExternal() component of Controller ...)
- TODO: check
+ NOT-FOR-US: OpenDayLight
CVE-2026-36500 (An issue in the cluster-admin:backup-datastore component of Controller ...)
- TODO: check
+ NOT-FOR-US: OpenDayLight
CVE-2026-2379 (On affected platforms with hardware IPSec support running Arista EOS w ...)
NOT-FOR-US: Arista Networks
CVE-2026-25659 (Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an I ...)
@@ -143,7 +143,7 @@ CVE-2026-21826 (HCL Digital Experience and HCL Digital Experience Compose could
CVE-2026-21825 (HCL Digital Experience Compose is affected by a reflected cross-site s ...)
NOT-FOR-US: HCL
CVE-2026-21404 (NAVTOR NavBox through version 4.16.1.20 contains hard-coded credential ...)
- TODO: check
+ NOT-FOR-US: NAVTOR NavBox
CVE-2026-21038 (Improper input validation in Samsung Android USB Driver for Windows pr ...)
NOT-FOR-US: Samsung Mobile
CVE-2026-21037 (Improper input validation in Samsung Members prior to version 5.8.01.5 ...)
@@ -177,15 +177,15 @@ CVE-2026-21017 (Improper handling of insufficient privileges in SecTelephonyProv
CVE-2026-20245 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...)
NOT-FOR-US: Cisco
CVE-2026-11369 (The Comment API (GET /api/Comment and POST /api/Comment) in the affect ...)
- TODO: check
+ NOT-FOR-US: linqi
CVE-2026-11362 (DataDog::DogStatsd versions through 0.07 for Perl allow metric injecti ...)
- TODO: check
+ NOT-FOR-US: DataDog::DogStatsd Perl module
CVE-2026-11347 (The linqi application contains hardcoded cryptographic keys. Additiona ...)
- TODO: check
+ NOT-FOR-US: linqi
CVE-2026-11346 (A Server-Side Request Forgery (SSRF) vulnerability in the custom proce ...)
- TODO: check
+ NOT-FOR-US: linqi
CVE-2026-11345 (An Improper Authentication vulnerability in the /api/Cdn/GetFile endpo ...)
- TODO: check
+ NOT-FOR-US: linqi
CVE-2026-11344 (A vulnerability was found in code-projects Vehicle Management System 1 ...)
NOT-FOR-US: code-projects
CVE-2026-11342 (A vulnerability has been found in code-projects Hotel and Tourism Rese ...)
@@ -197,27 +197,27 @@ CVE-2026-11339 (A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. Th
CVE-2026-11338 (A security vulnerability has been detected in SourceCodester Ship Ferr ...)
NOT-FOR-US: SourceCodester
CVE-2026-11337 (A vulnerability was found in tittuvarghese CollegeManagementSystem 3e4 ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11336 (A vulnerability has been found in tittuvarghese CollegeManagementSyste ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11335 (A flaw has been found in tittuvarghese CollegeManagementSystem 3e47633 ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11334 (A vulnerability was detected in tittuvarghese CollegeManagementSystem ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11333 (A security vulnerability has been detected in tittuvarghese CollegeMan ...)
- TODO: check
+ NOT-FOR-US: tittuvarghese CollegeManagementSystem
CVE-2026-11332 (A flaw was found in ansible-core. The ansible-galaxy role install comm ...)
TODO: check
CVE-2026-11330 (A weakness has been identified in thedotmack claude-mem up to 11.0.1. ...)
- TODO: check
+ NOT-FOR-US: thedotmack claude-mem
CVE-2026-11329 (A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affect ...)
- TODO: check
+ NOT-FOR-US: onnx onnx-mlir
CVE-2026-11326 (OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to w ...)
- TODO: check
+ NOT-FOR-US: OpenAI Atlas
CVE-2026-11322 (Hermes WebUI prior to v0.51.221 contains a path traversal vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-11312 (A vulnerability was found in bytedance InfiniStore up to 0.2.33. The i ...)
- TODO: check
+ NOT-FOR-US: bytedance InfiniStore
CVE-2026-11309 (Insufficient policy enforcement in History in Google Chrome prior to 1 ...)
TODO: check
CVE-2026-11308 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
@@ -1332,11 +1332,11 @@ CVE-2026-36175 (An issue in the U-Boot component of GNCC GP5 v7.1.76 allows phys
CVE-2026-36174 (GNCC GP5 v7.1.76 was discovered to store sensitive wireless network in ...)
NOT-FOR-US: GNCC GP5
CVE-2026-35906 (An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro ...)
- TODO: check
+ NOT-FOR-US: T3 Technology
CVE-2026-35905 (T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1 ...)
- TODO: check
+ NOT-FOR-US: T3 Technology
CVE-2026-35904 (Incorrect access control in the web management interface of T3 Technol ...)
- TODO: check
+ NOT-FOR-US: T3 Technology
CVE-2026-2596
REJECTED
CVE-2026-28318 (SolarWinds Serv-U is susceptible to specially crafted POST requests th ...)
@@ -1346,9 +1346,9 @@ CVE-2026-26825 (A use-of-uninitialized memory vulnerability exists in libxls 1.6
CVE-2026-26824 (libxls through version 1.6.3 contains a use of uninitialized memory vu ...)
TODO: check
CVE-2026-25551 (Seagull Software BarTender 2021 R1 through 12.0.1contains an insecure ...)
- TODO: check
+ NOT-FOR-US: Seagull Software BarTender
CVE-2026-25550 (Seagull Software BarTender 2010, 2016, and 2019 contain an unauthentic ...)
- TODO: check
+ NOT-FOR-US: Seagull Software BarTender
CVE-2026-22055 (Active IQ OneCollect version 2.7.3 contains hard-coded credentials tha ...)
NOT-FOR-US: NetApp
CVE-2026-22054 (Active IQ Config Advisor version 6.7.3 contains hard-coded credentials ...)
@@ -1673,33 +1673,33 @@ CVE-2026-36603 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909
CVE-2026-36602 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 disclo ...)
NOT-FOR-US: Mercusys
CVE-2026-36576 (An OS command injection vulnerability in the app.py component of openl ...)
- TODO: check
+ NOT-FOR-US: openlabs docker-wkhtmltopdf-aas
CVE-2026-36574 (A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2 ...)
- TODO: check
+ NOT-FOR-US: Wassimulator (GitHub) CactusViewer
CVE-2026-36460 (Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cr ...)
NOT-FOR-US: Dovestones Softwares ADPhonebook
CVE-2026-35085 (A remote attacker with user privileges can exploit a stack buffer over ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35084 (A remote attacker with user privileges can exploit a stack buffer over ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35083 (A remote attacker with user privileges can exploit a stack buffer over ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35082 (The ugw-logread method allows a remote attacker with user privileges t ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35081 (The ugw-logstop method allows a remote attacker with user privileges t ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35080 (The ugw-restoreinfo method allows a remote attacker with user privileg ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35079 (The ugw-restore method allows a remote attacker with user privileges t ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35078 (The ugw-logstop method allows a remote attacker with user privileges ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35077 (The ugw-delete-file method allows a remote attacker with user privileg ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35076 (The bac-scanresult method allows a remote attacker with user privilege ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-35075 (An unauthenticated remote attacker can recover a default, hard coded p ...)
- TODO: check
+ NOT-FOR-US: MBS
CVE-2026-26379 (Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) ...)
TODO: check
CVE-2026-26378 (Cross Site Scripting vulnerability in Koha 25.11 and before allows a r ...)
@@ -1709,7 +1709,7 @@ CVE-2026-20233 (A vulnerability in the web-based user interface of Cisco Webex M
CVE-2026-20230 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
NOT-FOR-US: Cisco
CVE-2026-20175 (A vulnerability in Cisco Finesse could allow an unauthenticated, remot ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-10729 (An HTML injection vulnerability in the notification email for "Slow Re ...)
TODO: check
CVE-2026-10722 (A vulnerability has been found in cilium ebpf up to 0.21.0. This affec ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c284ac78932ae0d3106f620e91a6d09058eb19c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c284ac78932ae0d3106f620e91a6d09058eb19c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260605/7b3fe66d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list