[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 10 05:05:57 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a5e0c57d by Salvatore Bonaccorso at 2026-06-10T06:05:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,13 +8,13 @@ CVE-2026-44235
- librabbitmq 0.16.0-1
NOTE: https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-9mmv-r8g3-qp46
CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process to exec ...)
- TODO: check
+ NOT-FOR-US: Logseq
CVE-2026-9213 (A vulnerability inthe affectedNETGEAR gaming routers allowsattackers w ...)
NOT-FOR-US: Netgear
CVE-2026-9212 (Insufficient authentication and input validation in thelisted NETGEAR ...)
NOT-FOR-US: Netgear
CVE-2026-9211 (An unauthenticated user on the local network can gain control of the r ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-9210 (Insufficient input validation vulnerability in thelisted NETGEAR model ...)
NOT-FOR-US: Netgear
CVE-2026-8863 (Multiple version of UEFI SHIM bootloaders are vulnerable to SecureBoo ...)
@@ -28,17 +28,17 @@ CVE-2026-8365 (The Blocksy theme for WordPress is vulnerable to PHP Object Injec
CVE-2026-8045 (CWE-611 Improper Restriction of XML External Entity Reference vulnerab ...)
NOT-FOR-US: Schneider Electric
CVE-2026-8025 (Improper neutralization of special elements used in an SQL command ('S ...)
- TODO: check
+ NOT-FOR-US: CBS Platform
CVE-2026-7542 (The Slider Revolution plugin for WordPress is vulnerable to Sensitive ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7486 (Improper neutralization of special elements used in an SQL command ('S ...)
- TODO: check
+ NOT-FOR-US: E-Imar
CVE-2026-6899 (Check for certificate revocation only considers the first matching CRL ...)
- TODO: check
+ NOT-FOR-US: S2OPC library
CVE-2026-5068 (A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-52902 (A path traversal vulnerability was found in awxkit, the CLI tool for A ...)
- TODO: check
+ NOT-FOR-US: awxkit
CVE-2026-50636 (The RemoteControl API methods invite_participants and remind_participa ...)
TODO: check
CVE-2026-50635 (LimeSurvey constructs account password-reset links from the client-sup ...)
@@ -54,17 +54,17 @@ CVE-2026-50507 (Protection mechanism failure in Windows BitLocker allows an unau
CVE-2026-4058 (The User Frontend: AI Powered Frontend Posting, User Directory, Profil ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49959 (Hermes WebUI before version 0.51.311 contains a remote code execution ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49958 (Hermes WebUI before version 0.51.303 contains a time-of-check time-of- ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49957 (Hermes WebUI before version 0.51.269 contains a workspace boundary byp ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49956 (Hermes WebUI before version 0.51.269 contains a profile isolation bypa ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49955 (Hermes WebUI before version 0.51.270 contains a resource exhaustion vu ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49948 (Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missin ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-49938 (A improper access control vulnerability in Fortinet FortiPortal 7.4.0 ...)
NOT-FOR-US: Fortinet
CVE-2026-49848 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
@@ -240,11 +240,11 @@ CVE-2026-47936 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and e
CVE-2026-47935 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier ...)
NOT-FOR-US: Adobe
CVE-2026-47901 (Logseq is vulnerable to a sandbox escape flaw where plugins running in ...)
- TODO: check
+ NOT-FOR-US: Logseq
CVE-2026-47900 (Logseq is vulnerable to a stored cross-site scripting (XSS). A malicio ...)
- TODO: check
+ NOT-FOR-US: Logseq
CVE-2026-47899 (The Electron preload script in Logseq exposes an API method that allow ...)
- TODO: check
+ NOT-FOR-US: Logseq
CVE-2026-47656 (Protection mechanism failure in Windows Boot Manager allows an authori ...)
NOT-FOR-US: Microsoft
CVE-2026-47654 (Heap-based buffer overflow in Remote Desktop Client allows an unauthor ...)
@@ -318,7 +318,7 @@ CVE-2026-46747 (A vulnerability has been identified in SINEC INS (All versions <
CVE-2026-46746 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...)
NOT-FOR-US: Siemens
CVE-2026-46492 (md-fileserver allows for local viewing of markdown files in a browser. ...)
- TODO: check
+ NOT-FOR-US: md-fileserver
CVE-2026-45771 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
TODO: check
CVE-2026-45658 (Protection mechanism failure in Windows BitLocker allows an unauthoriz ...)
@@ -614,13 +614,13 @@ CVE-2026-42829 (Improper access control in Windows Administrator Protection allo
CVE-2026-42828 (Buffer over-read in Windows Projected File System Filter Driver allows ...)
NOT-FOR-US: Microsoft
CVE-2026-42599 (Svelte is a performance oriented web framework. Prior to version 5.55. ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-42573 (Svelte is a performance oriented web framework. Prior to version 5.55. ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-42570 (Svelte devalue is a JavaScript library that serializes values into str ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-42567 (Svelte is a performance oriented web framework. From version 5.51.5 to ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-41986 (Logic bypass vulnerability in the file system. Impact: Successful expl ...)
NOT-FOR-US: Huawei
CVE-2026-41985 (UAF vulnerability in the package management module.Impact: Successful ...)
@@ -652,7 +652,7 @@ CVE-2026-41098 (Improper neutralization of input during web page generation ('cr
CVE-2026-41092 (Improper access control in Microsoft Kinect allows an authorized attac ...)
NOT-FOR-US: Microsoft
CVE-2026-41031 (A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor V ...)
- TODO: check
+ NOT-FOR-US: Vinna Process Monitor
CVE-2026-40639 (Dell Client Platform BIOS contains a Weak Encoding for Password vulner ...)
NOT-FOR-US: Dell / EMC
CVE-2026-40409 (Windows Universal Disk Format File System Driver (UDFS) Elevation of P ...)
@@ -664,11 +664,11 @@ CVE-2026-40376 (Improper input validation in Visual Studio Code allows an unauth
CVE-2026-40371 (Improper handling of insufficient permissions or privileges in Microso ...)
NOT-FOR-US: Microsoft
CVE-2026-3088 (Unauthenticated users on the local network can cause the router to bec ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-39170 (SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via craf ...)
- TODO: check
+ NOT-FOR-US: SemCms
CVE-2026-39169 (SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.)
- TODO: check
+ NOT-FOR-US: SemCms
CVE-2026-38615 (DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_con ...)
NOT-FOR-US: DedeCMS
CVE-2026-36823 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovere ...)
@@ -748,25 +748,25 @@ CVE-2026-36771 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0
CVE-2026-36770 (Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was disc ...)
NOT-FOR-US: Tenda
CVE-2026-36728 (A markdown based cross-site scripting (XSS) vulnerability in the AI as ...)
- TODO: check
+ NOT-FOR-US: FastapiAdmin
CVE-2026-36727 (An insecure authentication vulnerability in the /api/social-sign-in en ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36726 (An arbitrary file deletion vulnerability in the /api/delete-temp-licen ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36725 (A markdown based cross-site scripting (XSS) vulnerability in the /syst ...)
- TODO: check
+ NOT-FOR-US: FastapiAdmin
CVE-2026-36724 (An uncaught exception in the /application/job/update/{id} endpoint of ...)
- TODO: check
+ NOT-FOR-US: FastapiAdmin
CVE-2026-36723 (An unrestricted file rename vulnerability in the /api/create-user comp ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36722 (An authenticated arbitrary file upload vulnerability in the /api/creat ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36721 (A lack of cryptographic signature verification in the validateAccessTo ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36720 (Insecure permissions in bookcars v8.3 allows authenticated attackers t ...)
- TODO: check
+ NOT-FOR-US: bookcars
CVE-2026-36719 (An information disclosure vulnerability in the /api/v1/user/info endpo ...)
- TODO: check
+ NOT-FOR-US: AgentChat
CVE-2026-34905 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-34708 (InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based ...)
@@ -820,15 +820,15 @@ CVE-2026-33113 (Improper neutralization of input during web page generation ('cr
CVE-2026-32193 (Improper limitation of a pathname to a restricted directory ('path tra ...)
NOT-FOR-US: Microsoft
CVE-2026-30141 (An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overf ...)
- TODO: check
+ NOT-FOR-US: bitbank2 AnimatedGIF
CVE-2026-2638 (A vulnerability in the quarantine and restore workflow of the X-VPN ma ...)
- TODO: check
+ NOT-FOR-US: X-VPNmacOS website
CVE-2026-28301 (A vulnerability in which an attacker can provide a crafted external UR ...)
NOT-FOR-US: SolarWinds
CVE-2026-28262 (Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Lin ...)
NOT-FOR-US: Dell / EMC
CVE-2026-28237 (Unrestricted resource allocation in AMD uProf may be exploitable to co ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-26142 (Deserialization of untrusted data in Nuance PowerScribe allows an unau ...)
NOT-FOR-US: Microsoft
CVE-2026-25699 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
@@ -844,11 +844,11 @@ CVE-2026-24181 (NVIDIA DALI contains a vulnerability in a component where an att
CVE-2026-24180 (NVIDIA DALI contains a vulnerability in a component where an attacker ...)
NOT-FOR-US: NVIDIA
CVE-2026-24065 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local ...)
- TODO: check
+ NOT-FOR-US: Waves Central for macOS
CVE-2026-24064 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local ...)
- TODO: check
+ NOT-FOR-US: Waves Central for macOS
CVE-2026-22926 (Omnissa Workspace ONE\xae Assist for macOS contains a Local Privilege ...)
- TODO: check
+ NOT-FOR-US: Omnissa
CVE-2026-11793 (A stack buffer overflow flaw was found in 389 Directory Server. The ch ...)
TODO: check
CVE-2026-11792 (A heap buffer overflow flaw was found in 389 Directory Server. When au ...)
@@ -880,19 +880,19 @@ CVE-2026-10523 (An Authentication Bypass vulnerability (CWE-288)in IvantiSentry
CVE-2026-10520 (An OS Command Injection vulnerabilityin IvantiSentry beforetheR10.5.2, ...)
NOT-FOR-US: Ivanti
CVE-2026-10045 (Shenzhen Kangda Xin Intelligent Network Technology Company's router, m ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Kangda Xin Intelligent Network Technology Company router
CVE-2026-0466 (Improper access control in AMD uProf may allow a local attacker with u ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2026-0420 (An improper implementation of TLS certificate validation vulnerability ...)
NOT-FOR-US: Netgear
CVE-2026-0419 (Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802 ...)
NOT-FOR-US: Netgear
CVE-2026-0418 (Insufficient configuration management in the listed devicesallows auth ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0417 (Insufficient input validation vulnerability in NETGEARdevicesallows au ...)
NOT-FOR-US: Netgear
CVE-2026-0416 (Authenticated administrators connected to the local network can modify ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0415 (Insufficient input validation vulnerability in thelisted NETGEAR model ...)
NOT-FOR-US: Netgear
CVE-2026-0414 (Insufficient input validation vulnerability in thelisted NETGEAR model ...)
@@ -904,7 +904,7 @@ CVE-2026-0412 (Insufficient input validation vulnerability in NETGEAR JR6150 (AC
CVE-2026-0411 (An information disclosure vulnerability in theNETGEAROrbi satellites c ...)
NOT-FOR-US: Netgear
CVE-2026-0410 (Authenticated administrators connected to the local network can gain ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0409 (ANETGEARsecurity issue that could allow an attacker with ability to in ...)
NOT-FOR-US: Netgear
CVE-2025-67862 (An Internal Asset Exposed to Unsafe Debug Access Level or State vulner ...)
@@ -920,7 +920,7 @@ CVE-2025-55657 (A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs functi
CVE-2025-55651 (A NULL pointer dereference in the gf_isom_get_user_data_count function ...)
TODO: check
CVE-2025-54509 (Improper access control for register interface in the input-output mem ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-52293 (A segmentation violaton in the gf_hevc_read_sps_bs_internal function ( ...)
TODO: check
CVE-2025-52292 (A stack buffer overflow in the filein_process function (in_file.c) of ...)
@@ -928,35 +928,35 @@ CVE-2025-52292 (A stack buffer overflow in the filein_process function (in_file.
CVE-2025-40808 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
NOT-FOR-US: Siemens
CVE-2023-43688 (An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-1 ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2023-43686 (An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-1 ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2017-20251 (WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20250 (Mac Photo Gallery 3.0 contains a path traversal vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: Mac Photo Gallery
CVE-2017-20249 (Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Apptha Slider Gallery
CVE-2017-20248 (Apptha Slider Gallery 1.0 contains a path traversal vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Apptha Slider Gallery
CVE-2017-20247 (WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20246 (KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20245 (Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20244 (Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20243 (WordPress Car Park Booking Plugin version 13 October 17 contains a tim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20065 (Product Catalog 8 1.2 plugin for WordPress contains an SQL injection v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20064 (WP Vault 0.8.6.6 contains a local file inclusion vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20063 (Single Personal Message 1.0.3 contains an SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-20062 (Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-45446 (Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1357,7 +1357,7 @@ CVE-2026-11583 (A vulnerability has been found in CodeAstro Student Attendance M
CVE-2026-11582 (A flaw has been found in CodeAstro Student Attendance Management Syste ...)
NOT-FOR-US: CodeAstro
CVE-2026-11572 (Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3. ...)
- TODO: check
+ NOT-FOR-US: degit
CVE-2026-10862 (The Accordions plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10738 (The jQuery Hover Footnotes plugin for WordPress is vulnerable to Store ...)
@@ -353464,7 +353464,7 @@ CVE-2023-29148
CVE-2023-29147 (In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the det ...)
NOT-FOR-US: Malwarebytes EDR
CVE-2023-29146 (The utility functions used by Malwarebytes EDR 1.0.11 on Linux for cal ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure w ...)
NOT-FOR-US: Malwarebytes EDR
CVE-2023-29144 (Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in s ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5e0c57dd166d029ecda2ee33ba8b02f6e924146
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5e0c57dd166d029ecda2ee33ba8b02f6e924146
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/51dca055/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list