[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 12 16:37:08 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2af7dcce by Moritz Muehlenhoff at 2026-06-12T17:36:18+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -489,9 +489,9 @@ CVE-2026-46519 (mcp-server-kubernetes is a Model Context Protocol server for Kub
CVE-2026-45783 (libp2p is a JavaScript Implementation of libp2p networking stack. Prio ...)
NOT-FOR-US: Node libp2p
CVE-2026-45384 (bit7z is a cross-platform C++ static library that allows the compressi ...)
- TODO: check
+ NOT-FOR-US: bit7z
CVE-2026-45380 (bit7z is a cross-platform C++ static library that allows the compressi ...)
- TODO: check
+ NOT-FOR-US: bit7z
CVE-2026-45178 (Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit im ...)
NOT-FOR-US: Palo Alto Networks
CVE-2026-45177 (Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper ...)
@@ -544,7 +544,7 @@ CVE-2026-42568 (Yamcs is a mission control framework. Prior to versions 5.13.0 a
CVE-2026-42558 (Xibo is an open source digital signage platform with a web content man ...)
NOT-FOR-US: Xibo
CVE-2026-42542 (TDengine is an open source, time-series database optimized for Interne ...)
- TODO: check
+ NOT-FOR-US: TDengine
CVE-2026-42462 (Fedify is a TypeScript library for building federated server apps powe ...)
NOT-FOR-US: Fedify
CVE-2026-41856 (The Spring GraphQL annotation detection mechanism for @Controller data ...)
@@ -584,7 +584,7 @@ CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerab
CVE-2026-3329 (A remote unauthenticated attacker may be able to conduct credential-gu ...)
NOT-FOR-US: Sonatype
CVE-2026-38581 (SQL Injection vulnerability in damasac thaipalliative_lte through vers ...)
- TODO: check
+ NOT-FOR-US: thaipalliative_lte
CVE-2026-35273 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2026-2827 (The Open User Map PRO plugin for WordPress is vulnerable to Stored Cro ...)
@@ -596,7 +596,7 @@ CVE-2026-11986 (A flaw was found in the admin-ui-ext component of Keycloak, whic
CVE-2026-11956 (A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the f ...)
NOT-FOR-US: TwiN gatus
CVE-2026-11945 (PostgreSQL Anonymizer contains a vulnerability that allows a user to g ...)
- TODO: check
+ NOT-FOR-US: PostgreSQL Anonymizer
CVE-2026-11850 (An integer underflow vulnerability was found in MIT krb5 in the berval ...)
- krb5 <unfixed> (bug #1139821)
[trixie] - krb5 <no-dsa> (Minor issue)
@@ -604,7 +604,7 @@ CVE-2026-11850 (An integer underflow vulnerability was found in MIT krb5 in the
NOTE: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9206
NOTE: https://github.com/krb5/krb5/commit/2a5fd83d4436583f2ddc0e193269a4d800ee45c4
CVE-2026-11839 (Unrestricted upload of file with dangerous type vulnerability in Ba\u0 ...)
- TODO: check
+ NOT-FOR-US: Rotaban
CVE-2026-11816 (Keras versions prior to 3.14.0 are vulnerable to a path traversal issu ...)
- keras <removed>
[bullseye] - keras <end-of-life> (out of security support for bullseye)
@@ -612,9 +612,9 @@ CVE-2026-11774 (An integer overflow flaw was found in the SASL I/O layer of 389
- 389-ds-base <unfixed> (bug #1139809)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484916
CVE-2026-11604 (An incorrect buffer size calculation in the epoch key generator in Ope ...)
- TODO: check
+ NOT-FOR-US: OpenVPN ovpn-dco for Windows
CVE-2026-11561 (Improper neutralization of special elements used in an expression lang ...)
- TODO: check
+ NOT-FOR-US: Apinizer
CVE-2026-10847 (A local privilege escalation vulnerability exists in Check Point Ident ...)
NOT-FOR-US: Check Point
CVE-2026-10795 (The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is ...)
@@ -674,7 +674,7 @@ CVE-2024-45636 (IBM Security QRadar EDR 3.12 through 3.12.24 stores user credent
CVE-2024-32110 (Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpE ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-21944 (Improper input validation for DIMM serial presence detect (SPD) metada ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-40200 (Authorization bypass through User-Controlled key vulnerability in Esse ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2023-33999 (Improper neutralization of input during web page generation ('cross-si ...)
@@ -943,7 +943,7 @@ CVE-2026-11859 (An HTML injection vulnerability in the "fetch links" email sent
CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be susceptible ...)
NOT-FOR-US: Symantec
CVE-2026-11596 (In ScreenConnect\u2122 versions prior to 26.2, input validation within ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2026-11417 (OS command injection in the NodejsFunction local bundling pipeline in ...)
NOT-FOR-US: Amazon
CVE-2026-10740 (Unbounded memory allocation in the CRYPTO frame reassembler in s2n-qui ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2af7dcce43a19bb385539df299c142be30a517f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2af7dcce43a19bb385539df299c142be30a517f2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/8deb32a4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list