[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 22 15:09:19 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eed9a905 by Moritz Muehlenhoff at 2026-06-22T16:08:59+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -526,25 +526,25 @@ CVE-2026-11576 (The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo r
CVE-2025-71326 (AVAST Antivirus 25.11 contains an unquoted service path vulnerability ...)
NOT-FOR-US: AVAST Antivirus
CVE-2025-62821 (Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read bec ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-54357 (Joomla com_booking component 2.4.9 contains an information disclosure ...)
- TODO: check
+ NOT-FOR-US: Joomla! addon
CVE-2023-54353 (Chromacam 4.0.3.0 contains an unquoted service path vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Chromacam
CVE-2022-50971 (Malwarebytes 4.5 contains an unquoted service path vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2021-47985 (Brother SAPSprint 7.60 contains an unquoted service path vulnerability ...)
- TODO: check
+ NOT-FOR-US: Brother
CVE-2020-37254 (Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Wondershare
CVE-2020-37253 (Winstep 18.06.0096 contains an unquoted service path vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Winstep
CVE-2020-37252 (Realtek Audio Service 1.0.0.55 contains an unquoted service path vulne ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-37251 (RealTimes Desktop Service 18.1.4 contains an unquoted service path vul ...)
- TODO: check
+ NOT-FOR-US: RealTimes
CVE-2020-37250 (TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerabil ...)
- TODO: check
+ NOT-FOR-US: TFTP Broadband
CVE-2019-25762 (Joomla! Component JoomProject 1.1.3.2 contains an information disclosu ...)
NOT-FOR-US: Joomla! addon
CVE-2019-25761 (Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerabilit ...)
@@ -576,7 +576,7 @@ CVE-2019-25749 (Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerabil
CVE-2019-25748 (Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability ...)
NOT-FOR-US: Joomla! addon
CVE-2019-25747 (Network Inventory Advisor 5.0.26.0 installs the niaservice service wit ...)
- TODO: check
+ NOT-FOR-US: Network Inventory Advisor
CVE-2017-20282 (Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vul ...)
NOT-FOR-US: Joomla! addon
CVE-2017-20281 (Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnera ...)
@@ -640,27 +640,27 @@ CVE-2017-20253 (Joomla! Component My Projects 2.0 contains an SQL injection vuln
CVE-2017-20252 (Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability th ...)
NOT-FOR-US: Joomla! addon
CVE-2016-20095 (Matrix42 Remote Control Host 3.20.0031 contains an unquoted service pa ...)
- TODO: check
+ NOT-FOR-US: Matrix42 Remote Control Host
CVE-2016-20094 (AnyDesk 2.5.0 contains an unquoted service path vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: AnyDesk
CVE-2016-20093 (Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service ...)
- TODO: check
+ NOT-FOR-US: Wise
CVE-2016-20092 (NetDrive 2.6.12 contains an unquoted service path vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NetDrive
CVE-2016-20091 (Windows Firewall Control 4.8.6.0 contains an unquoted service path vul ...)
- TODO: check
+ NOT-FOR-US: Windows Firewall Control
CVE-2016-20090 (Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege ...)
- TODO: check
+ NOT-FOR-US: Comodo
CVE-2016-20089 (Iperius Remote 1.7.0 contains an unquoted service path vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Iperius Remote
CVE-2016-20088 (Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path ...)
- TODO: check
+ NOT-FOR-US: Comodo
CVE-2016-20087 (Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability ...)
- TODO: check
+ NOT-FOR-US: Fortitude HTTP
CVE-2016-20086 (Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Vembu StoreGrid
CVE-2016-20085 (Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted s ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2026-55568
- guzzle 7.12.1-1
[trixie] - guzzle <no-dsa> (Minor issue)
@@ -1410,7 +1410,7 @@ CVE-2026-53870 (Hermes Agent before 0.16.0 creates response_store.db and webhook
CVE-2026-53869 (Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in W ...)
NOT-FOR-US: Hermes Agent
CVE-2026-53805 (NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthentica ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-52716 (Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 ve ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-52707 (Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.)
@@ -1475,7 +1475,7 @@ CVE-2026-48117 (DroneAware is a drone detection platform. The centralized DroneA
CVE-2026-47340 (Allow authenticated users to access alert instances associated with al ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-47103 (Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code ...)
- TODO: check
+ NOT-FOR-US: Python StateMachine
CVE-2026-45436 (Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 ver ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-42629 (Unauthenticated Broken Authentication in PowerPack Pro for Elementor < ...)
@@ -1736,15 +1736,15 @@ CVE-2026-11525 (Impact: When undici parses a Set-Cookie header, it accepts any S
- node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m
CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX Gateway Fabr ...)
- TODO: check
+ NOT-FOR-US: NGINX Gateway Fabric
CVE-2026-10850 (Plane CE 1.3.1 allows a low-privileged project member to submit arbitr ...)
NOT-FOR-US: Plane
CVE-2026-10839 (Open redirection vulnerability in the authentication system allows an ...)
- TODO: check
+ NOT-FOR-US: Password Manager
CVE-2026-10837 (Open redirection vulnerability due to insufficient validation of the X ...)
- TODO: check
+ NOT-FOR-US: Password Manager
CVE-2026-10836 (Improper handling of HTTP headers that allows a remote attacker to man ...)
- TODO: check
+ NOT-FOR-US: Password Manager
CVE-2026-10641 (Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role pa ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10094 (A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOL ...)
@@ -3933,7 +3933,7 @@ CVE-2026-37216 (Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the i
CVE-2026-36933 (An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physical ...)
NOT-FOR-US: Boyleep K11, y108 firmware
CVE-2026-36670 (A Time-Based Blind SQL Injection vulnerability in the alias_management ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS Control Panel
CVE-2026-36537 (ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during ...)
NOT-FOR-US: ThingsBoard
CVE-2026-36521 (PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed9a905f3dbf474e537505f026d0ba180d09091
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed9a905f3dbf474e537505f026d0ba180d09091
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/05a3448f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list