[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 22 15:09:19 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eed9a905 by Moritz Muehlenhoff at 2026-06-22T16:08:59+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -526,25 +526,25 @@ CVE-2026-11576 (The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo r
 CVE-2025-71326 (AVAST Antivirus 25.11 contains an unquoted service path vulnerability  ...)
 	NOT-FOR-US: AVAST Antivirus
 CVE-2025-62821 (Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read bec ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-54357 (Joomla com_booking component 2.4.9 contains an information disclosure  ...)
-	TODO: check
+	NOT-FOR-US: Joomla! addon
 CVE-2023-54353 (Chromacam 4.0.3.0 contains an unquoted service path vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Chromacam
 CVE-2022-50971 (Malwarebytes 4.5 contains an unquoted service path vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: Malwarebytes
 CVE-2021-47985 (Brother SAPSprint 7.60 contains an unquoted service path vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Brother
 CVE-2020-37254 (Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Wondershare
 CVE-2020-37253 (Winstep 18.06.0096 contains an unquoted service path vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Winstep
 CVE-2020-37252 (Realtek Audio Service 1.0.0.55 contains an unquoted service path vulne ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2020-37251 (RealTimes Desktop Service 18.1.4 contains an unquoted service path vul ...)
-	TODO: check
+	NOT-FOR-US: RealTimes
 CVE-2020-37250 (TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: TFTP Broadband
 CVE-2019-25762 (Joomla! Component JoomProject 1.1.3.2 contains an information disclosu ...)
 	NOT-FOR-US: Joomla! addon
 CVE-2019-25761 (Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerabilit ...)
@@ -576,7 +576,7 @@ CVE-2019-25749 (Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerabil
 CVE-2019-25748 (Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability ...)
 	NOT-FOR-US: Joomla! addon
 CVE-2019-25747 (Network Inventory Advisor 5.0.26.0 installs the niaservice service wit ...)
-	TODO: check
+	NOT-FOR-US: Network Inventory Advisor
 CVE-2017-20282 (Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vul ...)
 	NOT-FOR-US: Joomla! addon
 CVE-2017-20281 (Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnera ...)
@@ -640,27 +640,27 @@ CVE-2017-20253 (Joomla! Component My Projects 2.0 contains an SQL injection vuln
 CVE-2017-20252 (Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability th ...)
 	NOT-FOR-US: Joomla! addon
 CVE-2016-20095 (Matrix42 Remote Control Host 3.20.0031 contains an unquoted service pa ...)
-	TODO: check
+	NOT-FOR-US: Matrix42 Remote Control Host
 CVE-2016-20094 (AnyDesk 2.5.0 contains an unquoted service path vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: AnyDesk
 CVE-2016-20093 (Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service ...)
-	TODO: check
+	NOT-FOR-US: Wise
 CVE-2016-20092 (NetDrive 2.6.12 contains an unquoted service path vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: NetDrive
 CVE-2016-20091 (Windows Firewall Control 4.8.6.0 contains an unquoted service path vul ...)
-	TODO: check
+	NOT-FOR-US: Windows Firewall Control
 CVE-2016-20090 (Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege  ...)
-	TODO: check
+	NOT-FOR-US: Comodo
 CVE-2016-20089 (Iperius Remote 1.7.0 contains an unquoted service path vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: Iperius Remote
 CVE-2016-20088 (Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path ...)
-	TODO: check
+	NOT-FOR-US: Comodo
 CVE-2016-20087 (Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Fortitude HTTP
 CVE-2016-20086 (Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Vembu StoreGrid
 CVE-2016-20085 (Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted s ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2026-55568
 	- guzzle 7.12.1-1
 	[trixie] - guzzle <no-dsa> (Minor issue)
@@ -1410,7 +1410,7 @@ CVE-2026-53870 (Hermes Agent before 0.16.0 creates response_store.db and webhook
 CVE-2026-53869 (Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in W ...)
 	NOT-FOR-US: Hermes Agent
 CVE-2026-53805 (NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthentica ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2026-52716 (Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 ve ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-52707 (Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.)
@@ -1475,7 +1475,7 @@ CVE-2026-48117 (DroneAware is a drone detection platform. The centralized DroneA
 CVE-2026-47340 (Allow authenticated users to access alert instances associated with al ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-47103 (Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code ...)
-	TODO: check
+	NOT-FOR-US: Python StateMachine
 CVE-2026-45436 (Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 ver ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42629 (Unauthenticated Broken Authentication in PowerPack Pro for Elementor < ...)
@@ -1736,15 +1736,15 @@ CVE-2026-11525 (Impact: When undici parses a Set-Cookie header, it accepts any S
 	- node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
 	NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m
 CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX Gateway Fabr ...)
-	TODO: check
+	NOT-FOR-US: NGINX Gateway Fabric
 CVE-2026-10850 (Plane CE 1.3.1 allows a low-privileged project member to submit arbitr ...)
 	NOT-FOR-US: Plane
 CVE-2026-10839 (Open redirection vulnerability in the authentication system allows an  ...)
-	TODO: check
+	NOT-FOR-US: Password Manager
 CVE-2026-10837 (Open redirection vulnerability due to insufficient validation of the X ...)
-	TODO: check
+	NOT-FOR-US: Password Manager
 CVE-2026-10836 (Improper handling of HTTP headers that allows a remote attacker to man ...)
-	TODO: check
+	NOT-FOR-US: Password Manager
 CVE-2026-10641 (Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role pa ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10094 (A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOL ...)
@@ -3933,7 +3933,7 @@ CVE-2026-37216 (Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the i
 CVE-2026-36933 (An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physical ...)
 	NOT-FOR-US: Boyleep K11, y108 firmware
 CVE-2026-36670 (A Time-Based Blind SQL Injection vulnerability in the alias_management ...)
-	TODO: check
+	NOT-FOR-US: OpenSIPS Control Panel
 CVE-2026-36537 (ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during  ...)
 	NOT-FOR-US: ThingsBoard
 CVE-2026-36521 (PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed9a905f3dbf474e537505f026d0ba180d09091

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed9a905f3dbf474e537505f026d0ba180d09091
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/05a3448f/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list