[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 10 20:43:32 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12236d02 by Salvatore Bonaccorso at 2026-05-10T21:42:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -51,71 +51,71 @@ CVE-2022-50946 (WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored
CVE-2022-50945 (WordPress 3dady real-time web stats plugin 1.0 contains a stored cross ...)
NOT-FOR-US: WordPress plugin
CVE-2022-50944 (Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Aero CMS
CVE-2022-50943 (Moodle LMS 4.0 contains a cross-site scripting vulnerability that allo ...)
- moodle <removed>
CVE-2021-47953 (OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability t ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2021-47951 (WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47950 (Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vu ...)
- TODO: check
+ NOT-FOR-US: Advanced Guestbook
CVE-2021-47949 (CyberPanel 2.1 contains a command execution vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: CyberPanel
CVE-2021-47948 (WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47947 (Projectsend r1295 contains a stored cross-site scripting vulnerability ...)
- TODO: check
+ NOT-FOR-US: Projectsend
CVE-2021-47946 (OpenCart 3.0.36 contains a cross-site request forgery vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2021-47945 (Argus Surveillance DVR 4.0 contains an unquoted service path vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Argus Surveillance DVR
CVE-2021-47944 (memono Notepad 4.2 contains a denial of service vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: memono Notepad
CVE-2021-47943 (TextPattern CMS 4.8.7 contains a remote code execution vulnerability t ...)
TODO: check
CVE-2021-47941 (WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47940 (WordPress Plugin Download From Files version 1.48 and earlier contains ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47939 (Evolution CMS 3.1.6 contains a remote code execution vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Evolution CMS
CVE-2021-47938 (ImpressCMS 1.4.2 contains a remote code execution vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: ImpressCMS
CVE-2021-47937 (e107 CMS 2.3.0 contains a remote code execution vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2021-47936 (OpenCATS 0.9.4 contains a remote code execution vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: OpenCATS
CVE-2021-47935 (Sentry 8.2.0 contains a remote code execution vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2021-47933 (WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerabi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47932 (WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47931 (Exponent CMS 2.6 contains a stored cross-site scripting vulnerability ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2021-47930 (Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL inj ...)
- TODO: check
+ NOT-FOR-US: Balbooa Joomla Forms Builder
CVE-2021-47929 (Filterable Portfolio Gallery 1.0 contains a stored cross-site scriptin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47928 (Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: Opencart TMD Vendor System
CVE-2021-47927 (WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47926 (Contact Form to Email 1.3.24 contains a stored cross-site scripting vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47925 (CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabi ...)
- TODO: check
+ NOT-FOR-US: CMDBuild
CVE-2021-47924 (Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47923 (OpenCart 3.0.3.8 contains a session fixation vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2021-47922 (Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47910 (AccessPress Social Icons 1.8.2 contains a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47907 (Rocket LMS 1.1 contains a persistent cross-site scripting vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Rocket LMS
CVE-2026-8235 (A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This iss ...)
NOT-FOR-US: MiniClaw
CVE-2026-8234 (A security vulnerability has been detected in EFM ipTIME A8004T 14.18. ...)
@@ -608,17 +608,17 @@ CVE-2026-34354 (Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on
CVE-2026-32803 (Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 throug ...)
NOT-FOR-US: Dell / EMC
CVE-2026-29975 (lwjson 1.8.1 contains an improper input validation vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: lwjson
CVE-2026-29974 (An issue was discovered in kosma minmea 0.3.0. The minmea_scan functio ...)
NOT-FOR-US: kosma minmea
CVE-2026-29972 (nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_r ...)
- TODO: check
+ NOT-FOR-US: nanoMODBUS
CVE-2026-29203 (A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follo ...)
- TODO: check
+ NOT-FOR-US: cPanel plugin
CVE-2026-29202 (Insufficient input validation of the `plugin` parameter of the `create ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2026-29201 (Insufficient input validation of the feature file name in `feature::LO ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2026-25199 (Instances deployed via the Proxmox extension allow unauthorized access ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-25077 (Account users are allowed by default to register templates to be downl ...)
@@ -636,7 +636,7 @@ CVE-2025-66171 (The CloudStack Backup plugin has an improper access logic in ver
CVE-2025-66170 (The CloudStack Backup plugin has an improper authorization logic in ve ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2022-50994 (DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS co ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor
CVE-2026-6659 (Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure ran ...)
- libcrypt-passwdmd5-perl <unfixed> (bug #1136091)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39857355/
@@ -3200,9 +3200,9 @@ CVE-2026-33079 (In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (
[bullseye] - mistune <not-affected> (Vulnerable code not present)
NOTE: https://github.com/lepture/mistune/security/advisories/GHSA-8mp2-v27r-99xp
CVE-2026-29090 (### Summary A SQL injection vulnerability exists in Rucio versions 1. ...)
- TODO: check
+ NOT-FOR-US: Rucio
CVE-2026-29080 (A SQL injection vulnerability in `FilterEngine.create_sqla_query()` al ...)
- TODO: check
+ NOT-FOR-US: Rucio
CVE-2026-23928 (The Item history widget (in Zabbix 7.0+) or the Plain text widget (in ...)
TODO: check
CVE-2026-23927 (A user able to connect to Agent 2 can inject an Oracle TNS connection ...)
@@ -362138,7 +362138,7 @@ CVE-2022-45901
CVE-2022-45900
RESERVED
CVE-2022-45899 (Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthentic ...)
- TODO: check
+ NOT-FOR-US: Nokia Broadcast Message Center (BMC)
CVE-2022-45898
RESERVED
CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device emulati ...)
@@ -419986,9 +419986,9 @@ CVE-2022-26525
CVE-2022-26524
RESERVED
CVE-2022-26523 (The socket connection handler in aswArPot.sys in the Avast and AVG Win ...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2022-26522 (The socket connection handler in aswArPot.sys in the Avast and AVG Win ...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2022-26521 (Abantecart through 1.3.2 allows remote authenticated administrators to ...)
NOT-FOR-US: Abantecart
CVE-2022-0872
@@ -428150,7 +428150,7 @@ CVE-2022-23963
CVE-2022-23962
RESERVED
CVE-2022-23961 (In Thruk Monitoring through 2.46.3, the login field of the login form ...)
- TODO: check
+ NOT-FOR-US: Thruk Monitoring
CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08 do not p ...)
{DSA-5173-1 DLA-3065-1}
- linux 5.16.14-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12236d02bfbc1e788dedddaa9e9f288f5cf9ca31
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12236d02bfbc1e788dedddaa9e9f288f5cf9ca31
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260510/f51d8375/attachment.htm>
More information about the debian-security-tracker-commits
mailing list