[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 22 20:21:19 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62f4e9df by security tracker role at 2026-05-22T19:21:13+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
CVE-2026-9291 (Insecure deserialization in the job results processing component in Am ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-9277 (shell-quote's `quote()` function did not validate object-token inputs ...)
TODO: check
CVE-2026-9256 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
TODO: check
CVE-2026-9255 (Missing input source validation in the tool authorization prompt in Ki ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-9251 (Missing authorization in the entry status management feature in Devolu ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9249 (Unverified password change in Devolutions Server allows an attacker to ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9248 (Authorization bypass in the entry duplication feature in Devolutions S ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9247 (Insufficient logging in the entry export feature in Devolutions Server ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9246 (Improper access control in the entry documentation and attachment feat ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9245 (Improper input validation in the external authentication provider flow ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9224 (Missing authorization in the user profile update feature in Devolution ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9223 (Missing authorization in the vault import feature in Devolutions Serve ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9047 (Improper handling of factor key state in the multi-factor authenticati ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9011 (The Ditty \u2013 Responsive News Tickers, Sliders, and Lists plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8997 (vifm is vulnerable to a heap buffer overflow during the history merge ...)
TODO: check
CVE-2026-8992 (An improper certificate validation vulnerability in Ivanti Secure Acce ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-8692 (The Vedrixa Forms \u2013 User Registration Form, Signup Form & Drag & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8684 (The MotoPress Hotel Booking plugin for WordPress is vulnerable to auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8679 (The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8673 (Unprotected transport of credentials vulnerability in syslink software ...)
TODO: check
CVE-2026-8672 (Use of default password vulnerability in syslink software AG Avantra o ...)
@@ -45,9 +45,9 @@ CVE-2026-8671 (Insertion of sensitive information into log file vulnerability in
CVE-2026-8670 (Insufficient session expiration vulnerability in syslink software AG A ...)
TODO: check
CVE-2026-8477 (Improper enforcement of the sealed-entry workflow in the entry sensiti ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-8381 (A broken access control vulnerability exists in the TeamViewer DEX Pla ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2026-8353 (Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page ...)
TODO: check
CVE-2026-8347 (Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorizati ...)
@@ -55,15 +55,15 @@ CVE-2026-8347 (Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-author
CVE-2026-8340 (Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::a ...)
TODO: check
CVE-2026-7798 (The FluentCRM \u2013 Email Newsletter, Automation, Email Marketing, Em ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7636 (The Slider by Soliloquy \u2013 Responsive Image Slider for WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7615 (The Widget Context plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7325 (Improper authorization in the Active Directory browsing feature in Dev ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-6406 (The Docker CLI --use-api-socket flag bypasses Enhanced Container Isola ...)
- TODO: check
+ NOT-FOR-US: Docker products not packaged in Debian
CVE-2026-5755 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5 ...)
TODO: check
CVE-2026-5740 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
@@ -71,9 +71,9 @@ CVE-2026-5740 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <=
CVE-2026-5308 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
TODO: check
CVE-2026-5171 (Improper access control in the entry activity log feature in Devolutio ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-5072 (A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remot ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-4646 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
TODO: check
CVE-2026-4635 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
@@ -83,11 +83,11 @@ CVE-2026-48700 (An issue was discovered in all versions of PCManFM-Qt starting f
CVE-2026-46727 (An issue was discovered in Ruby 4 before 4.0.5. A race condition leadi ...)
TODO: check
CVE-2026-44930 (An LDAP injection vulnerability in the LDAP Certificate repository of ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44618 (Insecure XML parser configuration in Apache CXF's WS-Transfer module m ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44417 (The fix forCVE-2025-48913: Apache CXF: Untrusted JMS configuration can ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42627 (In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::G ...)
TODO: check
CVE-2026-42626 (HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly ma ...)
@@ -127,7 +127,7 @@ CVE-2026-36228 (Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a r
CVE-2026-36227 (Directory Traversal vulnerability in Easy Chat Server 3.1 allows a rem ...)
TODO: check
CVE-2026-36226 (Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-20 ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2026-34207 (TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF p ...)
TODO: check
CVE-2026-33712 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the p ...)
@@ -153,21 +153,21 @@ CVE-2026-25607 (Use of a weak password encoding algorithm in STER software allow
CVE-2026-25606 (A SQL injection vulnerability has been identified in STER. Improper ne ...)
TODO: check
CVE-2025-46371 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Brok ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-45145 (Directory traversal in Follett Software's Destiny Library Manager 22_0 ...)
TODO: check
CVE-2025-32751 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Sto ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-32749 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-32747 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Pr ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-32746 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Sto ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-32745 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Cer ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-26483 (Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Red ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-XXXX [starlette Ignore malformed Host header when constructing request.url]
- starlette <unfixed>
NOTE: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
@@ -404634,7 +404634,7 @@ CVE-2022-34365 (WMS 3.7 contains a Path Traversal Vulnerability in Device API. A
CVE-2022-34364 (Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug ...)
NOT-FOR-US: Dell
CVE-2022-34363 (Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains a ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server before v ...)
NOT-FOR-US: HYPR
CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 al ...)
@@ -413263,7 +413263,7 @@ CVE-2022-31233 (Unisphere for PowerMax versions before 9.2.3.15 contain a privil
CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a Command-Injectio ...)
NOT-FOR-US: SmartFabric storage software
CVE-2022-31231 (Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky c ...)
NOT-FOR-US: Dell
CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message ...)
@@ -510124,7 +510124,7 @@ CVE-2021-21510 (Dell iDRAC8 versions prior to 2.75.100.75 contain a host header
CVE-2021-21509
RESERVED
CVE-2021-21508 (Dell VxRail versions before 7.0.200 contain a Plain-text Password Stor ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and De ...)
NOT-FOR-US: EMC
CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f4e9dfe4cbb74ae4c74050343860d187152781
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f4e9dfe4cbb74ae4c74050343860d187152781
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/d4c81143/attachment.htm>
More information about the debian-security-tracker-commits
mailing list