[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 26 21:20:19 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4d385d1 by Salvatore Bonaccorso at 2026-05-26T22:19:39+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -62,9 +62,9 @@ CVE-2026-8479 (IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerabl
CVE-2026-8174 (Zohocorp Zoho Mail wordpress plugin is vulnerable toCross-Site request ...)
NOT-FOR-US: Zoho
CVE-2026-8047 (The affected products perform improper length checking when parsing in ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-8046 (The affected products insufficiently verify authorization when deletin ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-7454 (A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, ...)
NOT-FOR-US: Autodesk
CVE-2026-7453 (A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, ...)
@@ -76,11 +76,11 @@ CVE-2026-7451 (A maliciously crafted TIF file, when parsed through Autodesk 3ds
CVE-2026-7450 (A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, ...)
NOT-FOR-US: Autodesk
CVE-2026-7374 (A flaw was found in KubeVirt's virt-handler component. This vulnerabil ...)
- TODO: check
+ NOT-FOR-US: KubeVirt
CVE-2026-7310 (A heap-based buffer overflow vulnerability exists in XML parser functi ...)
NOT-FOR-US: Hitachi Energy
CVE-2026-7251 (Eppendorf BioFlo 320is vulnerable to due to VNC server using a hard-co ...)
- TODO: check
+ NOT-FOR-US: Eppendorf
CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021 ...)
NOT-FOR-US: IBM
CVE-2026-48905 (Lack of input filtering leads to an XSS vector in the HTML filter code ...)
@@ -104,99 +104,101 @@ CVE-2026-48897 (Insufficient state checks lead to a vector that allows to bypass
CVE-2026-48896 (Insufficient state checks lead to a vector that allows to bypass 2FA c ...)
NOT-FOR-US: Joomla
CVE-2026-48864 (A flaw was found in libsolv. This heap buffer overflow occurs during t ...)
- TODO: check
+ - libsolv <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460425
+ NOTE: Not considered a security risk per upstream, as issue is in solv file parser
CVE-2026-48697 (FastNetMon Community Edition through 1.2.9 does not verify TLS certifi ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48696 (FastNetMon Community Edition through 1.2.9 has a buffer overflow, a di ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48695 (FastNetMon Community Edition through 1.2.9 contains an OS command inje ...)
NOT-FOR-US: MikroTik
CVE-2026-48694 (FastNetMon Community Edition through 1.2.9 contains a configuration in ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48693 (FastNetMon Community Edition through 1.2.9 is vulnerable to a local sy ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48692 (FastNetMon Community Edition through 1.2.9 exposes a gRPC API server o ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48691 (FastNetMon Community Edition through 1.2.9 contains an integer overflo ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48690 (FastNetMon Community Edition through 1.2.9 contains an integer overflo ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48689 (FastNetMon Community Edition through 1.2.9 contains an off-by-one heap ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48688 (FastNetMon Community Edition through 1.2.9 contains multiple out-of-bo ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48687 (FastNetMon Community Edition through 1.2.9 contains an OS command inje ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48686 (FastNetMon Community Edition through 1.2.9 contains a stack-based buff ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48685 (FastNetMon Community Edition through 1.2.9 has out-of-bounds memory ac ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48684 (FastNetMon Community Edition through 1.2.9 contains an out-of-bounds r ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48683 (FastNetMon Community Edition through 1.2.9 contains an out-of-bounds r ...)
- TODO: check
+ NOT-FOR-US: FastNetMon Community Edition
CVE-2026-48136 (When Compliance is enabled on Check Point Multi-Domain Management, an ...)
- TODO: check
+ NOT-FOR-US: Check Point Multi-Domain Management
CVE-2026-48135 (A Check Point HTTP-based service can incorrectly handle malformed HTTP ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48134 (When the DLP is active, the UserCheck Web Portal contains an input-han ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48133 (When the Identity Awareness blade is enabled with Browser-Based Authen ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48132 (The Security Gateway does not correctly validate a length value in cer ...)
TODO: check
CVE-2026-48131 (The VPN service may mishandle an unexpected IKE fragment value receive ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48126 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.8 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-48091
REJECTED
CVE-2026-47728 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink ...)
- TODO: check
+ NOT-FOR-US: Bugsink
CVE-2026-47716 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affec ...)
- TODO: check
+ NOT-FOR-US: Bugsink
CVE-2026-47715 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink ...)
- TODO: check
+ NOT-FOR-US: Bugsink
CVE-2026-47202 (Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improp ...)
- TODO: check
+ NOT-FOR-US: Kavita
CVE-2026-46624 (Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Re ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2026-46620 (e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS do ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-46431 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.7 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-46430 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.7 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-46368 (luci-app-https-dns-proxy through 2025.12.29-5 \u2014 an optional LuCI ...)
- TODO: check
+ NOT-FOR-US: luci-app-https-dns-proxy
CVE-2026-45728 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.7 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-45721 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.7 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-45247 (Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 c ...)
TODO: check
CVE-2026-45082 (Karakeep is a elf-hostable bookmark-everything app. A Server-Side Requ ...)
TODO: check
CVE-2026-44776 (Kavita is a cross platform reading server. Prior to 0.9.0, the downloa ...)
- TODO: check
+ NOT-FOR-US: Kavita
CVE-2026-44775 (Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderC ...)
- TODO: check
+ NOT-FOR-US: Kavita
CVE-2026-44749 (The SAP Gateway allows attackers to inject content into error messages ...)
NOT-FOR-US: SAP
CVE-2026-44730 (OpenCTI is an open source platform for managing cyber threat intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2026-44729 (Twenty is an open source CRM. In 1.18.0 and earlier, the file serving ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2026-44728 (Babel is a compiler for writing next generation JavaScript. From 7.12. ...)
TODO: check
CVE-2026-44723 (Vowpal Wabbit is a machine learning system. The workflow .github/workf ...)
- TODO: check
+ NOT-FOR-US: Vowpal Wabbit
CVE-2026-44707 (Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, ...)
- TODO: check
+ NOT-FOR-US: Chatwoot
CVE-2026-44706 (Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, ...)
- TODO: check
+ NOT-FOR-US: Chatwoot
CVE-2026-44680 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of ...)
- TODO: check
+ NOT-FOR-US: MikroORM
CVE-2026-44669 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
TODO: check
CVE-2026-44668 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
@@ -204,29 +206,29 @@ CVE-2026-44668 (FACTION is a PenTesting Report Generation and Collaboration Fram
CVE-2026-44667 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
TODO: check
CVE-2026-44502 (Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink\ ...)
- TODO: check
+ NOT-FOR-US: Bugsink
CVE-2026-44469 (The affected product extracts installation files to a temporary direct ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-44468 (The affected product creates a directory with insecure default permiss ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-44410 (This vulnerability stems from a business logic flaw.Attackers can expl ...)
NOT-FOR-US: ZTE
CVE-2026-44314 (Traccar is an open source GPS tracking system. Prior to 6.13.0, Device ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2026-43982 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.6 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-43981 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.6 ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon
CVE-2026-43936 (e107 is a content management system (CMS). Prior to 2.3.4, you can acc ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-43935 (e107 is a content management system (CMS). Prior to 2.3.4, a Host Head ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-43934 (e107 is a content management system (CMS). Prior to 2.3.4, a Broken Ac ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-43919
REJECTED
CVE-2026-42785 (OpenKM 6.3.12 contains a remote code execution vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2026-42448 (Magic Wormhole makes it possible to get arbitrary-sized files and dire ...)
TODO: check
CVE-2026-42425 (OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability tha ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d385d1fb2ac1debe94e2c312ae0d77ad22c85a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4d385d1fb2ac1debe94e2c312ae0d77ad22c85a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260526/bffa03f8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list