Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
effd7b74 by Salvatore Bonaccorso at 2026-06-02T08:07:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,7 +97,7 @@ CVE-2026-49157 (Incorrect Default Permissions vulnerability
in Apache ActiveMQ.
- activemq <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/21
CVE-2026-49121 (AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an
unauthent ...)
- TODO: check
+ NOT-FOR-US: AI Tensor Engine for ROCm (AITER)
CVE-2026-48879 (Incorrect Privilege Assignment vulnerability in Sergey AIWU
allows Pri ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48866 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -255,7 +255,7 @@ CVE-2026-42253 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an
unauthorized atta ...)
NOT-FOR-US: KS-SOMED
CVE-2026-41013 (Input validation bypass in SMB volume mount handling in
CloudFoundry F ...)
- TODO: check
+ NOT-FOR-US: CloudFoundry
CVE-2026-40990 (OOM error is possible while attempting to add infinite amount
of funct ...)
TODO: check
CVE-2026-40989 (Under infinite recursion in the routing layer,
request-handling can ca ...)
@@ -317,11 +317,11 @@ CVE-2026-27788 (Incorrect permission assignment for
critical resource issue exis
CVE-2026-25600 (The PDBM application relies on a static, hard\u2011coded
secret embedd ...)
NOT-FOR-US: Trac PDBM
CVE-2026-25599 (Missing authentication and clear\u2011text transmission of
data from t ...)
- TODO: check
+ NOT-FOR-US: Orca Energy
CVE-2026-23638 (Kiteworks is a private data network (PDN). Prior to version
9.3.0, an ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-22872 (Capsule is a multi-tenancy and policy-based framework for
Kubernetes. ...)
- TODO: check
+ NOT-FOR-US: Capsule
CVE-2026-20456 (In wlan STA driver, there is a possible system crash due to a
missing ...)
NOT-FOR-US: MediaTek
CVE-2026-20455 (In geniezone, there is a possible out of bounds write due to a
missing ...)
@@ -337,15 +337,15 @@ CVE-2026-10533 (A flaw was found in OpenShift Container
Platform. Completed pods
CVE-2026-10532 (Deserialization of untrusted data vulnerability in QOS.CH Sarl
logback ...)
TODO: check
CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes
outbound HTTP r ...)
- TODO: check
+ NOT-FOR-US: Clair
CVE-2026-10283 (A vulnerability was detected in Bottelet DaybydayCRM up to
2.2.1. Affe ...)
- TODO: check
+ NOT-FOR-US: Bottelet DaybydayCRM
CVE-2026-10282 (A security vulnerability has been detected in Bottelet
DaybydayCRM up ...)
- TODO: check
+ NOT-FOR-US: Bottelet DaybydayCRM
CVE-2026-10281 (A weakness has been identified in Enderfga claw-orchestrator
up to 3.5 ...)
- TODO: check
+ NOT-FOR-US: Enderfga claw-orchestrator
CVE-2026-10280 (A security flaw has been discovered in horizon921 mcpilot
0.1.0. The i ...)
- TODO: check
+ NOT-FOR-US: horizon921 mcpilot
CVE-2026-10279 (A vulnerability was identified in hiraishikentaro wezterm-mcp
0.1.0. T ...)
NOT-FOR-US: wezterm-mcp
CVE-2026-10278 (A vulnerability was determined in ishayoyo excel-mcp up to
1.0.2. Impa ...)
@@ -359,7 +359,7 @@ CVE-2026-10275 (A flaw has been found in OpenSC up to
0.26.1. This affects the f
CVE-2026-10274 (A vulnerability was determined in indrasishbanerjee
aem-mcp-server up ...)
NOT-FOR-US: aem-mcp-server
CVE-2026-10273 (A vulnerability was found in php-censor up to 2.1.6. This
affects an u ...)
- TODO: check
+ NOT-FOR-US: php-censor
CVE-2026-10272 (A vulnerability has been found in a4m4
Student-Management-System up to ...)
NOT-FOR-US: a4m4 Student-Management-System
CVE-2026-10271 (A flaw has been found in a4m4 Student-Management-System up to
f0c5f684 ...)
@@ -369,23 +369,23 @@ CVE-2026-10270 (A vulnerability was detected in D-Link
DI-7001 MINI up to 19.09.
CVE-2026-10269 (A security vulnerability has been detected in decolua 9router
up to 0. ...)
NOT-FOR-US: 9router
CVE-2026-10268 (A weakness has been identified in janet-lang janet up to
1.41.0. This ...)
- TODO: check
+ NOT-FOR-US: janet-lang janet
CVE-2026-10267 (A security flaw has been discovered in janet-lang janet up to
1.41.0. ...)
- TODO: check
+ NOT-FOR-US: janet-lang janet
CVE-2026-10265 (A vulnerability was identified in itsourcecode Content
Management Syst ...)
NOT-FOR-US: itsourcecode System
CVE-2026-10264 (A vulnerability was determined in lharries whatsapp-mcp 0.0.1.
Affecte ...)
- TODO: check
+ NOT-FOR-US: lharries whatsapp-mcp
CVE-2026-10263 (A vulnerability was found in SourceCodester Computer Repair
Shop Manag ...)
NOT-FOR-US: SourceCodester
CVE-2026-10262 (A vulnerability has been found in code-projects Real State
Services 1. ...)
- TODO: check
+ NOT-FOR-US: code-projects Real State Services
CVE-2026-10261 (A flaw has been found in CodeAstro Online Job Portal 1.0. This
affects ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Online Job Portal
CVE-2026-10260 (A vulnerability was detected in CodeAstro Online Job Portal
1.0. The i ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Online Job Portal
CVE-2026-10259 (A security vulnerability has been detected in H3C Magic B0 up
to 100R0 ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2026-10258 (A weakness has been identified in itsourcecode Content
Management Syst ...)
NOT-FOR-US: itsourcecode System
CVE-2026-10257 (A security flaw has been discovered in itsourcecode Content
Management ...)
@@ -421,11 +421,11 @@ CVE-2026-10243 (A security vulnerability has been
detected in code-projects Smar
CVE-2026-10242 (A weakness has been identified in itsourcecode Content
Management Syst ...)
NOT-FOR-US: itsourcecode System
CVE-2026-10241 (A security flaw has been discovered in jeecgboot The server
processes ...)
- TODO: check
+ NOT-FOR-US: jeecgboot
CVE-2026-10240 (A vulnerability was identified in JeecgBoot up to 3.9.2. The
impacted ...)
- TODO: check
+ NOT-FOR-US: JeecgBoot
CVE-2026-10239 (A vulnerability was determined in JeecgBoot up to 3.9.2. The
affected ...)
- TODO: check
+ NOT-FOR-US: JeecgBoot
CVE-2026-10237 (A vulnerability was found in SourceCodester Water Billing
Management S ...)
NOT-FOR-US: SourceCodester
CVE-2026-10236 (A vulnerability has been found in SourceCodester Water Billing
Managem ...)
@@ -433,7 +433,7 @@ CVE-2026-10236 (A vulnerability has been found in
SourceCodester Water Billing M
CVE-2026-10235 (A flaw has been found in CodeAstro Ingredients Stock
Management System ...)
NOT-FOR-US: CodeAstro
CVE-2026-10234 (A vulnerability was detected in Mettle sendportal up to 3.0.1.
This af ...)
- TODO: check
+ NOT-FOR-US: Mettle sendportal
CVE-2026-10233 (A security vulnerability has been detected in Assimp up to
6.0.4. Affe ...)
TODO: check
CVE-2026-10232 (A weakness has been identified in Assimp up to 6.0.4. Affected
by this ...)
@@ -445,13 +445,13 @@ CVE-2026-10230 (A vulnerability was identified in Assimp
up to 6.0.4. This impac
CVE-2026-10229 (A vulnerability was determined in Assimp up to 6.0.4. This
affects the ...)
TODO: check
CVE-2026-10228 (A vulnerability was found in raisulislamg4
student_management_system_b ...)
- TODO: check
+ NOT-FOR-US: raisulislamg4 student_management_system_by_php
CVE-2026-10227 (A vulnerability has been found in raisulislamg4
student_management_sys ...)
- TODO: check
+ NOT-FOR-US: raisulislamg4 student_management_system_by_php
CVE-2026-10226 (A flaw has been found in raisulislamg4
student_management_system_by_ph ...)
- TODO: check
+ NOT-FOR-US: raisulislamg4 student_management_system_by_php
CVE-2026-10225 (A vulnerability was detected in raisulislamg4
student_management_syste ...)
- TODO: check
+ NOT-FOR-US: raisulislamg4 student_management_system_by_php
CVE-2026-10224 (A security vulnerability has been detected in NousResearch
hermes-agen ...)
NOT-FOR-US: aem-mcp-server
CVE-2026-10223 (A weakness has been identified in NousResearch hermes-agent up
to 2026 ...)
@@ -463,11 +463,11 @@ CVE-2026-10221 (A vulnerability was identified in
NousResearch hermes-agent up t
CVE-2026-10220 (A vulnerability was determined in NousResearch hermes-agent up
to 2026 ...)
NOT-FOR-US: aem-mcp-server
CVE-2026-10219 (A vulnerability was found in nextlevelbuilder GoClaw up to
3.11.3. Thi ...)
- TODO: check
+ NOT-FOR-US: nextlevelbuilder GoClaw
CVE-2026-10218 (A vulnerability has been found in nextlevelbuilder GoClaw up
to 3.11.3 ...)
- TODO: check
+ NOT-FOR-US: nextlevelbuilder GoClaw
CVE-2026-10217 (A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3.
The imp ...)
- TODO: check
+ NOT-FOR-US: nextlevelbuilder GoClaw
CVE-2026-10216 (A vulnerability was detected in unitedbyai droidclaw up to
0.5.3. The ...)
NOT-FOR-US: droidclaw
CVE-2026-10215 (A security vulnerability has been detected in Dolibarr ERP CRM
up to 2 ...)
@@ -489,13 +489,13 @@ CVE-2026-10208 (A flaw has been found in code-projects
Online Hospital Managemen
CVE-2026-10206 (A vulnerability was detected in D-Link DI-8400 up to
16.07.26A1. This ...)
NOT-FOR-US: D-Link
CVE-2026-10205 (A security vulnerability has been detected in Metasoft
\u7f8e\u7279\u8 ...)
- TODO: check
+ NOT-FOR-US: Metasoft MetaCRM
CVE-2026-10204 (A weakness has been identified in OFCMS 1.1.3. The affected
element is ...)
- TODO: check
+ NOT-FOR-US: OFCMS
CVE-2026-10203 (A security flaw has been discovered in OFCMS 1.1.3. Impacted
is the fu ...)
- TODO: check
+ NOT-FOR-US: OFCMS
CVE-2026-10202 (A vulnerability was identified in OFCMS 1.1.3. This issue
affects the ...)
- TODO: check
+ NOT-FOR-US: OFCMS
CVE-2026-10201 (A vulnerability was determined in Assimp up to 6.0.4. This
vulnerabili ...)
TODO: check
CVE-2026-10200 (A vulnerability was found in Assimp up to 6.0.4. This affects
the func ...)
@@ -6328,7 +6328,7 @@ CVE-2026-41401 (libyang before 5.2.6 contains a heap
use-after-free write vulner
NOTE:
https://github.com/CESNET/libyang/security/advisories/GHSA-9f49-8x56-jmjc
NOTE: Fixed by:
https://github.com/CESNET/libyang/commit/54c3276d871023da266d4ed3ceaee7e8d71d0b04
(v5.4.9)
CVE-2026-41164 (nuts-node is the reference implementation of the Nuts
specification. P ...)
- TODO: check
+ NOT-FOR-US: nuts-node
CVE-2026-40564 (Files or Directories Accessible to External Parties,
Server-Side Reque ...)
NOT-FOR-US: Apache Flink Kubernetes Operator
CVE-2026-40384 (An improper validation of the search parameter of the
com_media files ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/effd7b74afb6d3adf47e93e908d4a8b27254df18
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/effd7b74afb6d3adf47e93e908d4a8b27254df18
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits