Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
73c5f93b by Salvatore Bonaccorso at 2026-06-09T09:42:08+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2026-47345 (Namespace attributes are not encoded 
correctly during HTML seria
 CVE-2026-47344 (When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant 
closing ta ...)
        NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2026-46484 (Headplane is a feature-complete Web UI for Headscale. Prior to 
version ...)
-       TODO: check
+       NOT-FOR-US: Headplane Web UI for Headscale
 CVE-2026-44757 (SAP Wily Introscope Enterprise Manager allows an 
unauthenticated attac ...)
        NOT-FOR-US: SAP
 CVE-2026-44755 (SAP Business Objects Business Intelligence Platform does not 
sufficien ...)
@@ -69,7 +69,7 @@ CVE-2026-44744 (SAP S/4HANA(On-Premise) contains SQL 
injection vulnerability in
 CVE-2026-44743 (Under certain conditions, when an unauthorized attacker 
accesses a spe ...)
        NOT-FOR-US: SAP
 CVE-2026-44541 (Fides is an open-source privacy engineering platform. From 
version 2.3 ...)
-       TODO: check
+       NOT-FOR-US: Fides
 CVE-2026-41980 (Permission control vulnerability in the file preview 
module.Impact: Su ...)
        NOT-FOR-US: Huawei
 CVE-2026-41979 (Permission control vulnerability in the print module.Impact: 
Successfu ...)
@@ -131,7 +131,7 @@ CVE-2026-40984 (In Micrometer, it is possible for a user to 
provide specially cr
 CVE-2026-40983 (In Micrometer, it is possible for a user to provide specially 
crafted  ...)
        TODO: check
 CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in 
commit a5 ...)
-       TODO: check
+       NOT-FOR-US: Nginx Proxy Manager
 CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows 
an unauth ...)
        NOT-FOR-US: SAP
 CVE-2026-27671 (Due to improper RFC protocol validation in the SAP Kernel used 
by the  ...)
@@ -144,7 +144,7 @@ CVE-2026-11623 (A security vulnerability has been detected 
in tmux up to 3.6a. A
        - tmux <unfixed>
        NOTE: 
https://github.com/tmux/tmux/commit/fc6d94a9f8a593bd8b7031650802084385d4ee03 
(3.7-rc)
 CVE-2026-11621 (A weakness has been identified in Dcat-Admin up to 2.2.3-beta. 
This im ...)
-       TODO: check
+       NOT-FOR-US: Dcat-Admin
 CVE-2026-11620 (A security flaw has been discovered in TOTOLINK EX200 
4.0.3c.7646. Thi ...)
        NOT-FOR-US: TOTOLINK
 CVE-2026-11619 (A vulnerability was identified in Dolibarr ERP CRM up to 
23.0.2. The i ...)
@@ -522,9 +522,9 @@ CVE-2026-41448 (AdGuard Home, when started with the 
--glinet flag, contains an a
 CVE-2026-3011 (The Recipe Card Blocks Lite plugin for WordPress is vulnerable 
to Stor ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-39910 (STACKIT IaaS API contains a missing authorization check 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: STACKIT
 CVE-2026-39908 (OpenBullet2 through version 0.3.2 on Windows contains a 
credential dis ...)
-       TODO: check
+       NOT-FOR-US: OpenBullet2
 CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 
was disco ...)
        NOT-FOR-US: Tenda
 CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was 
discovered ...)
@@ -550,7 +550,7 @@ CVE-2026-25855 (OpenBullet2 through version 0.3.2 contains 
a remote code executi
 CVE-2026-25559 (OpenBullet2 through version 0.3.2 contains a path traversal 
vulnerabil ...)
        NOT-FOR-US: OpenBullet2
 CVE-2026-25558 (QloApps through 1.7.0 contains a stored cross-site scripting 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: QloApps
 CVE-2026-25555 (OpenBullet2 through version 0.3.2 contains an authentication 
bypass vu ...)
        NOT-FOR-US: OpenBullet2
 CVE-2026-22164 (Software installed and run as a non-privileged user may 
conduct improp ...)
@@ -641,7 +641,7 @@ CVE-2026-11502 (A weakness has been identified in JeecgBoot 
up to 3.9.2. Impacte
 CVE-2026-11501 (A security flaw has been discovered in SourceCodester 
Hospitals Patien ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-11500 (A vulnerability was identified in Weaviate up to 1.37.7. This 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Weaviate
 CVE-2026-11499 (A vulnerability was determined in Tenda HG7HG9 and HG10 
300001138_en_x ...)
        NOT-FOR-US: Tenda
 CVE-2026-11498 (A vulnerability was found in Tenda HG7HG9 and HG10 
300001138_en_xpon.  ...)
@@ -950,23 +950,23 @@ CVE-2026-11461 (A vulnerability has been found in 
NousResearch hermes-agent up t
 CVE-2026-11460 (A flaw has been found in Boost Serialization up to 1.91. The 
impacted  ...)
        TODO: check
 CVE-2024-58349 (WordPress Theme Travelscape 1.0.3 contains an arbitrary file 
upload vu ...)
-       TODO: check
+       NOT-FOR-US: WordPress Theme
 CVE-2024-58348 (WordPress Background Image Cropper version 1.2 contains a 
remote code  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-54352 (WordPress Seotheme contains a remote code execution 
vulnerability that ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-54351 (WordPress Sonaar Music Plugin 4.7 contains a stored cross-site 
scripti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-54350 (WordPress Augmented-Reality plugin contains a remote code 
execution vu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-50953 (WordPress Plugin admin-word-count-column 2.2 contains a local 
file rea ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-47984 (WordPress Plugin WP24 Domain Check 1.6.2 contains a stored 
cross-site  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-47983 (WordPress Plugin Stripe Payments 2.0.39 contains a stored 
cross-site s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-47982 (WordPress Plugin WP-Paginate 2.1.3 contains a stored 
cross-site script ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-49494 (Comodo Internet Security's firewall driver Inspect.sys 
contains an int ...)
        NOT-FOR-US: Comodo Internet Security
 CVE-2026-36229



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c5f93be86d1a584d62840378c33d59a67e0fac

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c5f93be86d1a584d62840378c33d59a67e0fac
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to