Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73c5f93b by Salvatore Bonaccorso at 2026-06-09T09:42:08+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2026-47345 (Namespace attributes are not encoded
correctly during HTML seria
CVE-2026-47344 (When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant
closing ta ...)
NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-46484 (Headplane is a feature-complete Web UI for Headscale. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Headplane Web UI for Headscale
CVE-2026-44757 (SAP Wily Introscope Enterprise Manager allows an
unauthenticated attac ...)
NOT-FOR-US: SAP
CVE-2026-44755 (SAP Business Objects Business Intelligence Platform does not
sufficien ...)
@@ -69,7 +69,7 @@ CVE-2026-44744 (SAP S/4HANA(On-Premise) contains SQL
injection vulnerability in
CVE-2026-44743 (Under certain conditions, when an unauthorized attacker
accesses a spe ...)
NOT-FOR-US: SAP
CVE-2026-44541 (Fides is an open-source privacy engineering platform. From
version 2.3 ...)
- TODO: check
+ NOT-FOR-US: Fides
CVE-2026-41980 (Permission control vulnerability in the file preview
module.Impact: Su ...)
NOT-FOR-US: Huawei
CVE-2026-41979 (Permission control vulnerability in the print module.Impact:
Successfu ...)
@@ -131,7 +131,7 @@ CVE-2026-40984 (In Micrometer, it is possible for a user to
provide specially cr
CVE-2026-40983 (In Micrometer, it is possible for a user to provide specially
crafted ...)
TODO: check
CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in
commit a5 ...)
- TODO: check
+ NOT-FOR-US: Nginx Proxy Manager
CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows
an unauth ...)
NOT-FOR-US: SAP
CVE-2026-27671 (Due to improper RFC protocol validation in the SAP Kernel used
by the ...)
@@ -144,7 +144,7 @@ CVE-2026-11623 (A security vulnerability has been detected
in tmux up to 3.6a. A
- tmux <unfixed>
NOTE:
https://github.com/tmux/tmux/commit/fc6d94a9f8a593bd8b7031650802084385d4ee03
(3.7-rc)
CVE-2026-11621 (A weakness has been identified in Dcat-Admin up to 2.2.3-beta.
This im ...)
- TODO: check
+ NOT-FOR-US: Dcat-Admin
CVE-2026-11620 (A security flaw has been discovered in TOTOLINK EX200
4.0.3c.7646. Thi ...)
NOT-FOR-US: TOTOLINK
CVE-2026-11619 (A vulnerability was identified in Dolibarr ERP CRM up to
23.0.2. The i ...)
@@ -522,9 +522,9 @@ CVE-2026-41448 (AdGuard Home, when started with the
--glinet flag, contains an a
CVE-2026-3011 (The Recipe Card Blocks Lite plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39910 (STACKIT IaaS API contains a missing authorization check
vulnerability ...)
- TODO: check
+ NOT-FOR-US: STACKIT
CVE-2026-39908 (OpenBullet2 through version 0.3.2 on Windows contains a
credential dis ...)
- TODO: check
+ NOT-FOR-US: OpenBullet2
CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23
was disco ...)
NOT-FOR-US: Tenda
CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was
discovered ...)
@@ -550,7 +550,7 @@ CVE-2026-25855 (OpenBullet2 through version 0.3.2 contains
a remote code executi
CVE-2026-25559 (OpenBullet2 through version 0.3.2 contains a path traversal
vulnerabil ...)
NOT-FOR-US: OpenBullet2
CVE-2026-25558 (QloApps through 1.7.0 contains a stored cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: QloApps
CVE-2026-25555 (OpenBullet2 through version 0.3.2 contains an authentication
bypass vu ...)
NOT-FOR-US: OpenBullet2
CVE-2026-22164 (Software installed and run as a non-privileged user may
conduct improp ...)
@@ -641,7 +641,7 @@ CVE-2026-11502 (A weakness has been identified in JeecgBoot
up to 3.9.2. Impacte
CVE-2026-11501 (A security flaw has been discovered in SourceCodester
Hospitals Patien ...)
NOT-FOR-US: SourceCodester
CVE-2026-11500 (A vulnerability was identified in Weaviate up to 1.37.7. This
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Weaviate
CVE-2026-11499 (A vulnerability was determined in Tenda HG7HG9 and HG10
300001138_en_x ...)
NOT-FOR-US: Tenda
CVE-2026-11498 (A vulnerability was found in Tenda HG7HG9 and HG10
300001138_en_xpon. ...)
@@ -950,23 +950,23 @@ CVE-2026-11461 (A vulnerability has been found in
NousResearch hermes-agent up t
CVE-2026-11460 (A flaw has been found in Boost Serialization up to 1.91. The
impacted ...)
TODO: check
CVE-2024-58349 (WordPress Theme Travelscape 1.0.3 contains an arbitrary file
upload vu ...)
- TODO: check
+ NOT-FOR-US: WordPress Theme
CVE-2024-58348 (WordPress Background Image Cropper version 1.2 contains a
remote code ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-54352 (WordPress Seotheme contains a remote code execution
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-54351 (WordPress Sonaar Music Plugin 4.7 contains a stored cross-site
scripti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-54350 (WordPress Augmented-Reality plugin contains a remote code
execution vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-50953 (WordPress Plugin admin-word-count-column 2.2 contains a local
file rea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47984 (WordPress Plugin WP24 Domain Check 1.6.2 contains a stored
cross-site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47983 (WordPress Plugin Stripe Payments 2.0.39 contains a stored
cross-site s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47982 (WordPress Plugin WP-Paginate 2.1.3 contains a stored
cross-site script ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49494 (Comodo Internet Security's firewall driver Inspect.sys
contains an int ...)
NOT-FOR-US: Comodo Internet Security
CVE-2026-36229
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c5f93be86d1a584d62840378c33d59a67e0fac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c5f93be86d1a584d62840378c33d59a67e0fac
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits