Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6cd548cf by Moritz Muehlenhoff at 2026-06-21T23:53:19+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,77 +40,77 @@ CVE-2026-56403 (libexpat before 2.8.2 has an integer 
overflow in storeAtts.)
        NOTE: Fixed by: 
https://github.com/libexpat/libexpat/commit/12dc6d8d3d65f79471a94d8565f6bf1cf245f648
        NOTE: Fixed by: 
https://github.com/libexpat/libexpat/commit/147c8f36d6277d5c6011c098370a8362aed47b15
 CVE-2026-56397 (SiYuan before v3.6.1 fails to sanitize package metadata and 
README con ...)
-       TODO: check
+       NOT-FOR-US: SiYuan
 CVE-2026-56396 (phpMyFAQ before 4.1.4 contains missing authorization 
vulnerabilities i ...)
-       TODO: check
+       NOT-FOR-US: phpMyFAQ
 CVE-2026-56395 (SiYuan before v3.6.1 fails to sanitize package metadata and 
README con ...)
-       TODO: check
+       NOT-FOR-US: SiYuan
 CVE-2026-56394 (Craft CMS from 4.0.0-RC1 contains an authenticated path 
traversal vuln ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-56393 (Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 
5.0.0-RC1, < ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-56385 (Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, 
<= 4.17.7 ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-56384 (Craft CMS contains a missing authorization vulnerability in 
the assets ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-56383 (Craft CMS contains a stored cross-site scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-56382 (Craft CMS (composer package craftcms/cms) versions >= 5.5.0 
and <= 5.9 ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-56381 (Craft CMS from version 5.0.0-RC1 contains a stored cross-site 
scriptin ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-56316 (Cap-go before 12.128.2 contains an information disclosure 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56299 (Capgo before 12.128.2 contains an authentication bypass 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56265 (Crawl4AI before 0.8.7 contains an authentication bypass 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Crawl4AI
 CVE-2026-56253 (Capgo before 12.128.2 contains an improper access control 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56251 (Capgo before 12.128.2 contains a broken row level security 
policy in t ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56242 (Capgo before 12.128.2 contains an unauthenticated security 
definer RPC ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56239 (Capgo before 12.128.2 contains a potential privilege 
escalation vulner ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56236 (Capgo CLI before 12.128.2 contains arbitrary file overwrite 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56229 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-12804 (A vulnerability was detected in lemonldap-ng up to 2.23.0. 
Impacted is ...)
        TODO: check
 CVE-2026-12799 (A security vulnerability has been detected in BerriAI litellm 
up to 1. ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-12798 (A weakness has been identified in BerriAI litellm up to 
1.82.2. Affect ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-12797 (A security flaw has been discovered in BerriAI litellm up to 
1.82.5. A ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-12796 (A vulnerability was identified in BerriAI litellm up to 
1.82.2. This i ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-12795 (A vulnerability was determined in BerriAI litellm up to 
1.82.2. This a ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-12789 (A vulnerability was identified in ILIAS Learning Management 
System 11. ...)
-       TODO: check
+       NOT-FOR-US: ILIAS Learning Management System
 CVE-2026-12788 (A vulnerability was determined in zhilink 
\u667a\u4e92\u8054(\u6df1\u5 ...)
-       TODO: check
+       NOT-FOR-US: zhilink
 CVE-2026-12787 (A vulnerability was found in zhilink 
\u667a\u4e92\u8054(\u6df1\u5733)\ ...)
-       TODO: check
+       NOT-FOR-US: zhilink
 CVE-2026-12786 (A vulnerability has been found in Ezbsystems UltraISO Premium 
Edition  ...)
-       TODO: check
+       NOT-FOR-US: Ezbsystems UltraISO
 CVE-2026-12784 (A weakness has been identified in IM-Magic Partition Resizer 
up to 7.9 ...)
-       TODO: check
+       NOT-FOR-US: IM-Magic Partition Resizer
 CVE-2026-12782 (A security flaw has been discovered in EaseUS Partition Master 
up to 1 ...)
-       TODO: check
+       NOT-FOR-US: EaseUS Partition Master
 CVE-2026-12781 (A vulnerability was identified in EaseUS Partition Master up 
to 14.5.  ...)
-       TODO: check
+       NOT-FOR-US: EaseUS Partition Master
 CVE-2025-71378 (picklescan before 0.0.30 fails to detect cProfile.runctx 
function call ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71357 (picklescan before 0.0.30 fails to detect malicious pickle 
files using  ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71351 (picklescan before 0.0.25 fails to detect malicious pickle 
files that u ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71348 (picklescan before 0.0.28 fails to detect malicious pickle 
files that i ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2026-56367 (ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 
contains an int ...)
        - imagemagick 8:7.1.2.15+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
@@ -488,99 +488,99 @@ CVE-2020-37251 (RealTimes Desktop Service 18.1.4 contains 
an unquoted service pa
 CVE-2020-37250 (TFTP Broadband 4.3.0.1465 contains an unquoted service path 
vulnerabil ...)
        TODO: check
 CVE-2019-25762 (Joomla! Component JoomProject 1.1.3.2 contains an information 
disclosu ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25761 (Joomla! Component JoomCRM 1.1.1 contains an SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25760 (Joomla! Component Easy Shop 1.2.3 contains a local file 
inclusion vuln ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25759 (Joomla! Component vBizz 1.0.7 contains an SQL injection 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25758 (Joomla! Component vBizz 1.0.7 contains an unrestricted file 
upload vul ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25757 (Joomla vWishlist 1.0.1 contains an SQL injection vulnerability 
that al ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25756 (Joomla! Component vAccount 2.0.2 contains an SQL injection 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25755 (Joomla Component vReview 1.9.11 contains an SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25754 (Joomla Component vRestaurant 1.9.4 contains an SQL injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25753 (Joomla! Component VMap 1.9.6 contains an SQL injection 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25752 (Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25751 (Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25750 (Joomla Component J-MultipleHotelReservation 6.0.7 contains an 
SQL inje ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25749 (Joomla J-CruisePortal 6.0.4 contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25748 (Joomla JHotelReservation 6.0.7 contains an SQL injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2019-25747 (Network Inventory Advisor 5.0.26.0 installs the niaservice 
service wit ...)
        TODO: check
 CVE-2017-20282 (Joomla! Component jCart for OpenCart 2.0 contains an SQL 
injection vul ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20281 (Joomla! Component Extra Search 2.2.8 contains an SQL injection 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20280 (Joomla Component Myportfolio 3.0.2 contains an SQL injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20279 (Joomla Payage 2.05 contains an SQL injection vulnerability 
that allows ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20278 (Joomla Component JoomRecipe 1.0.3 contains an SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20277 (Joomla JoomRecipe 1.0.4 component contains a blind SQL 
injection vulne ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20276 (Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20275 (Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20274 (Joomla LMS King Professional 3.2.4.0 contains an SQL injection 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20273 (Joomla Event Registration Pro Calendar 4.1.3 contains an SQL 
injection ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20272 (Joomla Ultimate Property Listing 1.0.2 contains an SQL 
injection vulne ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20271 (Joomla StreetGuessr Game 1.1.8 contains an SQL injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20270 (Joomla! Component Twitch Tv 1.1 contains an SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20269 (Joomla! Component KissGallery 1.0.0 contains an SQL injection 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20268 (Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL 
injection vu ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20267 (Joomla! Component Calendar Planner 1.0.1 contains an SQL 
injection vul ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20266 (Joomla SP Movie Database 1.3 contains an SQL injection 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20265 (Joomla! Component Flip Wall 8.0 contains an SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20264 (Joomla! Component Sponsor Wall 8.0 contains an SQL injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20263 (Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20262 (Joomla! Component Ajax Quiz 1.8 contains an SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20261 (Joomla! Component Bargain Product VM3 1.0 contains an SQL 
injection vu ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20260 (Joomla! Component Price Alert 3.0.2 contains an SQL injection 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20259 (Joomla OSDownloads 1.7.4 contains an SQL injection 
vulnerability that  ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20258 (Joomla! Component RPC Responsive Portfolio 1.6.1 contains an 
SQL injec ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20257 (Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20256 (Joomla Survey Force Deluxe 3.2.4 contains an SQL injection 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20255 (Joomla! Component JB Visa 1.0 contains an SQL injection 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20254 (Joomla! Component User Bench 1.0 contains an SQL injection 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20253 (Joomla! Component My Projects 2.0 contains an SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2017-20252 (Joomla NextGen Editor 2.1.0 contains an SQL injection 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2016-20095 (Matrix42 Remote Control Host 3.20.0031 contains an unquoted 
service pa ...)
        TODO: check
 CVE-2016-20094 (AnyDesk 2.5.0 contains an unquoted service path vulnerability 
that all ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cd548cfe7f4f77335050ed77ddb74a0ba3ec571

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cd548cfe7f4f77335050ed77ddb74a0ba3ec571
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to