Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eed9a905 by Moritz Muehlenhoff at 2026-06-22T16:08:59+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -526,25 +526,25 @@ CVE-2026-11576 (The security fix for CVE-2025-0728 in 
eclipse-threadx NetX Duo r
 CVE-2025-71326 (AVAST Antivirus 25.11 contains an unquoted service path 
vulnerability  ...)
        NOT-FOR-US: AVAST Antivirus
 CVE-2025-62821 (Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds 
read bec ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-54357 (Joomla com_booking component 2.4.9 contains an information 
disclosure  ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2023-54353 (Chromacam 4.0.3.0 contains an unquoted service path 
vulnerability in t ...)
-       TODO: check
+       NOT-FOR-US: Chromacam
 CVE-2022-50971 (Malwarebytes 4.5 contains an unquoted service path 
vulnerability in th ...)
-       TODO: check
+       NOT-FOR-US: Malwarebytes
 CVE-2021-47985 (Brother SAPSprint 7.60 contains an unquoted service path 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Brother
 CVE-2020-37254 (Wondershare PDFelement 5.2.9 contains a privilege escalation 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Wondershare
 CVE-2020-37253 (Winstep 18.06.0096 contains an unquoted service path 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Winstep
 CVE-2020-37252 (Realtek Audio Service 1.0.0.55 contains an unquoted service 
path vulne ...)
-       TODO: check
+       NOT-FOR-US: Realtek
 CVE-2020-37251 (RealTimes Desktop Service 18.1.4 contains an unquoted service 
path vul ...)
-       TODO: check
+       NOT-FOR-US: RealTimes
 CVE-2020-37250 (TFTP Broadband 4.3.0.1465 contains an unquoted service path 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: TFTP Broadband
 CVE-2019-25762 (Joomla! Component JoomProject 1.1.3.2 contains an information 
disclosu ...)
        NOT-FOR-US: Joomla! addon
 CVE-2019-25761 (Joomla! Component JoomCRM 1.1.1 contains an SQL injection 
vulnerabilit ...)
@@ -576,7 +576,7 @@ CVE-2019-25749 (Joomla J-CruisePortal 6.0.4 contains an SQL 
injection vulnerabil
 CVE-2019-25748 (Joomla JHotelReservation 6.0.7 contains an SQL injection 
vulnerability ...)
        NOT-FOR-US: Joomla! addon
 CVE-2019-25747 (Network Inventory Advisor 5.0.26.0 installs the niaservice 
service wit ...)
-       TODO: check
+       NOT-FOR-US: Network Inventory Advisor
 CVE-2017-20282 (Joomla! Component jCart for OpenCart 2.0 contains an SQL 
injection vul ...)
        NOT-FOR-US: Joomla! addon
 CVE-2017-20281 (Joomla! Component Extra Search 2.2.8 contains an SQL injection 
vulnera ...)
@@ -640,27 +640,27 @@ CVE-2017-20253 (Joomla! Component My Projects 2.0 
contains an SQL injection vuln
 CVE-2017-20252 (Joomla NextGen Editor 2.1.0 contains an SQL injection 
vulnerability th ...)
        NOT-FOR-US: Joomla! addon
 CVE-2016-20095 (Matrix42 Remote Control Host 3.20.0031 contains an unquoted 
service pa ...)
-       TODO: check
+       NOT-FOR-US: Matrix42 Remote Control Host
 CVE-2016-20094 (AnyDesk 2.5.0 contains an unquoted service path vulnerability 
that all ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2016-20093 (Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted 
service ...)
-       TODO: check
+       NOT-FOR-US: Wise
 CVE-2016-20092 (NetDrive 2.6.12 contains an unquoted service path 
vulnerability in the ...)
-       TODO: check
+       NOT-FOR-US: NetDrive
 CVE-2016-20091 (Windows Firewall Control 4.8.6.0 contains an unquoted service 
path vul ...)
-       TODO: check
+       NOT-FOR-US: Windows Firewall Control
 CVE-2016-20090 (Comodo Dragon Browser versions up to 52.15.25.663 contain a 
privilege  ...)
-       TODO: check
+       NOT-FOR-US: Comodo
 CVE-2016-20089 (Iperius Remote 1.7.0 contains an unquoted service path 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Iperius Remote
 CVE-2016-20088 (Comodo Chromodo Browser 52.15.25.664 contains an unquoted 
service path ...)
-       TODO: check
+       NOT-FOR-US: Comodo
 CVE-2016-20087 (Fortitude HTTP 1.0.4.0 contains an unquoted service path 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Fortitude HTTP
 CVE-2016-20086 (Vembu StoreGrid 4.0 contains an unquoted service path 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Vembu StoreGrid
 CVE-2016-20085 (Realtek High Definition Audio Driver 6.0.1.6730 contains an 
unquoted s ...)
-       TODO: check
+       NOT-FOR-US: Realtek
 CVE-2026-55568
        - guzzle 7.12.1-1
        [trixie] - guzzle <no-dsa> (Minor issue)
@@ -1410,7 +1410,7 @@ CVE-2026-53870 (Hermes Agent before 0.16.0 creates 
response_store.db and webhook
 CVE-2026-53869 (Hermes Agent before 0.16.0 contains a DNS rebinding 
vulnerability in W ...)
        NOT-FOR-US: Hermes Agent
 CVE-2026-53805 (NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an 
unauthentica ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-52716 (Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 
1.7.11 ve ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-52707 (Unauthenticated Local File Inclusion in Kastell <= 2.0 
versions.)
@@ -1475,7 +1475,7 @@ CVE-2026-48117 (DroneAware is a drone detection platform. 
The centralized DroneA
 CVE-2026-47340 (Allow authenticated users to access alert instances associated 
with al ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-47103 (Python StateMachine versions 3.0.0 before 3.2.0 contains a 
remote code ...)
-       TODO: check
+       NOT-FOR-US: Python StateMachine
 CVE-2026-45436 (Subscriber Broken Access Control in WPBakery Page Builder <= 
8.7.2 ver ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42629 (Unauthenticated Broken Authentication in PowerPack Pro for 
Elementor < ...)
@@ -1736,15 +1736,15 @@ CVE-2026-11525 (Impact: When undici parses a Set-Cookie 
header, it accepts any S
        - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
        NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m
 CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX 
Gateway Fabr ...)
-       TODO: check
+       NOT-FOR-US: NGINX Gateway Fabric
 CVE-2026-10850 (Plane CE 1.3.1 allows a low-privileged project member to 
submit arbitr ...)
        NOT-FOR-US: Plane
 CVE-2026-10839 (Open redirection vulnerability in the authentication system 
allows an  ...)
-       TODO: check
+       NOT-FOR-US: Password Manager
 CVE-2026-10837 (Open redirection vulnerability due to insufficient validation 
of the X ...)
-       TODO: check
+       NOT-FOR-US: Password Manager
 CVE-2026-10836 (Improper handling of HTTP headers that allows a remote 
attacker to man ...)
-       TODO: check
+       NOT-FOR-US: Password Manager
 CVE-2026-10641 (Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free 
role pa ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10094 (A Path Traversal vulnerability affecting SOLIDWORKS Visualize 
from SOL ...)
@@ -3933,7 +3933,7 @@ CVE-2026-37216 (Ruoyi 4.8.2 is vulnerable to Cross Site 
Scripting (XSS) at the i
 CVE-2026-36933 (An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a 
physical ...)
        NOT-FOR-US: Boyleep K11, y108 firmware
 CVE-2026-36670 (A Time-Based Blind SQL Injection vulnerability in the 
alias_management ...)
-       TODO: check
+       NOT-FOR-US: OpenSIPS Control Panel
 CVE-2026-36537 (ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass 
during  ...)
        NOT-FOR-US: ThingsBoard
 CVE-2026-36521 (PublicCMS V5.202506.d has a Cross Site Scripting (XSS) 
vulnerability i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed9a905f3dbf474e537505f026d0ba180d09091

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed9a905f3dbf474e537505f026d0ba180d09091
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to