Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97ed6254 by Salvatore Bonaccorso at 2026-07-01T06:35:32+02:00
auto-nfu: Add rule for NetScaler CNA
The CNA will assign only CVEs for NetScaler issues.
- - - - -
cbb189d0 by Salvatore Bonaccorso at 2026-07-01T06:37:41+02:00
Process some NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2026-9263 (The Zephyr Bluetooth controller ISO Adaptation
Layer (subsys/blue
CVE-2026-8864 (The HP Fan Control App might allow local escalation of
privileges. An ...)
NOT-FOR-US: HP
CVE-2026-8655 (Multiple Memory overflow vulnerabilities inNetScaler ADC and
NetScaler ...)
- TODO: check
+ NOT-FOR-US: NetScaler
CVE-2026-8452 (Memory overflow vulnerabilityNetScaler ADC and NetScaler
Gatewayleadin ...)
NOT-FOR-US: Citrix
CVE-2026-8451 (Insufficient input validation inNetScaler ADC and NetScaler
Gatewaylea ...)
@@ -208,7 +208,7 @@ CVE-2026-14162 (Hospital Queuing Management developed by
Advantech has a Sensiti
CVE-2026-14161 (Hospital Quening Management developed by Advantech has a
Sensitive Dat ...)
NOT-FOR-US: Advantech
CVE-2026-13474 (Denial of service via malformed HTTP/2 requests inNetScaler
ADC and Ne ...)
- TODO: check
+ NOT-FOR-US: NetScaler
CVE-2026-13455 (PostgreSQL Anonymizer contains a vulnerability that allows
unprivilege ...)
TODO: check
CVE-2026-13316 (A flaw has been found in foreman when HTTP parameters are
modified in ...)
@@ -224,9 +224,9 @@ CVE-2026-12388 (A flaw was found in the Identity Provider
(IdP) mapper component
CVE-2026-12076 (Raytha CMS is vulnerable to SQL Injection within the OData
filter pars ...)
TODO: check
CVE-2026-10817 (Insufficient input validation leading to memory overread
inNetScaler A ...)
- TODO: check
+ NOT-FOR-US: NetScaler
CVE-2026-10816 (Arbitrary File Read (Unauthenticated) inNetScaler ADC and
NetScaler Ga ...)
- TODO: check
+ NOT-FOR-US: NetScaler
CVE-2026-10763 (PROMOD V is using insecure HTTP communication instead of
HTTPS. The vu ...)
NOT-FOR-US: Hitachi Energy
CVE-2026-10655 (The asynchronous SNTP client in Zephyr
(subsys/net/lib/sntp/sntp.c, sn ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -179,6 +179,8 @@
cna: NI
- reason: NetApp
cna: netapp
+- reason: NetScaler
+ cna: NetScaler
- reason: Netskope
cna: Netskope
- reason: Nokia
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2dae080dc79c5594b9117f3287d57ad62a652c95...cbb189d04ed393c4f50532b2182797f90a3ce0f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2dae080dc79c5594b9117f3287d57ad62a652c95...cbb189d04ed393c4f50532b2182797f90a3ce0f4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits