Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3de08701 by Salvatore Bonaccorso at 2026-07-12T22:56:43+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,35 +29,35 @@ CVE-2026-56241 (Capgo before 12.128.2 contains a privilege 
escalation vulnerabil
 CVE-2026-56238 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
        NOT-FOR-US: Cap-go
 CVE-2026-15502 (A vulnerability was detected in AojiaoZero Antaris 1.0. This 
affects t ...)
-       TODO: check
+       NOT-FOR-US: AojiaoZero Antaris
 CVE-2026-15501 (A security vulnerability has been detected in AstrBotDevs 
AstrBot up t ...)
-       TODO: check
+       NOT-FOR-US: AstrBotDevs AstrBot
 CVE-2026-15500 (A weakness has been identified in AstrBotDevs AstrBot up to 
4.25.2. Af ...)
-       TODO: check
+       NOT-FOR-US: AstrBotDevs AstrBot
 CVE-2026-15499 (A security flaw has been discovered in AstrBotDevs AstrBot up 
to 4.25. ...)
-       TODO: check
+       NOT-FOR-US: AstrBotDevs AstrBot
 CVE-2026-15498 (A vulnerability was identified in sergomanov SmartHomeAdatum 
up to cf4 ...)
-       TODO: check
+       NOT-FOR-US: sergomanov SmartHomeAdatum
 CVE-2026-15497 (A vulnerability was determined in SonicCloudOrg sonic-agent up 
to 2.7. ...)
-       TODO: check
+       NOT-FOR-US: SonicCloudOrg
 CVE-2026-15496 (A vulnerability was found in SonicCloudOrg sonic-agent up to 
2.7.2. Th ...)
-       TODO: check
+       NOT-FOR-US: SonicCloudOrg
 CVE-2026-15495 (A vulnerability has been found in SonicCloudOrg sonic-agent up 
to 2.7. ...)
-       TODO: check
+       NOT-FOR-US: SonicCloudOrg
 CVE-2026-15494 (A flaw has been found in AMTT Hotel Broadband Operation System 
1.0. Im ...)
-       TODO: check
+       NOT-FOR-US: AMTT Hotel Broadband Operation System
 CVE-2026-15493 (A vulnerability was detected in Akpali9 
Attendance-Management-System u ...)
-       TODO: check
+       NOT-FOR-US: Akpali9 Attendance-Management-System
 CVE-2026-15492 (A security vulnerability has been detected in igweze wizgrade 
up to b1 ...)
-       TODO: check
+       NOT-FOR-US: igweze wizgrade
 CVE-2026-15491 (A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up 
to ddfe1 ...)
-       TODO: check
+       NOT-FOR-US: RafyMrX TOKO-ONLINE-ROTI
 CVE-2026-15490 (A security flaw has been discovered in RafyMrX 
TOKO-ONLINE-ROTI up to  ...)
-       TODO: check
+       NOT-FOR-US: RafyMrX TOKO-ONLINE-ROTI
 CVE-2026-15489 (A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up 
to ddfe1 ...)
-       TODO: check
+       NOT-FOR-US: RafyMrX TOKO-ONLINE-ROTI
 CVE-2026-15488 (A vulnerability was determined in hcr707305003 shiroiAdmin 
1.1/1.3. Af ...)
-       TODO: check
+       NOT-FOR-US: hcr707305003 shiroiAdmin
 CVE-2026-15487 (A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This 
impacts ...)
        NOT-FOR-US: TRENDnet
 CVE-2026-15486 (A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. 
This af ...)
@@ -83,31 +83,31 @@ CVE-2026-15484 (A vulnerability was detected in TRENDnet 
TEW-821DAP 1.12B01. The
 CVE-2026-15483 (A security vulnerability has been detected in TRENDnet 
TEW-821DAP 1.12 ...)
        NOT-FOR-US: TRENDnet
 CVE-2026-15482 (A weakness has been identified in Aster Telecom Azcall 10/11. 
This iss ...)
-       TODO: check
+       NOT-FOR-US: Aster Telecom Azcall
 CVE-2026-15481 (A security flaw has been discovered in Trendnet TEW-635BRM up 
to 1.00. ...)
        NOT-FOR-US: TRENDnet
 CVE-2026-15480 (A vulnerability was identified in Trendnet TEW-635BRM up to 
1.00.03. T ...)
        NOT-FOR-US: TRENDnet
 CVE-2026-15479 (A vulnerability was found in H3C NX15 V100R017. Affected by 
this vulne ...)
-       TODO: check
+       NOT-FOR-US: H3C
 CVE-2026-15478 (A flaw has been found in IceHRM up to 35.0.1. This impacts an 
unknown  ...)
-       TODO: check
+       NOT-FOR-US: IceHRM
 CVE-2026-15477 (A vulnerability was detected in Bahmni bahmnicore up to 0.93. 
This aff ...)
-       TODO: check
+       NOT-FOR-US: Bahmni bahmnicore
 CVE-2026-15476 (A security vulnerability has been detected in QILING Disk 
Master 6.0.0 ...)
-       TODO: check
+       NOT-FOR-US: QILING Disk Master
 CVE-2026-15475 (A weakness has been identified in MiniTool Partition Wizard up 
to 13.6 ...)
-       TODO: check
+       NOT-FOR-US: MiniTool Partition Wizard
 CVE-2026-15474 (A security flaw has been discovered in Eleveo Call Recording 
Software  ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15473 (A vulnerability was identified in Eleveo Call Recording 
Software 9.7.0 ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15472 (A vulnerability was determined in Eleveo Call Recording 
Software 9.7.0 ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15471 (A vulnerability was found in Eleveo Call Recording Software 
9.7.0. Thi ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15470 (A vulnerability has been found in Eleveo Call Recording 
Software 9.7.0 ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-61870 (ImageMagick before 7.1.2-26 contains a memory leak 
vulnerability in th ...)
        - imagemagick 8:7.1.2.26+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh
@@ -365,9 +365,9 @@ CVE-2026-45196 (Kernel software installed and running 
inside a Host VM may post
 CVE-2026-44795 (Spinnaker is an open source, multi-cloud continuous delivery 
platform. ...)
        NOT-FOR-US: Spinnaker
 CVE-2026-44383 (Multiple connections to the backend using the same charging 
station ID ...)
-       TODO: check
+       NOT-FOR-US: Hydro-Quebec
 CVE-2026-42952 (Previously, there was no throttling on repeated authentication 
attempt ...)
-       TODO: check
+       NOT-FOR-US: Hydro-Quebec
 CVE-2026-42219 (Frappe is a full-stack web application framework. Prior to 
16.19.0 and ...)
        NOT-FOR-US: Frappe
 CVE-2026-41482 (Frappe is a full-stack web application framework. Prior to 
16.18.3, po ...)
@@ -776,15 +776,15 @@ CVE-2026-51119 (An issue in Invixium IXM WEB v.2.3.85.25 
allows an attacker to e
 CVE-2026-46388 (osquery is a SQL powered operating system instrumentation, 
monitoring, ...)
        TODO: check
 CVE-2026-41880 (R-SOFT DMS is vulnerable toOS Command Injection in the Optical 
Charact ...)
-       TODO: check
+       NOT-FOR-US: R-SOFT DMS
 CVE-2026-41879 (R-SOFT DMSstores superadmin credentials using a non-salted 
nested MD5  ...)
-       TODO: check
+       NOT-FOR-US: R-SOFT DMS
 CVE-2026-41878 (R-SOFT DMS is vulnerable toInsecure Direct Object Reference 
(IDOR) att ...)
-       TODO: check
+       NOT-FOR-US: R-SOFT DMS
 CVE-2026-41877 (R-SOFT DMS is vulnerable to Stored XSS in file upload 
functionality. A ...)
-       TODO: check
+       NOT-FOR-US: R-SOFT DMS
 CVE-2026-41876 (R-SOFT DMS is vulnerable toOS Command Injection in 
konwertujAction() f ...)
-       TODO: check
+       NOT-FOR-US: R-SOFT DMS
 CVE-2026-40454 (Out-of-bounds Read, Improper Input Validation vulnerability in 
Apache  ...)
        TODO: check
 CVE-2026-40452 (Incorrect Authorization, Improper Access Control vulnerability 
in Apac ...)
@@ -802,29 +802,29 @@ CVE-2026-40005 (Improper Limitation of a Pathname to a 
Restricted Directory ('Pa
 CVE-2026-3907 (The Hostel plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-3251 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Webremium Istanbul Web Design Mezunum Satiyorum
 CVE-2026-39903 (Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 
Alpha 5  ...)
-       TODO: check
+       NOT-FOR-US: Simple Machines Forum
 CVE-2026-39244 (adm-zip before 0.5.18 is vulnerable to denial of service via a 
crafted ...)
        TODO: check
 CVE-2026-38059 (The iDirect iQ200 exposes the /api/identity and /api/ REST API 
endpoin ...)
-       TODO: check
+       NOT-FOR-US: iDirect iQ200
 CVE-2026-38057 (The iDirect iQ200 does not validate CSRF tokens on 
state-changing API  ...)
-       TODO: check
+       NOT-FOR-US: iDirect iQ200
 CVE-2026-33382 (Several Grafana API endpoints, some of them unauthenticated, 
do not li ...)
        NOT-FOR-US: Grafana Labs
 CVE-2026-2398 (Authorization bypass through User-Controlled key vulnerability 
in Adam ...)
-       TODO: check
+       NOT-FOR-US: Adam Retail Automation
 CVE-2026-2397 (Improper neutralization of special elements used in an SQL 
command ('S ...)
-       TODO: check
+       NOT-FOR-US: Adam Retail Automation
 CVE-2026-29519 (Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 
7.0.x r ...)
-       TODO: check
+       NOT-FOR-US: Lucee CFML Server
 CVE-2026-28564 (Insufficient Session Expiration, Authentication Bypass by 
Capture-repl ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-22660 (FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a 
logic flaw  ...)
-       TODO: check
+       NOT-FOR-US: FlaskBBFlaskBB
 CVE-2026-22659 (FlaskBB through 2.2.0, fixed in commit acc88cf, contains an 
authorizat ...)
-       TODO: check
+       NOT-FOR-US: FlaskBBFlaskBB
 CVE-2026-1946 (The GW AI Website Builder plugin for WordPress is vulnerable to 
unauth ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-1667 (The SEO Plugin by Squirrly SEO plugin for WordPress is 
vulnerable to A ...)
@@ -832,15 +832,15 @@ CVE-2026-1667 (The SEO Plugin by Squirrly SEO plugin for 
WordPress is vulnerable
 CVE-2026-15378 (A flaw was found in the `guardrails-detectors` component. This 
vulnera ...)
        TODO: check
 CVE-2026-15377 (A vulnerability was determined in Eleveo Call Recording 
Software 9.7.0 ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15376 (A vulnerability was found in Eleveo Call Recording Software 
9.7.0. Aff ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15375 (A vulnerability has been found in Eleveo Call Recording 
Software 9.7.0 ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15374 (A flaw has been found in Eleveo Call Recording Software 9.7.0. 
This af ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15373 (A vulnerability was detected in Eleveo Call Recording Software 
9.7.0.  ...)
-       TODO: check
+       NOT-FOR-US: Eleveo Call Recording Software
 CVE-2026-15146 (GNU Wget does not validate the IP address provided by an FTP 
PASV resp ...)
        TODO: check
 CVE-2026-15143 (A flaw was found in the file_type content detector of 
guardrails-detec ...)
@@ -1024,7 +1024,7 @@ CVE-2026-45780 (Discourse is an open-source discussion 
platform. Prior to 2026.6
 CVE-2026-44787 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
        NOT-FOR-US: Discourse
 CVE-2026-44342 (New API is a large language mode (LLM) gateway and artificial 
intellig ...)
-       TODO: check
+       NOT-FOR-US: New API
 CVE-2026-39246 (decompress before 4.2.2 allows arbitrary symlink creation 
during archi ...)
        TODO: check
 CVE-2026-39245 (decompress before 4.2.2 contains an improper path containment 
check th ...)
@@ -1046,9 +1046,9 @@ CVE-2026-33799 (An Out-of-bounds Write vulnerability in 
the SNMP daemon (snmpd)
 CVE-2026-33794 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
        NOT-FOR-US: Juniper
 CVE-2026-33655 (New API is a large language mode (LLM) gateway and artificial 
intellig ...)
-       TODO: check
+       NOT-FOR-US: New API
 CVE-2026-31267 (Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is 
vulnerable to Buf ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-21901 (A NULL Pointer Dereference vulnerability in the management 
daemon (mgd ...)
        NOT-FOR-US: Juniper
 CVE-2026-21057 (Improper input validation in Samsung Pass prior to version 
5.2.10.3 al ...)
@@ -1088,17 +1088,17 @@ CVE-2026-21040 (Improper access control in IAFDService 
prior to SMR Jul-2026 Rel
 CVE-2026-21039 (Improper access control in Settings prior to SMR Jul-2026 
Release 1 al ...)
        NOT-FOR-US: Samsung Mobile
 CVE-2026-15332 (A security flaw has been discovered in zhayujie CowAgent up to 
2.1.0.  ...)
-       TODO: check
+       NOT-FOR-US: zhayujie CowAgent
 CVE-2026-15331 (A vulnerability was identified in zhayujie CowAgent up to 
2.1.0. The a ...)
-       TODO: check
+       NOT-FOR-US: zhayujie CowAgent
 CVE-2026-15330 (A vulnerability was determined in zhayujie CowAgent up to 
2.1.1. Impac ...)
-       TODO: check
+       NOT-FOR-US: zhayujie CowAgent
 CVE-2026-15329 (A vulnerability was found in zhayujie CowAgent up to 2.1.0. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: zhayujie CowAgent
 CVE-2026-15326 (A vulnerability was identified in halo-dev halo up to 2.24.2. 
This aff ...)
        TODO: check
 CVE-2026-15321 (A vulnerability was found in MyEMS up to 6.4.0. The affected 
element i ...)
-       TODO: check
+       NOT-FOR-US: MyEMS
 CVE-2026-15320 (A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. 
This vuln ...)
        TODO: check
 CVE-2026-15319 (A security vulnerability has been detected in Sipeed PicoClaw 
up to 0. ...)
@@ -1767,21 +1767,21 @@ CVE-2026-52200 (An issue in Generic OEM UZ801_v2.1 4G 
LTE Router V3.4.3 allows a
 CVE-2026-51535 (In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion 
(Denial of Ser ...)
        NOT-FOR-US: OpENer
 CVE-2026-49866 (libp2p is a JavaScript Implementation of libp2p networking 
stack. Prio ...)
-       TODO: check
+       NOT-FOR-US: js-libp2p
 CVE-2026-48492 (Snipe-IT is an IT asset/license management system. Prior to 
version 8. ...)
        - snipe-it <itp> (bug #1005172)
 CVE-2026-47840 (A network attacker positioned between UAA and its LDAP 
directory can i ...)
-       TODO: check
+       NOT-FOR-US: Cloud Foundry UAA
 CVE-2026-47831 (Use of a cryptographically weak random number generator in the 
Generat ...)
-       TODO: check
+       NOT-FOR-US: bosh-windows-stemcell-builder
 CVE-2026-47830 (Incorrect Permission Assignment in BOSH.Utils.psm1 in 
BOSH-Ecosystem b ...)
-       TODO: check
+       NOT-FOR-US: bosh-windows-stemcell-builder
 CVE-2026-47829 (Argument Injection in bosh-cli allows a compromised BOSH 
Director to i ...)
-       TODO: check
+       NOT-FOR-US: bosh-cli
 CVE-2026-47828 (During bosh create-env and bosh delete-env, the CLI uploads 
compiled C ...)
-       TODO: check
+       NOT-FOR-US: bosh-cli
 CVE-2026-47826 (The blobs.yml path key traversal vulnerability in the BOSH CLI 
tool al ...)
-       TODO: check
+       NOT-FOR-US: bosh-cli
 CVE-2026-47646 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45045 (Fiber is an Express inspired web framework written in Go. 
Prior to 3.3 ...)
@@ -1815,7 +1815,7 @@ CVE-2026-35211 (OpenCTI is an open source platform for 
managing cyber threat int
 CVE-2026-35210 (OpenCTI is an open source platform for managing cyber threat 
intellige ...)
        NOT-FOR-US: OpenCTI
 CVE-2026-31309 (Improper authorization in the /tequilapi/config/user endpoint 
of Myste ...)
-       TODO: check
+       NOT-FOR-US: Mysterium Node
 CVE-2026-15174 (Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 
to 4.6.6  ...)
        NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15173 (pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows 
denial of  ...)
@@ -2344,7 +2344,7 @@ CVE-2026-49145 (App::Ack versions through 3.10.0 for Perl 
read arbitrary files v
        NOTE: Fixed by: 
https://github.com/beyondgrep/ack3/commit/45ff5fe77dbd96f7332f31943102291f878f30b8
 (v3.10.0)
        NOTE: v3.10.0 only released with a partial fix for the --follow-option.
 CVE-2026-44840 (Dgraph is an open source distributed GraphQL database. Prior 
to versio ...)
-       TODO: check
+       NOT-FOR-US: Dgraph
 CVE-2026-41122 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-41042 (Unauthenticated callers can supply a malicious H2 JDBC URL 
through the ...)
@@ -2368,7 +2368,7 @@ CVE-2026-24698 (An OS command injection vulnerability 
exists in the save_syslog_
 CVE-2026-24697 (An OS command injection vulnerability exists in the 
start_bonjour() fu ...)
        TODO: check
 CVE-2026-22927 (Omnissa Workspace ONE\xae Tunnel for Windows addresses a   
Local Privi ...)
-       TODO: check
+       NOT-FOR-US: Omnissa
 CVE-2026-15067 (Snowflake Terraform Provider versions prior to 2.18.0 contain 
several  ...)
        TODO: check
 CVE-2026-15063 (A flaw was found in the gorch service template, which is part 
of the t ...)
@@ -2674,7 +2674,7 @@ CVE-2026-49471 (Serena is a powerful MCP toolkit for 
coding that provides semant
 CVE-2026-49229 (Actual is a local-first personal finance app. Prior to 26.6.0, 
in Open ...)
        NOT-FOR-US: Actual
 CVE-2026-49033 (The application contains a stack-based buffer overflow 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Labcenter
 CVE-2026-48958 (An improper access check allows unauthorized users to create 
custom fi ...)
        NOT-FOR-US: Joomla
 CVE-2026-48957 (An improper access check allows unauthorized users to access 
com_priva ...)
@@ -2722,9 +2722,9 @@ CVE-2026-37271 (Fire-Boltt Smartwatch FB BGS001 Firmware: 
MOY-JS14-2.0.4 is vuln
 CVE-2026-37270 (Trueview Security camera T18161- AF v4.9.60.0 contains an 
authenticati ...)
        NOT-FOR-US: ActualSecurity camera
 CVE-2026-36163 (An HTML injection vulnerability in the file view endpoint of 
LiquidFil ...)
-       TODO: check
+       NOT-FOR-US: LiquidFiles
 CVE-2026-36162 (An authenticated stored cross-site scripting (XSS) 
vulnerability in th ...)
-       TODO: check
+       NOT-FOR-US: LiquidFiles
 CVE-2026-28378 (The public dashboard deletion endpoint does not enforce 
organization i ...)
        TODO: check
 CVE-2026-23698 (Vtiger CRM through 8.4.0 contains an authenticated remote code 
executi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3de08701c8a8639eaaf302d13b1e036e02c18af1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3de08701c8a8639eaaf302d13b1e036e02c18af1
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to