[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 20 May 2026 00:28:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
87853dd3 by Salvatore Bonaccorso at 2026-05-20T09:28:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2026-9057 (A broken access control issue has been identified in the Talend 
Admini ...)
-       TODO: check
+       NOT-FOR-US: Talend Administration Center
 CVE-2026-9056 (A stored cross-site scripting vulnerability has been found in 
the Tale ...)
-       TODO: check
+       NOT-FOR-US: Talend Administration Center
 CVE-2026-9010 (The Boost plugin for WordPress is vulnerable to time-based SQL 
Injecti ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-9003 (E-LAN Hybrid Recording System developed by TONNET has a SQL 
Injection  ...)
-       TODO: check
+       NOT-FOR-US: TONNET
 CVE-2026-8922 (A flaw was found in Keycloak. When both realm-level and 
client-level ` ...)
        - keycloak <itp> (bug #1088287)
 CVE-2026-8912 (The Contest Gallery plugin for WordPress is vulnerable to SQL 
Injectio ...)
@@ -31,13 +31,13 @@ CVE-2026-8624 (The LJ comments import: reloaded plugin for 
WordPress is vulnerab
 CVE-2026-8610 (The TypeSquare Webfonts for ConoHa plugin for WordPress is 
vulnerable  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-8605 (In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: ScadaBR
 CVE-2026-8604 (In ScadaBR version 1.2.0, a CSRF vulnerability could allow an 
attacker ...)
-       TODO: check
+       NOT-FOR-US: ScadaBR
 CVE-2026-8603 (In ScadaBR version 1.2.0, an OS Command Injection vulnerability 
could  ...)
-       TODO: check
+       NOT-FOR-US: ScadaBR
 CVE-2026-8602 (In ScadaBR version 1.2.0, a Missing Authentication for Critical 
Functi ...)
-       TODO: check
+       NOT-FOR-US: ScadaBR
 CVE-2026-8495 (Missing Authorization vulnerability in Drupal Date iCal allows 
Forcefu ...)
        NOT-FOR-US: Drupal core and addons
 CVE-2026-8493 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
@@ -65,7 +65,7 @@ CVE-2026-8073 (The Kirki \u2013 Freeform Page Builder, 
Website Builder & Customi
 CVE-2026-8038 (The Faces of Users plugin for WordPress is vulnerable to Stored 
Cross- ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-7860 (A possible information disclosure vulnerability exists in the 
Vaadin M ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2026-7637 (The Boost plugin for WordPress is vulnerable to PHP Object 
Injection i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-7571 (A flaw was found in Keycloak. A low-privilege user, with 
knowledge of  ...)
@@ -83,7 +83,7 @@ CVE-2026-7467 (The Read More & Accordion plugin for WordPress 
is vulnerable to P
 CVE-2026-7462 (The VatanSMS WP SMS plugin for WordPress is vulnerable to 
Reflected Cr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-7460 (mailcow-dockerized contains a stored cross-site scripting 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: mailcow-dockerized
 CVE-2026-7385 (The Decent Comments WordPress plugin before 3.0.2 does not 
restrict ac ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-7307 (A flaw was found in Keycloak. A remote, unauthenticated 
attacker can s ...)
@@ -155,11 +155,11 @@ CVE-2026-47783 (In memcached before 1.6.42, username data 
for SASL password data
        - memcached <unfixed>
        NOTE: Fixed by: 
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
 (1.6.42)
 CVE-2026-47358 (Terrascan v1.18.3 and prior are vulnerable to Server-Side 
Request Forg ...)
-       TODO: check
+       NOT-FOR-US: Terrascan
 CVE-2026-47357 (Terrascan v1.18.3 and prior are vulnerable to Server-Side 
Request Forg ...)
-       TODO: check
+       NOT-FOR-US: Terrascan
 CVE-2026-47356 (Terrascan v1.18.3 and prior are vulnerable to Server-Side 
Request Forg ...)
-       TODO: check
+       NOT-FOR-US: Terrascan
 CVE-2026-47323 (Camel-CXF and Camel-Knative Message Header Injection via 
Missing Inbou ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-47317 (Uncontrolled Recursion vulnerability in Samsung Open Source 
Escargot a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87853dd38a5664597fdf72ca64d2fc5d79e523e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87853dd38a5664597fdf72ca64d2fc5d79e523e6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to