Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb68e3cd by security tracker role at 2026-06-10T07:13:53+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,11 +27,11 @@ CVE-2026-9740 (A vulnerability in MongoDB Server's BSON
validation logic allows
CVE-2026-9735 (MongoDB server may log authentication parameters, including
credential ...)
TODO: check
CVE-2026-9067 (The Schema & Structured Data for WP & AMP WordPress plugin
before 1.60 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9060 (The Store Locator WordPress plugin before 1.6.6 does not
sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8071 (The Anti-Spam by CleanTalk. Spam protection WordPress plugin
before 6. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6445 (A flaw exists in FlashArray Purity where insufficient filtering
of cer ...)
TODO: check
CVE-2026-6444 (A flaw exists in the FlashArray Purity management interface
where an a ...)
@@ -43,89 +43,89 @@ CVE-2026-53674 (BuddyPress 14.4.0 contains a regular
expression injection vulner
CVE-2026-53673 (BuddyPress 14.4.0 contains an insecure direct object reference
vulnera ...)
TODO: check
CVE-2026-48306 (Substance3D - Sampler versions 6.0.0 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48305 (Substance3D - Sampler versions 6.0.0 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48303 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and
earlier are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48292 (Format Plugins versions 1.1.2 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48291 (Format Plugins versions 1.1.2 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47961 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47960 (ColdFusion versions 2023.19, 2025.8 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47959 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47955 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47952 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47938 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and
earlier are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47937 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47933 (ColdFusion versions 2023.19, 2025.8 and earlier are affected
by a stor ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47932 (ColdFusion versions 2023.19, 2025.8 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47931 (ColdFusion versions 2023.19, 2025.8 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47930 (ColdFusion versions 2023.19, 2025.8 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47929 (ColdFusion versions 2023.19, 2025.8 and earlier are affected
by an Inc ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47928 (ColdFusion versions 2023.19, 2025.8 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47926 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47925 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47924 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47923 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47921 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47920 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47919 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47918 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47917 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47916 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47915 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47914 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47913 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47912 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47911 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47910 (Dreamweaver Desktop versions 21.7 and earlier are affected by
an Incor ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47909 (Dreamweaver Desktop versions 21.7 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47908 (Dreamweaver Desktop versions 21.7 and earlier are affected by
an Acces ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47907 (Dreamweaver Desktop versions 21.7 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47906 (Dreamweaver Desktop versions 21.7 and earlier are affected by
a Depend ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47905 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47904 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47903 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47902 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47838 (SubjectDnX509PrincipalExtractor does not correctly handle
certain malf ...)
TODO: check
CVE-2026-47106 (Ellucian Banner Self-Service before the April T2 release
(2025-04-23) ...)
@@ -147,7 +147,7 @@ CVE-2026-46539 (Nimiq is a Rust implementation of the Nimiq
Proof-of-Stake proto
CVE-2026-46532 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
TODO: check
CVE-2026-46518 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-46517 (LMDeploy is a toolkit for compressing, deploying, and serving
large la ...)
TODO: check
CVE-2026-46491 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS
server in t ...)
@@ -231,19 +231,19 @@ CVE-2026-40991 (When using spring-restdocs-webtestclient
or spring-restdocs-rest
CVE-2026-40988 (An application using spring-security-saml2-service-provider
and the RE ...)
TODO: check
CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-34713 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34712 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34711 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34710 (Substance3D - Sampler versions 6.0.0 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34709 (Substance3D - Sampler versions 6.0.0 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34657 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34417 (OSCAL-GUI contains a reflected cross-site scripting
vulnerability that ...)
TODO: check
CVE-2026-34416 (OSCAL-GUI contains a reflected cross-site scripting
vulnerability that ...)
@@ -251,37 +251,37 @@ CVE-2026-34416 (OSCAL-GUI contains a reflected cross-site
scripting vulnerabilit
CVE-2026-32856 (Ellucian Banner Self-Service before the April T2 release
(2025-04-23) ...)
TODO: check
CVE-2026-29116 (A vulnerability has been found in some Dahua products could
allow an u ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2026-29115 (A vulnerability has been found in some Dahua products could
allow an a ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2026-29114 (A vulnerability has been found in some Dahua products. An
attacker may ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2026-26241 (A buffer overflow vulnerability has been reported to affect
File Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-26240 (A buffer overflow vulnerability has been reported to affect
File Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-26239 (A buffer overflow vulnerability has been reported to affect
File Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-26237 (A missing authorization vulnerability has been reported to
affect QuMa ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-25860 (OpenClinic GA 5.351.19 contains a reflected cross-site
scripting vulne ...)
TODO: check
CVE-2026-25557 (Evoluted PHP Directory Listing Script through 4.0.5 contains a
reflect ...)
TODO: check
CVE-2026-24724 (An incorrect authorization vulnerability has been reported to
affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24720 (An allocation of resources without limits or throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24719 (A command injection vulnerability has been reported to affect
several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24717 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24716 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-22899 (A NULL pointer dereference vulnerability has been reported to
affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-22893 (A command injection vulnerability has been reported to affect
several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-11837 (A local privilege escalation vulnerability was found in the
ansible.po ...)
TODO: check
CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based buffer overflow
vulnerabili ...)
@@ -289,7 +289,7 @@ CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based
buffer overflow vulne
CVE-2026-11822 (SQLite before 3.53.2 contains memory corruption
vulnerabilities in the ...)
TODO: check
CVE-2026-11815 (An attacker who intercepts and tampers with traffic between
the client ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2026-11799 (UXSS in Focus for iOS / Klar Webkit navigation. This
vulnerability was ...)
TODO: check
CVE-2026-10846 (NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when
used in ...)
@@ -297,27 +297,27 @@ CVE-2026-10846 (NLnet Labs ldns 1.2.0 up to and including
versions 1.9.0, when u
CVE-2026-10238
REJECTED
CVE-2025-8444 (The Animation Addons for Elementor \u2013 GSAP Powered
Elementor Addon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-71319 (image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a
denial ...)
TODO: check
CVE-2025-66281 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66280 (An integer overflow or wraparound vulnerability has been
reported to a ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66279 (A command injection vulnerability has been reported to affect
several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66276 (QuTS hero is not affected. We have already fixed the
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66273 (A command injection vulnerability has been reported to affect
several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62851 (A path traversal vulnerability has been reported to affect
License Cen ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62850 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not affected. We have already
fixed the ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-11526
- libgd-perl <unfixed>
NOTE: Fixed by:
https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210
(v2.86)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb68e3cd1437fa8102f75a5cdfb6947fdde013ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb68e3cd1437fa8102f75a5cdfb6947fdde013ef
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
