Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6ceff25 by security tracker role at 2026-06-10T19:14:11+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2026-9758 (Improper comparison with the certificates trusted list in S2OPC
allows ...)
TODO: check
CVE-2026-9151 (An OS command injection vulnerability exists in the VPN module
of TP-L ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-9045 (During an internal security assessment, a potential
vulnerability was ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-9019 (The Easy Image Collage plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8853 (The MW WP Form plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8637 (A potential uncontrolled search path vulnerability was reported
in the ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-8613 (The aThemes Addons for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8335 (A missing authentication check on the Aix\u2011DB
"/llm/process_llm_ou ...)
TODO: check
CVE-2026-7516 (A vulnerability was identified in the Lenovo Android
Application, dist ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-6090 (A potential authentication bypass was reported in Lenovo Smart
Connect ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-53698 (Silverpeas through 6.4.6 mishandles the "Personal space"
feature that ...)
TODO: check
CVE-2026-53694 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
@@ -41,21 +41,21 @@ CVE-2026-53470 (A flaw was found in migration-planner. An
authenticated attacker
CVE-2026-53469 (A flaw was found in migration-planner. An authenticated user
can explo ...)
TODO: check
CVE-2026-53442 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not
encrypt se ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53441 (Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1
through 2.55 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53440 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not
ensure tha ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53439 (Missing permission checks in Jenkins 2.567 and earlier, LTS
2.555.2 an ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53438 (A missing permission check in Jenkins 2.567 and earlier, LTS
2.555.2 a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53437 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly
determin ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53436 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly
determin ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53435 (In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is
possible ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-52759 (Ghidra before 12.1.1 contains an uncontrolled memory
allocation vulner ...)
TODO: check
CVE-2026-52758 (Ghidra before 12.1 contains a SQL injection vulnerability in
BSim filt ...)
@@ -121,7 +121,7 @@ CVE-2026-49496 (Ghidra before 12.1 contains a
heap-use-after-free vulnerability
CVE-2026-49495 (Ghidra 10.2 before 12.1 contains an uncontrolled resource
consumption ...)
TODO: check
CVE-2026-49069 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48860 (Reliance on IP Address for Authentication vulnerability in
Erlang/OTP ...)
TODO: check
CVE-2026-48859 (Observable Timing Discrepancy vulnerability in Erlang/OTP ssh
(ssh_aut ...)
@@ -143,13 +143,13 @@ CVE-2026-46618 (Fission is an open-source,
Kubernetes-native serverless framewor
CVE-2026-46617 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
TODO: check
CVE-2026-46616 (Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and
17.4.0, some ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2026-46614 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
TODO: check
CVE-2026-46612 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
TODO: check
CVE-2026-46609 (Umbraco is an ASP.NET CMS. From version 14.0.0 to before
version 17.4. ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2026-46558 (Plane is an open-source project management tool. Prior to
version 1.3. ...)
TODO: check
CVE-2026-46497 (Crawlee is a web scraping and browser automation library. From
version ...)
@@ -185,45 +185,45 @@ CVE-2026-45549 (Roxy-WI is a web interface for managing
Haproxy, Nginx, Apache a
CVE-2026-45062 (FrankenPHP is a modern application server for PHP. From
version 1.11.2 ...)
TODO: check
CVE-2026-3018 (The Newsletters plugin for WordPress is vulnerable to
time-based SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-25700 (Improper Restriction of Security Token Assignment
vulnerability in Apa ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24067 (Slate Digital Connect 1.37.0 for macOS installs a privileged
helper to ...)
TODO: check
CVE-2026-24066 (Slate Digital Connect 1.37.0 for macOS installs a privileged
helper to ...)
TODO: check
CVE-2026-20260 (In Splunk SOAR (Security Orchestration, Automation, and
Response) vers ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20259 (In Splunk Enterprise versions below 10.2.4 and 10.0.7, and
Splunk Clou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20258 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20257 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20256 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20255 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20254 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20253 (In Splunk Enterprise versions below 10.2.4 and 10.0.7, and
Splunk Clou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20252 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20251 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-11884 (A heap buffer overflow flaw was found in 389 Directory Server.
When se ...)
TODO: check
CVE-2026-11859 (An HTML injection vulnerability in the "fetch links" email
sent by Thi ...)
TODO: check
CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be
susceptible ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2026-11596 (In ScreenConnect\u2122 versions prior to 26.2, input
validation within ...)
TODO: check
CVE-2026-11417 (OS command injection in the NodejsFunction local bundling
pipeline in ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-10740 (Unbounded memory allocation in the CRYPTO frame reassembler in
s2n-qui ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-10721 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection
viaunse ...)
TODO: check
CVE-2025-71330 (image-size through 2.0.2 contains a denial of service
vulnerability th ...)
@@ -231,11 +231,11 @@ CVE-2025-71330 (image-size through 2.0.2 contains a
denial of service vulnerabil
CVE-2025-71329 (image-size through 2.0.2 contains a denial of service
vulnerability th ...)
TODO: check
CVE-2025-6254 (The Doctreat Core plugin for WordPress is vulnerable to
Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10238 (During an internal security assessment, apotential
out-of-bounds write ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-10237 (During an internal security assessment, a potential
vulnerability was ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-58350 (Ghidra before 11.2 contains a use after free vulnerability in
the Slei ...)
TODO: check
CVE-2026-XXXX [OnionShare follows symlinks in shared directories, allowing
unintended disclosure of local files]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6ceff25bfc91364efe6e317e444c89ee3f51f14
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6ceff25bfc91364efe6e317e444c89ee3f51f14
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
