Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27b375f0 by security tracker role at 2026-06-11T19:14:23+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,11 +11,11 @@ CVE-2026-8464 (Golem OEE MES is vulnerable to an
unauthenticated path traversal
CVE-2026-8406 (openSIS Classic 9.3 contains an insecure direct object
reference vulne ...)
TODO: check
CVE-2026-7870 (IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain
elevated privi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7852 (Unrestricted upload of file with dangerous type vulnerability
in Limat ...)
TODO: check
CVE-2026-7787 (IBM Langflow OSS 1.0.0 through 1.9.1 could allow an
authenticated user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7250 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-6976 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -85,7 +85,7 @@ CVE-2026-52858 (Vim is an open source, command line text
editor. Prior to versio
CVE-2026-52726 (Dulwich is a pure-Python implementation of the Git file
formats and pr ...)
TODO: check
CVE-2026-50223 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50131 (Fedify is a TypeScript library for building federated server
apps powe ...)
TODO: check
CVE-2026-50127 (Weblate is a web based localization tool. From version 5.15 to
before ...)
@@ -93,7 +93,7 @@ CVE-2026-50127 (Weblate is a web based localization tool.
From version 5.15 to b
CVE-2026-4764 (A Missing Authorization vulnerability in the playbook import
functiona ...)
TODO: check
CVE-2026-4096 (IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP
header injec ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-49982 (tmp is a temporary file and directory creator for node.js. In
version ...)
TODO: check
CVE-2026-49219 (ImageMagick is free and open-source software used for editing
and mani ...)
@@ -121,7 +121,7 @@ CVE-2026-48107 (Russh is a Rust SSH client & server
library. From version 0.37.0
CVE-2026-48011 (Shopware is an open commerce platform. Prior to versions
6.6.10.18 and ...)
TODO: check
CVE-2026-47342 (A privilege escalation vulnerability in Apache OFBiz allows a
low-priv ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-47250 (mcp-server-kubernetes is a Model Context Protocol server for
Kubernete ...)
TODO: check
CVE-2026-47213 (Boxlite is a sandbox service that allows users to create
lightweight v ...)
@@ -199,11 +199,11 @@ CVE-2026-45384 (bit7z is a cross-platform C++ static
library that allows the com
CVE-2026-45380 (bit7z is a cross-platform C++ static library that allows the
compressi ...)
TODO: check
CVE-2026-45178 (Idira Secrets Manager Self-Hosted versions 13.8.0 and lower
exhibit im ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-45177 (Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit
improper ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-45176 (Idira Endpoint Privilege Manager Agent versions prior to 26.5
exhibit ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-45106 (Weblate is a web based localization tool. Prior to version
2026.5, Web ...)
TODO: check
CVE-2026-44705 (tmp is a temporary file and directory creator for node.js.
Prior to 0. ...)
@@ -245,7 +245,7 @@ CVE-2026-41700 (Spring for GraphQL applications that have
enabled the WebSocket
CVE-2026-41699 (Spring for GraphQL applications are vulnerable to Unsafe
Deserializati ...)
TODO: check
CVE-2026-41001 (Spring Boot's ArtemisEmbeddedConfigurationFactory uses a
fixed, static ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41000 (Wss4jSecurityInterceptor did not consistently wire Apache
WSS4J Replay ...)
TODO: check
CVE-2026-40999 (When WS-Addressing is used with non-anonymous ReplyTo or
FaultTo addre ...)
@@ -261,7 +261,7 @@ CVE-2026-40995 (X509AuthenticationProvider could issue a
fully authenticated X50
CVE-2026-40994 (Wss4jSecurityInterceptor initialized its BSP (WS-I Basic
Security Prof ...)
TODO: check
CVE-2026-40992 (Spring Boot's Mail auto-configuration does not enable hostname
verific ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40987 (A malicious or compromised FTP/SFTP/SMB server can write
arbitrary fil ...)
TODO: check
CVE-2026-40986 (Spring Web Flow's JavaScript RemotingHandler renders the body
of an er ...)
@@ -271,15 +271,15 @@ CVE-2026-40985 (Applications that configure the
WebFlowELExpressionParser are vu
CVE-2026-3553 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3329 (A remote unauthenticated attacker may be able to conduct
credential-gu ...)
- TODO: check
+ NOT-FOR-US: Sonatype
CVE-2026-38581 (SQL Injection vulnerability in damasac thaipalliative_lte
through vers ...)
TODO: check
CVE-2026-35273 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-2827 (The Open User Map PRO plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1500 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-11986 (A flaw was found in the admin-ui-ext component of Keycloak,
which prov ...)
@@ -301,9 +301,9 @@ CVE-2026-11604 (An incorrect buffer size calculation in the
epoch key generator
CVE-2026-11561 (Improper neutralization of special elements used in an
expression lang ...)
TODO: check
CVE-2026-10847 (A local privilege escalation vulnerability exists in Check
Point Ident ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-10795 (The UpdraftPlus: WP Backup & Migration Plugin plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10733 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-10142 (kafka-python prior to 2.3.2 contains a denial-of-service
vulnerability ...)
@@ -311,63 +311,63 @@ CVE-2026-10142 (kafka-python prior to 2.3.2 contains a
denial-of-service vulnera
CVE-2026-10087 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-0274 (An improper validation of credentials vulnerability in the
CommvaultSe ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0273 (A command injection vulnerability in Palo Alto Networks
PAN-OS\xae sof ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0272 (A privilege escalation vulnerability in Palo Alto Networks
PAN-OS\xae ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0271 (A privilege escalation (PE) vulnerability in the Palo Alto
Networks Pr ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0270 (A path traversal vulnerability in Palo Alto Networks Cortex
XSOAR engi ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0269 (A memory corruption vulnerability in the processing of tunnel
traffic ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0268 (A security control bypass vulnerability in Prisma Access Agent
for Lin ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0267 (An information exposure vulnerability in the Palo Alto Networks
Global ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0266 (A cross-site scripting (XSS) vulnerability in Palo Alto
Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-7064 (Authentication bypass by primary weakness vulnerability in ABB
Freelan ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-46315 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46313 (A logging issue was addressed with improved data redaction.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46308 (An authorization issue was addressed with improved state
management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46293 (This issue was addressed with improved handling of symlinks.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43339 (An access issue was addressed with additional sandbox
restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43278 (This issue was addressed with improved handling of symlinks.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31272 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30459 (A privacy issue was addressed by removing the vulnerable code.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30431 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24284 (This issue was addressed with improved checks to prevent
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24268 (A parsing issue in the handling of directory paths was
addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24165 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-45636 (IBM Security QRadar EDR 3.12 through 3.12.24 stores user
credentials i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-32110 (Cross-Site request forgery (CSRF) vulnerability in Magepeople
inc. WpE ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-21944 (Improper input validation for DIMM serial presence detect
(SPD) metada ...)
TODO: check
CVE-2023-40200 (Authorization bypass through User-Controlled key vulnerability
in Esse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2023-33999 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2023-32959 (Missing Authorization vulnerability in Sparkle WP MetroStore
metrostor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-48575 (A person with access to a Mac may be able to bypass Login
Window. A co ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-10143 (kafka-python prior to 2.3.2 contains a denial-of-service
vulnerability ...)
- python-kafka <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487722
@@ -364668,7 +364668,7 @@ CVE-2023-25971 (Cross-Site Request Forgery (CSRF)
vulnerability in FixBD Educare
CVE-2023-25970 (Unrestricted Upload of File with Dangerous Type vulnerability
in Zendr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25969 (Missing Authorization vulnerability in ThemeHunk Contact Form
& Lead F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs,
Madalin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo
Community by ...)
@@ -381169,7 +381169,7 @@ CVE-2022-47152 (Cross-Site Request Forgery (CSRF)
vulnerability in Etison, LLC C
CVE-2022-47151 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47150 (Cross-Site request forgery (CSRF) vulnerability in weDevs
WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty
Links plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP
Overnight PDF In ...)
@@ -385381,7 +385381,7 @@ CVE-2022-45815 (Cross-Site Request Forgery (CSRF)
vulnerability in StylemixTheme
CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von
Allmen W ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45813 (Missing Authorization vulnerability in BeRocket Advanced AJAX
Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45811 (Missing Authorization vulnerability in WeyHan Ng Post
Teaser.This issu ...)
@@ -389974,7 +389974,7 @@ CVE-2022-44632 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in 1ap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44630 (Cross-Site request forgery (CSRF) vulnerability in YITH YITH
WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-44629 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cata ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jump ...)
@@ -394858,7 +394858,7 @@ CVE-2022-42494 (Server Side Request Forgery (SSRF)
vulnerability in All in One S
CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Galax ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42479 (Missing Authorization vulnerability in TemplateHouse Soledad
allows Ac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inAdeel
Ahmed'sI ...)
NOT-FOR-US: Adeel Ahmed's IP Blacklist
CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google
Authenticat ...)
@@ -442399,7 +442399,7 @@ CVE-2022-26760 (A memory corruption issue was
addressed with improved state mana
CVE-2022-26759
RESERVED
CVE-2022-26758 (A malicious application may cause unexpected changes in memory
shared ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26757 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2022-26756 (An out-of-bounds write issue was addressed with improved input
validat ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b375f0d85149aced6fddda2ebf321143f6abb5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b375f0d85149aced6fddda2ebf321143f6abb5
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
