Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
89236f2f by Moritz Muehlenhoff at 2026-06-17T10:44:23+02:00
auto-nfu: Extend Oracle rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,11 +79,11 @@ CVE-2026-46964 (Vulnerability in the Oracle Universal Work 
Queue product of Orac
 CVE-2026-46963 (Vulnerability in the Oracle Universal Work Queue product of 
Oracle E-B ...)
        NOT-FOR-US: Oracle
 CVE-2026-46962 (Vulnerability in the Oracle Project Portfolio Analysis product 
of Orac ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46961 (Vulnerability in the Oracle Project Portfolio Analysis product 
of Orac ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46960 (Vulnerability in the Oracle Project Portfolio Analysis product 
of Orac ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46959 (Vulnerability in the Oracle Subledger Accounting product of 
Oracle E-B ...)
        NOT-FOR-US: Oracle
 CVE-2026-46958 (Vulnerability in the Oracle Subledger Accounting product of 
Oracle E-B ...)
@@ -91,7 +91,7 @@ CVE-2026-46958 (Vulnerability in the Oracle Subledger 
Accounting product of Orac
 CVE-2026-46957 (Vulnerability in the Oracle iSupplier Portal product of Oracle 
E-Busin ...)
        NOT-FOR-US: Oracle
 CVE-2026-46956 (Vulnerability in the Oracle Property Manager product of Oracle 
E-Busin ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46955 (Vulnerability in the Oracle Human Resources product of Oracle 
E-Busine ...)
        NOT-FOR-US: Oracle
 CVE-2026-46953 (Vulnerability in the Oracle HRMS (UK) product of Oracle 
E-Business Sui ...)
@@ -121,7 +121,7 @@ CVE-2026-46939 (Vulnerability in the Oracle Configure to 
Order product of Oracle
 CVE-2026-46938 (Vulnerability in the Oracle Cost Management product of Oracle 
E-Busine ...)
        NOT-FOR-US: Oracle
 CVE-2026-46937 (Vulnerability in the Oracle iSetup product of Oracle 
E-Business Suite  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46935 (Vulnerability in the Oracle Complex Maintenance, Repair and 
Overhaul p ...)
        NOT-FOR-US: Oracle
 CVE-2026-46934 (Vulnerability in the Oracle Complex Maintenance, Repair and 
Overhaul p ...)
@@ -171,7 +171,7 @@ CVE-2026-46910 (Vulnerability in the JD Edwards 
EnterpriseOne Tools product of O
 CVE-2026-46909 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2026-46908 (Vulnerability in the JD Edwards EnterpriseOne Accounts Payable 
product ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46907 (Vulnerability in the JD Edwards EnterpriseOne Order Promising 
product  ...)
        NOT-FOR-US: Oracle
 CVE-2026-46906 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
@@ -201,11 +201,11 @@ CVE-2026-46895 (Vulnerability in the Oracle Enterprise 
Command Center Framework
 CVE-2026-46894 (Vulnerability in the Oracle iSupplier Portal product of Oracle 
E-Busin ...)
        NOT-FOR-US: Oracle
 CVE-2026-46893 (Vulnerability in the JD Edwards EnterpriseOne General Ledger 
product o ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46892 (Vulnerability in the JD Edwards EnterpriseOne Human Resources 
Manageme ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46891 (Vulnerability in the JD Edwards EnterpriseOne Accounts Payable 
product ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46890 (Vulnerability in the Siebel Apps - Marketing product of Oracle 
Siebel  ...)
        NOT-FOR-US: Oracle
 CVE-2026-46889 (Vulnerability in the Siebel Apps - Marketing product of Oracle 
Siebel  ...)
@@ -217,7 +217,7 @@ CVE-2026-46887 (Vulnerability in the Siebel Apps - 
Marketing product of Oracle S
 CVE-2026-46886 (Vulnerability in the Siebel Apps - Marketing product of Oracle 
Siebel  ...)
        NOT-FOR-US: Oracle
 CVE-2026-46885 (Vulnerability in the Siebel CRM Integration product of Oracle 
Siebel C ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46884 (Vulnerability in the Siebel Apps - Marketing product of Oracle 
Siebel  ...)
        NOT-FOR-US: Oracle
 CVE-2026-46883 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
@@ -269,7 +269,7 @@ CVE-2026-46860 (Vulnerability in the MySQL Router product 
of Oracle MySQL (compo
 CVE-2026-46859 (Vulnerability in the Oracle Agile PLM product of Oracle Supply 
Chain ( ...)
        NOT-FOR-US: Oracle
 CVE-2026-46858 (Vulnerability in the APM - Application Performance Management 
product  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46857 (Vulnerability in the Oracle Enterprise Manager Base Platform 
product o ...)
        NOT-FOR-US: Oracle
 CVE-2026-46856 (Vulnerability in the Oracle Enterprise Manager Base Platform 
product o ...)
@@ -285,7 +285,7 @@ CVE-2026-46852 (Vulnerability in the Oracle Enterprise 
Manager Base Platform pro
 CVE-2026-46851 (Vulnerability in the PeopleSoft Enterprise CS Campus Community 
product ...)
        NOT-FOR-US: Oracle
 CVE-2026-46850 (Vulnerability in the MySQL Shell product of Oracle MySQL 
(component: S ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46849 (Vulnerability in the PeopleSoft Enterprise CS Student 
Financials produ ...)
        NOT-FOR-US: Oracle
 CVE-2026-46848 (Vulnerability in the WebLogic Server product of Oracle Fusion 
Middlewa ...)
@@ -313,7 +313,7 @@ CVE-2026-46814 (Vulnerability in the Oracle WebCenter 
Portal product of Oracle F
 CVE-2026-46813 (Vulnerability in the Oracle WebCenter Content product of 
Oracle Fusion ...)
        NOT-FOR-US: Oracle
 CVE-2026-46812 (Vulnerability in the Oracle Access Manager product of Oracle 
Fusion Mi ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46810 (Vulnerability in the Identity Manager product of Oracle Fusion 
Middlew ...)
        NOT-FOR-US: Oracle
 CVE-2026-46809 (Vulnerability in the Oracle WebCenter Sites product of Oracle 
Fusion M ...)
@@ -347,11 +347,11 @@ CVE-2026-46796 (Vulnerability in the Oracle WebCenter 
Sites product of Oracle Fu
 CVE-2026-46795 (Vulnerability in the Oracle WebCenter Content product of 
Oracle Fusion ...)
        NOT-FOR-US: Oracle
 CVE-2026-46794 (Vulnerability in the Identity Manager Connector product of 
Oracle Fusi ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46793 (Vulnerability in the Identity Manager Connector product of 
Oracle Fusi ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46792 (Vulnerability in the Identity Manager Connector product of 
Oracle Fusi ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46791 (Vulnerability in the Oracle WebCenter Content product of 
Oracle Fusion ...)
        NOT-FOR-US: Oracle
 CVE-2026-46790 (Vulnerability in the Oracle WebCenter Content product of 
Oracle Fusion ...)
@@ -371,15 +371,15 @@ CVE-2026-46784 (Vulnerability in the WebCenter Content: 
Imaging product of Oracl
 CVE-2026-46783 (Vulnerability in the WebCenter Content: Imaging product of 
Oracle Fusi ...)
        TODO: check
 CVE-2026-46782 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46781 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46780 (Vulnerability in the WebCenter Content: Imaging product of 
Oracle Fusi ...)
        TODO: check
 CVE-2026-46779 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46778 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-46777 (Vulnerability in the Oracle WebCenter Content product of 
Oracle Fusion ...)
        NOT-FOR-US: Oracle
 CVE-2026-46776 (Vulnerability in the Oracle Unified Directory product of 
Oracle Fusion ...)
@@ -487,9 +487,9 @@ CVE-2026-35316 (Vulnerability in the Oracle WebCenter 
Content product of Oracle
 CVE-2026-35315 (Vulnerability in the Oracle WebCenter Content product of 
Oracle Fusion ...)
        NOT-FOR-US: Oracle
 CVE-2026-35314 (Vulnerability in the Oracle Access Manager product of Oracle 
Fusion Mi ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35313 (Vulnerability in the Oracle Access Manager product of Oracle 
Fusion Mi ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35312 (Vulnerability in the Oracle Virtual Directory product of 
Oracle Fusion ...)
        TODO: check
 CVE-2026-35311 (Vulnerability in the WebLogic Server product of Oracle Fusion 
Middlewa ...)
@@ -525,7 +525,7 @@ CVE-2026-35296 (Vulnerability in the Oracle WebCenter Sites 
product of Oracle Fu
 CVE-2026-35295 (Vulnerability in the Oracle WebCenter Sites product of Oracle 
Fusion M ...)
        NOT-FOR-US: Oracle
 CVE-2026-35294 (Vulnerability in the Identity Manager Connector product of 
Oracle Fusi ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35293 (Vulnerability in the Oracle WebCenter Sites product of Oracle 
Fusion M ...)
        NOT-FOR-US: Oracle
 CVE-2026-35292 (Vulnerability in the WebLogic Server product of Oracle Fusion 
Middlewa ...)
@@ -539,17 +539,17 @@ CVE-2026-35288 (Vulnerability in the PeopleSoft 
Enterprise PT PeopleTools produc
 CVE-2026-35286 (Vulnerability in the Oracle WebCenter Content product of 
Oracle Fusion ...)
        NOT-FOR-US: Oracle
 CVE-2026-35285 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35284 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35283 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35282 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35281 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35280 (Vulnerability in the Oracle WebCenter Enterprise Capture 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35279 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools 
product of O ...)
        TODO: check
 CVE-2026-35278 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools 
product of O ...)
@@ -579,7 +579,7 @@ CVE-2026-35263 (Vulnerability in the WebLogic Server 
product of Oracle Fusion Mi
 CVE-2026-35262 (Vulnerability in the Oracle Data Integrator product of Oracle 
Fusion M ...)
        TODO: check
 CVE-2026-35261 (Vulnerability in the Oracle Access Manager product of Oracle 
Fusion Mi ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2026-35259 (Vulnerability in the WebLogic Server product of Oracle Fusion 
Middlewa ...)
        TODO: check
 CVE-2026-35258 (Vulnerability in the WebLogic Server product of Oracle Fusion 
Middlewa ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -580,11 +580,17 @@
   allOf:
     - cna: oracle
     - anyOf:
+      - product: APM - Application Performance Management
       - product: Identity Manager
+      - product: Identity Manager Connector
+      - product: JD Edwards EnterpriseOne Accounts Payable
+      - product: JD Edwards EnterpriseOne General Ledger
+      - product: JD Edwards EnterpriseOne Human Resources Management
       - product: JD Edwards EnterpriseOne Order Promising
       - product: JD Edwards EnterpriseOne Project Costing
       - product: JD Edwards EnterpriseOne Tools
       - product: MySQL Cluster
+      - product: Oracle Access Manager
       - product: Oracle Advanced Inbound Telephony
       - product: Oracle Advanced Outbound Telephony
       - product: Oracle Agile PLM
@@ -633,6 +639,7 @@
       - product: Oracle Hyperion Infrastructure Technology
       - product: Oracle Identity Manager
       - product: Oracle Identity Manager Connector
+      - product: Oracle iSetup
       - product: Oracle iSupport
       - product: Oracle Lease and Finance Management
       - product: Oracle Life Sciences Empirica Signal
@@ -647,6 +654,8 @@
       - product: Oracle Process Manufacturing Product Development
       - product: Oracle Process Manufacturing Process Planning
       - product: Oracle Product Hub
+      - product: Oracle Project Portfolio Analysis
+      - product: Oracle Property Manager
       - product: Oracle Public Sector Financials (International)
       - product: Oracle Public Sector Payroll
       - product: Oracle Quality
@@ -662,6 +671,7 @@
       - product: Oracle User Management
       - product: Oracle Utilities Application Framework
       - product: Oracle WebCenter Content
+      - product: Oracle WebCenter Enterprise Capture
       - product: Oracle WebCenter Portal
       - product: Oracle WebCenter Sites
       - product: Oracle WebLogic Server
@@ -691,6 +701,7 @@
       - product: Siebel CRM Cloud Applications
       - product: Siebel CRM End User
       - product: Siebel CRM Deployment
+      - product: Siebel CRM Integration
 - reason: SUSE
   allOf:
     - cna: suse



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89236f2f60da78503c1565957eb8f240e480adde

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89236f2f60da78503c1565957eb8f240e480adde
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to