Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c9c00df by security tracker role at 2026-06-25T07:14:07+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-9773 (Unraid Web Server ToggleState Command 
Injection Remote Code Execu
 CVE-2026-9772 (Unraid Web Server FileUpload Command Injection Remote Code 
Execution V ...)
        TODO: check
 CVE-2026-9702 (The InPost PL WordPress plugin before 1.9.1 does not verify 
that the r ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9155 (OS Command Injection vulnerability in Rapid7 InsightConnect Sed 
Plugin ...)
        TODO: check
 CVE-2026-9154 (Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed 
Plugin ...)
@@ -57,21 +57,21 @@ CVE-2026-8658 (OS Command Injection vulnerability in Rapid7 
InsightConnect Tcpdu
 CVE-2026-8592 (OS Command Injection vulnerability in the process_string action 
of Rap ...)
        TODO: check
 CVE-2026-8330 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-7570 (Quest NetVault Backup NVBUDashboard SQL Injection Remote Code 
Executio ...)
        TODO: check
 CVE-2026-7569 (Quest NetVault Backup viewclient Cross-Site Scripting 
Authentication B ...)
        TODO: check
 CVE-2026-7539 (A potential security vulnerability has been identified in the 
HP Acces ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2026-5952 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-5796 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-5309 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-5305 (The Email Address Encoder WordPress plugin before 1.0.25, 
email-encode ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-57589 (sys/kern/sysv_sem.c in OpenBSD through 7.9 has a 
use-after-free allowi ...)
        TODO: check
 CVE-2026-55762 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
@@ -195,7 +195,7 @@ CVE-2026-45677 (Rocket.Chat is an open-source, secure, 
fully customizable commun
 CVE-2026-40079 (Cacti is an open source performance and fault management 
framework. Ve ...)
        TODO: check
 CVE-2026-3176 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-39955 (Cacti is an open source performance and fault management 
framework. Ve ...)
        TODO: check
 CVE-2026-39951 (Cacti is an open source performance and fault management 
framework. Ve ...)
@@ -223,9 +223,9 @@ CVE-2026-32315 (motionEye (mEye) is an online interface for 
motion software, a v
 CVE-2026-31978 (motionEye (mEye) is an online interface for motion software, 
which is  ...)
        TODO: check
 CVE-2026-2508 (The Gravity Forms Booking plugin for WordPress is vulnerable to 
time-b ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-2238 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-27708 (FOSSBilling is a free, open-source billing and client 
management syste ...)
        TODO: check
 CVE-2026-25119 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, when  ...)
@@ -235,7 +235,7 @@ CVE-2026-23879 (py7zr is a Python-based library and utility 
to support 7zip arch
 CVE-2026-1840 (The Aclara Metrum Cellular Web Interface is vulnerable to 
unauthorized ...)
        TODO: check
 CVE-2026-1606 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-13311 (shell-quote prior to 1.8.5 finalizes parsed tokens in parse() 
using Ar ...)
        TODO: check
 CVE-2026-13038 (Use after free in Autofill in Google Chrome on Windows prior 
to 149.0. ...)
@@ -275,7 +275,7 @@ CVE-2026-13022 (Inappropriate implementation in Autofill in 
Google Chrome prior
 CVE-2026-13021 (Inappropriate implementation in DeviceBoundSessionCredentials 
in Googl ...)
        TODO: check
 CVE-2026-12635 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-12490 (When a provide-xfr is given with a tls-auth-name, a secondary 
requesti ...)
        TODO: check
 CVE-2026-12246 (NSD version 4.14.0 introduced a bug where a specially crafted 
APL RR,  ...)
@@ -285,29 +285,29 @@ CVE-2026-12245 (NSD from version 4.13.0 has a heap 
use-after-free bug in logging
 CVE-2026-12244 (If NSD is configured as secondary for a zone, the primary of 
that zone ...)
        TODO: check
 CVE-2026-12079 (The Dokan Pro plugin for WordPress is vulnerable to time-based 
SQL Inj ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12077 (The Dokan Pro plugin for WordPress is vulnerable to time-based 
SQL Inj ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12053 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-11998 (A flaw in AngularJS' Strict Contextual Escaping (SCE) logic 
allows byp ...)
        TODO: check
 CVE-2026-11379 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-10833 (The Gutenberg Essential Blocks \u2013 Page Builder for 
Gutenberg Block ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10824 (The Masteriyo LMS  WordPress plugin before 2.2.1 does not 
perform auth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10712 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-10642 (The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) 
contains an ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10086 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-10043 (MosaicML Composer Deserialization of Untrusted Data Remote 
Code Execut ...)
        TODO: check
 CVE-2026-0934 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2025-8106
        REJECTED
 CVE-2025-64719 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, a mal ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c9c00df3d77571998c04bf6d32c63db04ee3bf7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c9c00df3d77571998c04bf6d32c63db04ee3bf7
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to