Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e5d8262f by security tracker role at 2026-06-30T19:18:43+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2026-9711 (The EventON - WordPress Virtual Event Calendar Plugin plugin 
for WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9263 (The Zephyr Bluetooth controller ISO Adaptation Layer 
(subsys/bluetooth ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-8864 (The HP Fan Control App might allow local escalation of 
privileges. An  ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2026-8655 (Multiple Memory overflow vulnerabilities inNetScaler ADC and 
NetScaler ...)
        TODO: check
 CVE-2026-8452 (Memory overflow vulnerabilityNetScaler ADC and NetScaler 
Gatewayleadin ...)
@@ -15,7 +15,7 @@ CVE-2026-8403 (Improper neutralization of input during web 
page generation ('cro
 CVE-2026-8402 (Improper neutralization of special elements used in an SQL 
command ('S ...)
        TODO: check
 CVE-2026-8141 (The Ajax Load More - Filters plugin for WordPress is vulnerable 
to Sto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6954 (Cross-Site Scripting (XSS) vulnerability in Intermark IT's 
WebControl  ...)
        TODO: check
 CVE-2026-6953 (HTML injection vulnerability in Intermark IT's WebControl CMS 
v3.5. Th ...)
@@ -25,7 +25,7 @@ CVE-2026-6556 (@fastify/express versions 4.0.6 and earlier 
only rewrite the plug
 CVE-2026-58377 (JeecgBoot through 3.9.2 contains a broken access control 
vulnerability ...)
        TODO: check
 CVE-2026-58376 (Dolibarr through 23.0.3, fixed in commit 14db36e, contains a 
sql injec ...)
-       TODO: check
+       NOT-FOR-US: Dolibarr
 CVE-2026-58375 (JimuReport through 2.5.0 exposes the POST 
/jmreport/auto/export endpoi ...)
        TODO: check
 CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode 
Wi-Fi 7 (IEE ...)
@@ -115,29 +115,29 @@ CVE-2026-49434 (Improper Input Validation vulnerability 
in Apache ActiveMQ Broke
 CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ, 
Apache Act ...)
        TODO: check
 CVE-2026-48315 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48314 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48313 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48307 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by a refl ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48286 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and 
earlier are ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48285 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by a Serv ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48283 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Unr ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48282 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48281 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48277 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48276 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Unr ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48192 (A vulnerability has been identified in Mendix Studio Pro 10.11 
(All ve ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2026-47105
        REJECTED
 CVE-2026-45822 (decode-uri-component through 0.4.1 is vulnerable to denial of 
service. ...)
@@ -179,9 +179,9 @@ CVE-2026-14209 (A vulnerability was discovered in 
Keycloak's Admin UI extension
 CVE-2026-14178 (openGauss \u5728\u5904\u7406\u5e26 NLS \u53c2\u6570\u7684 
to_timestamp ...)
        TODO: check
 CVE-2026-14162 (Hospital Queuing Management developed by Advantech has a 
Sensitive Dat ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2026-14161 (Hospital Quening Management developed by Advantech has a 
Sensitive Dat ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2026-13474 (Denial of service via malformed HTTP/2 requests inNetScaler 
ADC and Ne ...)
        TODO: check
 CVE-2026-13455 (PostgreSQL Anonymizer contains a vulnerability that allows 
unprivilege ...)
@@ -193,7 +193,7 @@ CVE-2026-13149 (brace-expansion through 5.0.6 is vulnerable 
to denial of service
 CVE-2026-12610 (A flaw was found in sssd. When authenticating with a YubiKey, 
the SSSD ...)
        TODO: check
 CVE-2026-12578 (The affected product is vulnerable to a deserialization of 
untrusted d ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2026-12388 (A flaw was found in the Identity Provider (IdP) mapper 
component of Ke ...)
        TODO: check
 CVE-2026-12076 (Raytha CMS is vulnerable to SQL Injection within the OData 
filter pars ...)
@@ -203,25 +203,25 @@ CVE-2026-10817 (Insufficient input validation leading to 
memory overread inNetSc
 CVE-2026-10816 (Arbitrary File Read (Unauthenticated) inNetScaler ADC and 
NetScaler Ga ...)
        TODO: check
 CVE-2026-10763 (PROMOD V is using insecure HTTP communication instead of 
HTTPS. The vu ...)
-       TODO: check
+       NOT-FOR-US: Hitachi Energy
 CVE-2026-10655 (The asynchronous SNTP client in Zephyr 
(subsys/net/lib/sntp/sntp.c, sn ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10654 (A race condition in the Zephyr Bluetooth Classic RFCOMM host 
stack (su ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10653 (The Zephyr net_buf library (lib/net_buf/buf.c) manipulated 
both of its ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10652 (Zephyr's DNS resolver (subsys/net/lib/dns) parses resource 
records fro ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10513 (The Webmention plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-7406 (Nokia MantaRay NM is vulnerable to a sudo privilege escalation 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Nokia
 CVE-2025-53648 (SQL misconfiguration in the Gravitino UI, in versions 1.0.0 
and below, ...)
        TODO: check
 CVE-2025-24816 (Nokia MantaRay is subject to an Improper Access Control 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Nokia
 CVE-2025-24815 (Nokia MantaRay NM is subject to an unrestricted file upload 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Nokia
 CVE-2026-58030 [Escape linelinks argument before passing it on to Pygments]
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T427167



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5d8262f7bdb6215642b46b06634349afb3e7ec5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5d8262f7bdb6215642b46b06634349afb3e7ec5
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to