Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5d8262f by security tracker role at 2026-06-30T19:18:43+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2026-9711 (The EventON - WordPress Virtual Event Calendar Plugin plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9263 (The Zephyr Bluetooth controller ISO Adaptation Layer
(subsys/bluetooth ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-8864 (The HP Fan Control App might allow local escalation of
privileges. An ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-8655 (Multiple Memory overflow vulnerabilities inNetScaler ADC and
NetScaler ...)
TODO: check
CVE-2026-8452 (Memory overflow vulnerabilityNetScaler ADC and NetScaler
Gatewayleadin ...)
@@ -15,7 +15,7 @@ CVE-2026-8403 (Improper neutralization of input during web
page generation ('cro
CVE-2026-8402 (Improper neutralization of special elements used in an SQL
command ('S ...)
TODO: check
CVE-2026-8141 (The Ajax Load More - Filters plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6954 (Cross-Site Scripting (XSS) vulnerability in Intermark IT's
WebControl ...)
TODO: check
CVE-2026-6953 (HTML injection vulnerability in Intermark IT's WebControl CMS
v3.5. Th ...)
@@ -25,7 +25,7 @@ CVE-2026-6556 (@fastify/express versions 4.0.6 and earlier
only rewrite the plug
CVE-2026-58377 (JeecgBoot through 3.9.2 contains a broken access control
vulnerability ...)
TODO: check
CVE-2026-58376 (Dolibarr through 23.0.3, fixed in commit 14db36e, contains a
sql injec ...)
- TODO: check
+ NOT-FOR-US: Dolibarr
CVE-2026-58375 (JimuReport through 2.5.0 exposes the POST
/jmreport/auto/export endpoi ...)
TODO: check
CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode
Wi-Fi 7 (IEE ...)
@@ -115,29 +115,29 @@ CVE-2026-49434 (Improper Input Validation vulnerability
in Apache ActiveMQ Broke
CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ,
Apache Act ...)
TODO: check
CVE-2026-48315 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48314 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48313 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48307 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by a refl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48286 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and
earlier are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48285 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by a Serv ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48283 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Unr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48282 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48281 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48277 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48276 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Unr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48192 (A vulnerability has been identified in Mendix Studio Pro 10.11
(All ve ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-47105
REJECTED
CVE-2026-45822 (decode-uri-component through 0.4.1 is vulnerable to denial of
service. ...)
@@ -179,9 +179,9 @@ CVE-2026-14209 (A vulnerability was discovered in
Keycloak's Admin UI extension
CVE-2026-14178 (openGauss \u5728\u5904\u7406\u5e26 NLS \u53c2\u6570\u7684
to_timestamp ...)
TODO: check
CVE-2026-14162 (Hospital Queuing Management developed by Advantech has a
Sensitive Dat ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2026-14161 (Hospital Quening Management developed by Advantech has a
Sensitive Dat ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2026-13474 (Denial of service via malformed HTTP/2 requests inNetScaler
ADC and Ne ...)
TODO: check
CVE-2026-13455 (PostgreSQL Anonymizer contains a vulnerability that allows
unprivilege ...)
@@ -193,7 +193,7 @@ CVE-2026-13149 (brace-expansion through 5.0.6 is vulnerable
to denial of service
CVE-2026-12610 (A flaw was found in sssd. When authenticating with a YubiKey,
the SSSD ...)
TODO: check
CVE-2026-12578 (The affected product is vulnerable to a deserialization of
untrusted d ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-12388 (A flaw was found in the Identity Provider (IdP) mapper
component of Ke ...)
TODO: check
CVE-2026-12076 (Raytha CMS is vulnerable to SQL Injection within the OData
filter pars ...)
@@ -203,25 +203,25 @@ CVE-2026-10817 (Insufficient input validation leading to
memory overread inNetSc
CVE-2026-10816 (Arbitrary File Read (Unauthenticated) inNetScaler ADC and
NetScaler Ga ...)
TODO: check
CVE-2026-10763 (PROMOD V is using insecure HTTP communication instead of
HTTPS. The vu ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-10655 (The asynchronous SNTP client in Zephyr
(subsys/net/lib/sntp/sntp.c, sn ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10654 (A race condition in the Zephyr Bluetooth Classic RFCOMM host
stack (su ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10653 (The Zephyr net_buf library (lib/net_buf/buf.c) manipulated
both of its ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10652 (Zephyr's DNS resolver (subsys/net/lib/dns) parses resource
records fro ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10513 (The Webmention plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7406 (Nokia MantaRay NM is vulnerable to a sudo privilege escalation
vulnera ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-53648 (SQL misconfiguration in the Gravitino UI, in versions 1.0.0
and below, ...)
TODO: check
CVE-2025-24816 (Nokia MantaRay is subject to an Improper Access Control
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-24815 (Nokia MantaRay NM is subject to an unrestricted file upload
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2026-58030 [Escape linelinks argument before passing it on to Pygments]
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T427167
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5d8262f7bdb6215642b46b06634349afb3e7ec5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5d8262f7bdb6215642b46b06634349afb3e7ec5
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits