Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a4ac720 by security tracker role at 2026-07-01T19:14:49+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,15 +31,15 @@ CVE-2026-5136 (A flaw was found in Foreman. The Usergroup 
model in Foreman does
 CVE-2026-5135 (A flaw was found in Foreman. This broken access control 
vulnerability  ...)
        TODO: check
 CVE-2026-5120 (A Race Condition vulnerability affecting BIOVIA Workbook from 
Release  ...)
-       TODO: check
+       NOT-FOR-US: Dassault Systemes
 CVE-2026-5051 (HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit 
device valid ...)
        TODO: check
 CVE-2026-58521 (Improper neutralization of special elements used in an SQL 
command ('S ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-58520 (URL redirection to untrusted site ('open redirect') 
vulnerability in T ...)
        TODO: check
 CVE-2026-58517 (Improper neutralization of input terminators vulnerability in 
The Wiki ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-58454 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 
4.8.30.57701411 c ...)
        TODO: check
 CVE-2026-58453 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 
4.8.30.57701411 c ...)
@@ -59,23 +59,23 @@ CVE-2026-58038 (Improper Neutralization of Input During Web 
Page Generation (XSS
 CVE-2026-58035 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        TODO: check
 CVE-2026-58034 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-58031 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        TODO: check
 CVE-2026-57737 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57736 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Hub ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57723 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp 
VikBooking ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57722 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57721 (Missing Authorization vulnerability in WP Reloaded ApplyOnline 
allows  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57720 (Missing Authorization vulnerability in Codexpert Inc 
ThumbPress allows ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57692 (Incorrect Privilege Assignment vulnerability in LCweb 
PrivateContent a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57517 (Control Web Panel before 0.9.8.1225 contains a blind SQL 
injection vul ...)
        TODO: check
 CVE-2026-57516 (Ray prior to 2.56.0 contains an unsafe deserialization 
vulnerability i ...)
@@ -145,9 +145,9 @@ CVE-2026-49087 (Allocation of Resources Without Limits or 
Throttling (CWE-770) i
 CVE-2026-46680 (containerd is an open-source container runtime. In versions 
prior to 1 ...)
        TODO: check
 CVE-2026-41121 (Dell Device Management Agent, versions prior to DDMA 26.05, 
contain an ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-38142 (An unauthenticated command injection vulnerability in the 
/goform/fast ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-34117 (Guardian language-system passes the id GET parameter directly 
into a P ...)
        TODO: check
 CVE-2026-34116 (Guardian language-system passes the id GET parameter directly 
into a P ...)
@@ -193,41 +193,41 @@ CVE-2026-34097 (Guardian language-system fails to 
sanitize the id GET parameter
 CVE-2026-34096 (Guardian language-system fails to sanitize the name GET 
parameter befo ...)
        TODO: check
 CVE-2026-2891 (The following Poly Voice IP devices, CCX, Trio, and Edge E, 
might be i ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2026-27435 (Missing Authorization vulnerability in WofficeIO Woffice 
allows Exploi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27409 (Missing Authorization vulnerability in Webba Plugins Webba 
Booking all ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24270 (NVIDIA AIStore framework contains a vulnerability where an 
attacker co ...)
        TODO: check
 CVE-2026-24266 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24264 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24260 (NVIDIA Container Toolkit for Linux contains a vulnerability 
where an a ...)
        TODO: check
 CVE-2026-24251 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24250 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24249 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24248 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24247 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24246 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24245 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24244 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24243 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24242 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24240 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-20244 (A vulnerability in the DMG file format parser of ClamAV could 
allow an ...)
        TODO: check
 CVE-2026-20243 (A vulnerability in the ALZ file format parser of ClamAV could 
allow an ...)
@@ -257,53 +257,53 @@ CVE-2026-14198 (@fastify/middie versions 9.1.0 through 
9.3.2 decode the encoded
 CVE-2026-14181 (@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the 
URL nor ...)
        TODO: check
 CVE-2026-13769 (Overly permissive file permissions in AWS CLI before 1.44.78 
(v1) and  ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-13760 (OS command injection in the NodejsFunction Docker bundling 
pipeline (O ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-13733 (The Download Manager plugin for WordPress is vulnerable to 
Stored Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13707 (Session fixation vulnerability in Wikimedia Foundation OAuth.  
 This v ...)
        TODO: check
 CVE-2026-13706 (Improper input validation vulnerability in Wikimedia 
Foundation UrlSho ...)
        TODO: check
 CVE-2026-13603 (The payment integration pretix-oppwa provides support  for the 
payment ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-13602 (We found a chain of combining multiple weaknesses in the 
product that  ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-13454 (The MotoPress Appointment Booking plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13323 (In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint 
serves  ...)
        TODO: check
 CVE-2026-13228 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13211 (The genucenter web interface before version 8.0p11 
unnecessarily expos ...)
        TODO: check
 CVE-2026-12754 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12732 (The LearnPress plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12577 (DVP80ES3 with Improperly Implemented Security Check for 
Standard vulne ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2026-12576 (DVP80ES3 with Improper Enforcement of Message Integrity During 
Transmi ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2026-12575 (DVP80ES3 with Improper Resource Shutdown or Release 
vulnerability.)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2026-12480 (Keras versions up to and including 3.13.2 are vulnerable to an 
arbitra ...)
        TODO: check
 CVE-2026-12435 (The Motors \u2013 Car Dealership & Classified Listings Plugin 
plugin f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12408 (The Slim SEO \u2013 A Fast & Automated SEO Plugin For 
WordPress plugin ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12374 (Improper certificate validation and a time-of-check 
time-of-use (TOCTO ...)
-       TODO: check
+       NOT-FOR-US: Cato
 CVE-2026-12224 (The Dokan Pro plugin for WordPress is vulnerable to privilege 
escalati ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12158 (The RegistrationMagic \u2013 User Registration Forms Plugin 
plugin for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12142 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress 
plugin for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11387 (The SMS Alert \u2013 SMS & OTP for WooCommerce, Order 
Notifications &  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10540 (The Control-M/Enterprise Manager uses weak protections for 
stored hash ...)
        TODO: check
 CVE-2026-10539 (A Control-M/Server communication command does not sufficiently 
filter  ...)
@@ -311,9 +311,9 @@ CVE-2026-10539 (A Control-M/Server communication command 
does not sufficiently f
 CVE-2026-10538 (Messaging consumer functionality allows deserialization of 
user-contro ...)
        TODO: check
 CVE-2026-10096 (The Qi Blocks plugin for WordPress is vulnerable to Insecure 
Direct Ob ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10095 (The WP Photo Album Plus plugin for WordPress is vulnerable to 
Stored C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-23351 (NVIDIA ConnectX and BlueField contain a vulnerability in the 
command i ...)
        TODO: check
 CVE-2025-23350 (NVIDIA ConnectX and BlueField contain a vulnerability in the 
command i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4ac720af75a3a2ebd3a06fb7cbb81e1ce33c80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4ac720af75a3a2ebd3a06fb7cbb81e1ce33c80
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to