Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f08519dd by Moritz Muehlenhoff at 2026-07-02T09:32:59+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,13 +3,13 @@ CVE-2026-5821 (The Image Optimizer plugin for WordPress is 
vulnerable to arbitra
 CVE-2026-5348 (The Academy LMS \u2013 WordPress LMS Plugin for Complete 
eLearning Sol ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-58593 (NodeBB does not bind the claimed author of an inbound 
ActivityPub obje ...)
-       TODO: check
+       NOT-FOR-US: NodeBB
 CVE-2026-58592 (Ladybird contains a dangling-reference memory-safety flaw in 
its WebAs ...)
-       TODO: check
+       - ladybird <itp> (bug #1088305)
 CVE-2026-58457 (Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) 
contains an  ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Aitemi
 CVE-2026-58263 (Jodit Editor is a WYSIWYG editor with written in pure 
TypeScript file  ...)
-       TODO: check
+       NOT-FOR-US: Jodit Editor
 CVE-2026-57278 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
        NOT-FOR-US: GeoVision
 CVE-2026-57277 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
@@ -41,7 +41,7 @@ CVE-2026-57265 (GeoWebPlayer (also called "Web Plugin" in the 
GV-VMS documentati
 CVE-2026-57264 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
        NOT-FOR-US: GeoVision
 CVE-2026-55886 (Jodit Editor is a WYSIWYG editor with written in pure 
TypeScript file  ...)
-       TODO: check
+       NOT-FOR-US: Jodit Editor
 CVE-2026-55794 (Craft CMS is a content management system (CMS). In versions 
5.9.0 and  ...)
        TODO: check
 CVE-2026-55793 (Craft CMS is a content management system (CMS). In versions 
5.0.0-RC1  ...)
@@ -65,7 +65,7 @@ CVE-2026-54908 (Pion DTLS is a Go implementation of Datagram 
Transport Layer Sec
 CVE-2026-54786 (Wasmtime is a runtime for WebAssembly. All versions prior to 
24.0.10;  ...)
        TODO: check
 CVE-2026-54756 (Jodit Editor is a WYSIWYG editor with written in pure 
TypeScript file  ...)
-       TODO: check
+       NOT-FOR-US: Jodit Editor
 CVE-2026-54720 (Silverstripe Framework is a PHP framework which powers the 
Silverstrip ...)
        TODO: check
 CVE-2026-54712 (OpenTelemetry Java Instrumentation provides OpenTelemetry 
auto-instrum ...)
@@ -73,15 +73,15 @@ CVE-2026-54712 (OpenTelemetry Java Instrumentation provides 
OpenTelemetry auto-i
 CVE-2026-54704 (OpenTelemetry Java Instrumentation provides OpenTelemetry 
auto-instrum ...)
        TODO: check
 CVE-2026-54263 (Wagtail is an open source content management system built on 
Django. I ...)
-       TODO: check
+       NOT-FOR-US: Wagtail
 CVE-2026-54262 (Wagtail is an open source content management system built on 
Django. I ...)
-       TODO: check
+       NOT-FOR-US: Wagtail
 CVE-2026-54261 (Wagtail is an open source content management system built on 
Django. I ...)
-       TODO: check
+       NOT-FOR-US: Wagtail
 CVE-2026-54260 (Wagtail is an open source content management system built on 
Django. I ...)
-       TODO: check
+       NOT-FOR-US: Wagtail
 CVE-2026-54259 (Wagtail is an open source content management system built on 
Django. I ...)
-       TODO: check
+       NOT-FOR-US: Wagtail
 CVE-2026-54164 (API Platform Core is a system to create hypermedia-driven REST 
and Gra ...)
        TODO: check
 CVE-2026-54074 (Tina is a headless content management system. @tinacms/cli 
versions pr ...)
@@ -413,29 +413,29 @@ CVE-2026-54428 (Allocation of resources without limits or 
throttling in the HTTP
 CVE-2026-54399 (Uncontrolled Resource Consumption vulnerability in the 
HTTP/1.1 messag ...)
        TODO: check
 CVE-2026-53909 (MCO does not correctly validate types of uploaded files. File 
upload v ...)
-       TODO: check
+       NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53908 (MCO is vulnerable to User Enumeration through 
authentication-related f ...)
-       TODO: check
+       NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53907 (MCO is vulnerable to Stored Cross\u2011Site Scripting (XSS) 
via the ap ...)
-       TODO: check
+       NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53906 (MCO is vulnerable to Path Disclosure and Path Traversal in 
file handli ...)
-       TODO: check
+       NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53905 (MCO does not properly enforce authorization checks in the 
/customer/se ...)
-       TODO: check
+       NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53904 (MCO is vulnerable to Account Denial of Service due to improper 
impleme ...)
-       TODO: check
+       NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53903 (MCO is vulnerable to an Insecure Direct Object Reference 
(IDOR) vulner ...)
-       TODO: check
+       NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53902 (MCO does not properly enforce authorization checks in the 
/customer/se ...)
-       TODO: check
+       NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53467 (ImageMagick is free and open-source software used for editing 
and mani ...)
        TODO: check
 CVE-2026-53466 (ImageMagick is free and open-source software used for editing 
and mani ...)
        TODO: check
 CVE-2026-51947 (An issue in Pivotal CRM 6.6.4.08 and systems using 
patch-ghi-15381-cwe ...)
-       TODO: check
+       NOT-FOR-US: Pivotal CRM
 CVE-2026-51946 (SQL Injection vulnerability in GoAdminGroup GoAdmin (last 
release v1.2 ...)
-       TODO: check
+       NOT-FOR-US: GoAdminGroup GoAdmin
 CVE-2026-50043 (Improper neutralization of special elements used in an OS 
command ('OS ...)
        TODO: check
 CVE-2026-49119 (Gradio before 6.16.0 contain a path traversal vulnerability in 
the Fil ...)
@@ -455,49 +455,49 @@ CVE-2026-41121 (Dell Device Management Agent, versions 
prior to DDMA 26.05, cont
 CVE-2026-38142 (An unauthenticated command injection vulnerability in the 
/goform/fast ...)
        NOT-FOR-US: Tenda
 CVE-2026-34117 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34116 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34115 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34114 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34113 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34112 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34111 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34110 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34109 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34108 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34107 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34106 (Guardian language-system passes the id GET parameter directly 
into a P ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34105 (Guardian language-system passes the id GET parameter directly 
into an  ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34104 (Guardian language-system passes the name GET parameter 
directly into a ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34103 (Guardian language-system passes the id GET parameter directly 
into an  ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34102 (Guardian language-system passes the id GET parameter directly 
into an  ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34101 (Guardian language-system passes the id GET parameter directly 
into an  ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34100 (Guardian language-system passes the id GET parameter directly 
into an  ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34099 (Guardian language-system passes the id GET parameter directly 
into an  ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34098 (Guardian language-system fails to sanitize the id GET 
parameter before ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34097 (Guardian language-system fails to sanitize the id GET 
parameter before ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-34096 (Guardian language-system fails to sanitize the name GET 
parameter befo ...)
-       TODO: check
+       NOT-FOR-US: Guardian language-system
 CVE-2026-2891 (The following Poly Voice IP devices, CCX, Trio, and Edge E, 
might be i ...)
        NOT-FOR-US: HP
 CVE-2026-27435 (Missing Authorization vulnerability in WofficeIO Woffice 
allows Exploi ...)
@@ -595,7 +595,8 @@ CVE-2026-12576 (DVP80ES3 with Improper Enforcement of 
Message Integrity During T
 CVE-2026-12575 (DVP80ES3 with Improper Resource Shutdown or Release 
vulnerability.)
        NOT-FOR-US: Delta Electronics
 CVE-2026-12480 (Keras versions up to and including 3.13.2 are vulnerable to an 
arbitra ...)
-       TODO: check
+       - keras <removed>
+       [bullseye] - keras <end-of-life> (EOL in bullseye LTS)
 CVE-2026-12435 (The Motors \u2013 Car Dealership & Classified Listings Plugin 
plugin f ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12408 (The Slim SEO \u2013 A Fast & Automated SEO Plugin For 
WordPress plugin ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f08519dde6f071a7e6a1939c4190aebe3c93b448

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f08519dde6f071a7e6a1939c4190aebe3c93b448
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to