Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
56e70a81 by security tracker role at 2026-07-06T19:14:45+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2026-9182 (ArcGIS Server contains an unrestricted file upload 
vulnerability. An u ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2026-9181 (ArcGIS Server contains a directory traversal vulnerability.  An 
unauth ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2026-9165 (A flaw was found in Red Hat Advanced Cluster Security for 
Kubernetes ( ...)
        TODO: check
 CVE-2026-7185 (A validation vulnerability has been identified in certain web 
features ...)
        TODO: check
 CVE-2026-6901 (Untrusted Search Path vulnerability in B&R Industrial 
Automation GmbH  ...)
-       TODO: check
+       NOT-FOR-US: ABB group
 CVE-2026-6900 (Improper certificate validation vulnerability in B&R Industrial 
Automa ...)
-       TODO: check
+       NOT-FOR-US: ABB group
 CVE-2026-6382 (The FileOrganizer  WordPress plugin before 1.1.9, Advanced File 
Manage ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-5268 (An authentication bypass vulnerability exists in the default 
SFTP serv ...)
        TODO: check
 CVE-2026-59196 (pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a 
crafted lock ...)
@@ -55,57 +55,57 @@ CVE-2026-54059 (Pillow is a Python imaging library. Prior 
to 12.3.0, PIL/PcfFont
 CVE-2026-53913 (Improper Authentication, Missing Authentication for Critical 
Function, ...)
        TODO: check
 CVE-2026-4249 (The throttling event handling mechanism in multiple WSO2 
products acce ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2026-49365 (Generation of Error Message Containing Sensitive Information 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49099 (Improper Neutralization of Special Elements in Output Used by 
a Downst ...)
        TODO: check
 CVE-2026-49098 (Improper Input Validation, Improper Neutralization of Special 
Elements ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49097 (Improper Input Validation, Improper Neutralization of Special 
Elements ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49086 (Improper Input Validation, Unintended Proxy or Intermediary 
('Confused ...)
        TODO: check
 CVE-2026-49042 (Improper Input Validation vulnerability in Apache Camel.  This 
issue a ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-48614 (An improper authorization vulnerability in the Plesk XML API 
allows an ...)
        TODO: check
 CVE-2026-48316 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48206 (Improper Input Validation, Authorization Bypass Through 
User-Controlle ...)
        TODO: check
 CVE-2026-48205 (Improper Input Validation, Server-Side Request Forgery (SSRF) 
vulnerab ...)
        TODO: check
 CVE-2026-48204 (Improper Input Validation, Improper Access Control 
vulnerability in Ap ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-48203 (Improper Neutralization of Special Elements in Output Used by 
a Downst ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46726 (Improper Input Validation, Exposure of Sensitive Information 
to an Una ...)
        TODO: check
 CVE-2026-46592 (Improper Input Validation, Unintended Proxy or Intermediary 
('Confused ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46591 (Improper Neutralization of Special Elements in Data Query 
Logic vulner ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46590 (Deserialization of Untrusted Data vulnerability in Apache 
Camel PQC co ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46588 (Improper Input Validation vulnerability in Apache Camel.  This 
issue a ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46587 (Improper Input Validation vulnerability in Apache Camel.  This 
issue a ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46585 (Improper Input Validation, Authorization Bypass Through 
User-Controlle ...)
        TODO: check
 CVE-2026-46584 (Improper Input Validation, Exposure of Sensitive Information 
to an Una ...)
        TODO: check
 CVE-2026-46457 (Improper Input Validation vulnerability in Apache Camel NATS 
component ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46456 (Improper Input Validation vulnerability in Apache Camel 
AWS2-SQS Compo ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46455 (Insufficient Session Expiration vulnerability in Apache Camel 
Keycloak ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46454 (Improper Input Validation vulnerability in Apache Camel Cometd 
Compone ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46453 (Improper Input Validation, Authorization Bypass Through 
User-Controlle ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44937 (Potential forgery of webhook requests when using a 
unauthenticated web ...)
        TODO: check
 CVE-2026-44936 (Missing filtering when the helmRepoURLRegex field isn't set on 
a GitRe ...)
@@ -113,39 +113,39 @@ CVE-2026-44936 (Missing filtering when the 
helmRepoURLRegex field isn't set on a
 CVE-2026-44934 (A information disclosure when DEBUG loglevel is set in SUSE 
Rancher AI ...)
        TODO: check
 CVE-2026-43867 (Deserialization of Untrusted Data vulnerability in Apache 
Camel PQC Co ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-43866 (Deserialization of Untrusted Data vulnerability in Apache 
Camel, Apach ...)
        TODO: check
 CVE-2026-43865 (Deserialization of Untrusted Data vulnerability in Apache 
Camel Hazelc ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-43825 (Untrusted Java Deserialization in Apache OpenNLP 
SvmDoccatModel  Versi ...)
        TODO: check
 CVE-2026-42527 (Deserialization of Untrusted Data vulnerability in Apache 
Camel.  The  ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-41434 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
        TODO: check
 CVE-2026-40859 (Deserialization of Untrusted Data vulnerability in Apache 
Camel.  The  ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40257 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
        TODO: check
 CVE-2026-40141 (A high-severity vulnerability exists in a web application 
component of ...)
-       TODO: check
+       NOT-FOR-US: BeyondTrust
 CVE-2026-40140 (BeyondTrust Remote Support and Privileged Remote Access 
contain a high ...)
-       TODO: check
+       NOT-FOR-US: BeyondTrust
 CVE-2026-40139 (A critical pre-authentication vulnerability exists in the 
authenticati ...)
-       TODO: check
+       NOT-FOR-US: BeyondTrust
 CVE-2026-40138 (A critical pre-authentication vulnerability exists in the 
authenticati ...)
-       TODO: check
+       NOT-FOR-US: BeyondTrust
 CVE-2026-40047 (Improper Neutralization of Argument Delimiters in a Command 
('Argument ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-24014 (Apache IoTDB DataNode\u2019s internal RPC interface for 
creating Trigg ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-24013 (Authentication Bypass by Spoofing vulnerability in Apache 
IoTDB. Certa ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-24012 (Uncontrolled Resource Consumption vulnerability in Apache 
IoTDB.  Some ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-1433 (uniFLOW Universal Login Manager (ULM) Standalone contains an 
informati ...)
-       TODO: check
+       NOT-FOR-US: Canon
 CVE-2026-14809 (Prog Management System developed by PROG MIS has a SQL 
Injection vulne ...)
        TODO: check
 CVE-2026-14808 (Prog   Management System developed by PROG MIS has a Exposure 
of Sensi ...)
@@ -163,19 +163,19 @@ CVE-2026-13753 (A missing authorization vulnerability 
exists in the embedded web
 CVE-2026-12686 (An authenticated user could manipulate a company ID parameter 
in a POS ...)
        TODO: check
 CVE-2026-12154 (The Reviews Widgets for Google, Yelp & TripAdvisor plugin for 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12083 (The Admin and Site Enhancements (ASE) WordPress plugin before 
8.8.4, a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11962 (The FileOrganizer  WordPress plugin before 1.2.0 does not 
validate the ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11855 (The Simple Membership WordPress plugin before 4.7.5 does not 
verify th ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11766 (The Ultimate Member  WordPress plugin before 2.12.0 does not 
properly  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10830 (The AllCoach  WordPress plugin before 1.0.2 does not verify 
that an em ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-8591 (The software accepts user-supplied input via a URL parameter 
without a ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2025-53831 (DrawIO for ownCloud is an application for using DrawIO with 
the file s ...)
        TODO: check
 CVE-2025-53830 (Anti-Virus for ownCloud is an anti-virus application for file 
storage, ...)
@@ -191,7 +191,7 @@ CVE-2025-15668 (A vulnerability was identified in GPAC up 
to b40ce70f5. This iss
 CVE-2025-15667 (A vulnerability was determined in GPAC up to 2.5-DEV. This 
vulnerabili ...)
        TODO: check
 CVE-2024-6228 (The Notifications for Forms & WordPress Actions WordPress 
plugin befor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-XXXX [RUSTSEC-2026-0190]
        - rust-anyhow <unfixed> (bug #1141593)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0190.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56e70a81138e515203c7cbe23e679ad2fc23ba66

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56e70a81138e515203c7cbe23e679ad2fc23ba66
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to