Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
78034eb7 by Moritz Muehlenhoff at 2026-07-07T10:25:19+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2026-59713 (Leantime contains an OIDC login CSRF 
vulnerability in the verify
 CVE-2026-59712 (Leantime's Users::getUser method in the JSON-RPC API lacks 
proper auth ...)
        NOT-FOR-US: Leantime
 CVE-2026-59711 (showdown contains a cross-site scripting vulnerability in 
metadata tit ...)
-       TODO: check
+       NOT-FOR-US: showdown
 CVE-2026-59710 (showdown contains a stored cross-site scripting vulnerability 
in the p ...)
-       TODO: check
+       NOT-FOR-US: showdown
 CVE-2026-58404 (Hugo is a static site generator. From v0.162.0 through 
v0.163.0, the d ...)
        - hugo <unfixed>
        NOTE: 
https://github.com/gohugoio/hugo/security/advisories/GHSA-r46f-3rpw-hxrv
@@ -132,7 +132,7 @@ CVE-2026-41515 (OP-TEE is a Trusted Execution Environment 
(TEE) designed as comp
 CVE-2026-41514 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
        TODO: check
 CVE-2026-38979 (ajenti through v2.2.13 has a clickjacking weakness in the 
browser-faci ...)
-       TODO: check
+       NOT-FOR-US: ajenti
 CVE-2026-38976 (mrubyc through 3.4.1 was found to contain a NULL pointer 
dereference i ...)
        TODO: check
 CVE-2026-38973 (mrubyc through release3.4.1 was found to contain an 
out-of-bounds read ...)
@@ -216,13 +216,13 @@ CVE-2026-14468 (HashiCorp Terraform Enterprise contained 
an issue in its version
 CVE-2026-14345 (The WPFunnels \u2013 Funnel Builder for WooCommerce with 
Checkout & On ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13356 (A malicious webpage could interrupt a pending navigation by 
enqueuing  ...)
-       TODO: check
+       NOT-FOR-US: Firefox for iOS
 CVE-2026-12375 (The uncanny-automator-pro WordPress plugin before 7.3.0.6 was 
distribu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12277 (The Frontend File Manager Plugin WordPress plugin through 23.6 
does no ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-11405 (The web server binary /bin/httpd contains a hidden backdoor 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-11328 (The Exclusive Addons for Elementor plugin for WordPress is 
vulnerable  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-10834 (The WP Travel Engine  WordPress plugin before 6.8.1 does not 
properly  ...)
@@ -234,7 +234,7 @@ CVE-2025-59616 (Memory Corruption when processing multiple 
IOCTL calls with the
 CVE-2025-59615 (Memory Corruption when invoking device input/output control 
operations ...)
        NOT-FOR-US: Qualcomm
 CVE-2024-56141 (Minosoft is an open-source, multi-version Minecraft Java 
Edition clien ...)
-       TODO: check
+       NOT-FOR-US: Minosoft
 CVE-2026-49861
        - fastdds <unfixed>
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/aeba2db3640d1f79d9f1f0430b10a475ea4c47cb
@@ -348,7 +348,7 @@ CVE-2026-55379 (Pillow is a Python imaging library. Prior 
to 12.3.0, PIL/BdfFont
        NOTE: 
https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc
        NOTE: Fixed by: 
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
 (12.3.0)
 CVE-2026-54893 (URL path injection in the Microsoft Graph adapter of Swoosh. 
Swoosh.Ad ...)
-       TODO: check
+       NOT-FOR-US: Swoosh
 CVE-2026-54291 (pgjdbc is an open source postgresql JDBC Driver. In releases 
42.7.4 th ...)
        - libpgjava 42.7.12-1
        NOTE: 
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-j92g-9f8w-j867
@@ -380,7 +380,7 @@ CVE-2026-49086 (Improper Input Validation, Unintended Proxy 
or Intermediary ('Co
 CVE-2026-49042 (Improper Input Validation vulnerability in Apache Camel.  This 
issue a ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-48614 (An improper authorization vulnerability in the Plesk XML API 
allows an ...)
-       TODO: check
+       NOT-FOR-US: Plesk
 CVE-2026-48316 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
        NOT-FOR-US: Adobe
 CVE-2026-48206 (Improper Input Validation, Authorization Bypass Through 
User-Controlle ...)
@@ -418,11 +418,11 @@ CVE-2026-46454 (Improper Input Validation vulnerability 
in Apache Camel Cometd C
 CVE-2026-46453 (Improper Input Validation, Authorization Bypass Through 
User-Controlle ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44937 (Potential forgery of webhook requests when using a 
unauthenticated web ...)
-       TODO: check
+       NOT-FOR-US: Rancher
 CVE-2026-44936 (Missing filtering when the helmRepoURLRegex field isn't set on 
a GitRe ...)
-       TODO: check
+       NOT-FOR-US: Rancher
 CVE-2026-44934 (A information disclosure when DEBUG loglevel is set in SUSE 
Rancher AI ...)
-       TODO: check
+       NOT-FOR-US: Rancher
 CVE-2026-43867 (Deserialization of Untrusted Data vulnerability in Apache 
Camel PQC Co ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-43866 (Deserialization of Untrusted Data vulnerability in Apache 
Camel, Apach ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78034eb7e3daab4ff3ddba09cfa94f759afa85d1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78034eb7e3daab4ff3ddba09cfa94f759afa85d1
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to