Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
313a2b40 by Moritz Muehlenhoff at 2026-07-07T12:32:12+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -345,13 +345,13 @@ CVE-2026-58203 (pydantic-settings provides settings 
management using Pydantic. F
 CVE-2026-56810 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
        NOT-FOR-US: elixir-mint Mint
 CVE-2026-56140 (Improper Input Validation vulnerability in Apache Camel AWS 
SNS compon ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-56139 (Generation of Error Message Containing Sensitive Information 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-55994 (Improper Input Validation, Exposure of Sensitive Information 
to an Una ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-55993 (Improper Input Validation, Exposure of Sensitive Information 
to an Una ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-55798 (Pillow is a Python imaging library. Prior to 12.3.0, 
WindowsViewer.get ...)
        - pillow <not-affected> (Only affects Windows specific WindowsViewer)
        NOTE: 
https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6
@@ -382,19 +382,19 @@ CVE-2026-54059 (Pillow is a Python imaging library. Prior 
to 12.3.0, PIL/PcfFont
        NOTE: 
https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x
        NOTE: Fixed by: 
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
 (12.3.0)
 CVE-2026-53913 (Improper Authentication, Missing Authentication for Critical 
Function, ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-4249 (The throttling event handling mechanism in multiple WSO2 
products acce ...)
        NOT-FOR-US: WSO2
 CVE-2026-49365 (Generation of Error Message Containing Sensitive Information 
vulnerabi ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49099 (Improper Neutralization of Special Elements in Output Used by 
a Downst ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-49098 (Improper Input Validation, Improper Neutralization of Special 
Elements ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49097 (Improper Input Validation, Improper Neutralization of Special 
Elements ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49086 (Improper Input Validation, Unintended Proxy or Intermediary 
('Confused ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-49042 (Improper Input Validation vulnerability in Apache Camel.  This 
issue a ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-48614 (An improper authorization vulnerability in the Plesk XML API 
allows an ...)
@@ -402,15 +402,15 @@ CVE-2026-48614 (An improper authorization vulnerability 
in the Plesk XML API all
 CVE-2026-48316 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
        NOT-FOR-US: Adobe
 CVE-2026-48206 (Improper Input Validation, Authorization Bypass Through 
User-Controlle ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-48205 (Improper Input Validation, Server-Side Request Forgery (SSRF) 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-48204 (Improper Input Validation, Improper Access Control 
vulnerability in Ap ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-48203 (Improper Neutralization of Special Elements in Output Used by 
a Downst ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46726 (Improper Input Validation, Exposure of Sensitive Information 
to an Una ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-46592 (Improper Input Validation, Unintended Proxy or Intermediary 
('Confused ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46591 (Improper Neutralization of Special Elements in Data Query 
Logic vulner ...)
@@ -422,9 +422,9 @@ CVE-2026-46588 (Improper Input Validation vulnerability in 
Apache Camel.  This i
 CVE-2026-46587 (Improper Input Validation vulnerability in Apache Camel.  This 
issue a ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46585 (Improper Input Validation, Authorization Bypass Through 
User-Controlle ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-46584 (Improper Input Validation, Exposure of Sensitive Information 
to an Una ...)
-       TODO: check
+       NOT-FOR-US: Camel addon
 CVE-2026-46457 (Improper Input Validation vulnerability in Apache Camel NATS 
component ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-46456 (Improper Input Validation vulnerability in Apache Camel 
AWS2-SQS Compo ...)
@@ -444,7 +444,7 @@ CVE-2026-44934 (A information disclosure when DEBUG 
loglevel is set in SUSE Ranc
 CVE-2026-43867 (Deserialization of Untrusted Data vulnerability in Apache 
Camel PQC Co ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-43866 (Deserialization of Untrusted Data vulnerability in Apache 
Camel, Apach ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-43865 (Deserialization of Untrusted Data vulnerability in Apache 
Camel Hazelc ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-43825 (Untrusted Java Deserialization in Apache OpenNLP 
SvmDoccatModel  Versi ...)
@@ -482,21 +482,21 @@ CVE-2026-24012 (Uncontrolled Resource Consumption 
vulnerability in Apache IoTDB.
 CVE-2026-1433 (uniFLOW Universal Login Manager (ULM) Standalone contains an 
informati ...)
        NOT-FOR-US: Canon
 CVE-2026-14809 (Prog Management System developed by PROG MIS has a SQL 
Injection vulne ...)
-       TODO: check
+       NOT-FOR-US: PROG MIS
 CVE-2026-14808 (Prog   Management System developed by PROG MIS has a Exposure 
of Sensi ...)
-       TODO: check
+       NOT-FOR-US: PROG MIS
 CVE-2026-14807 (ERP App developed by PROG MIS has a Use of Hard-coded 
Credentials vuln ...)
-       TODO: check
+       NOT-FOR-US: PROG MIS
 CVE-2026-14802 (A vulnerability was detected in react create-react-app up to 
5.0.1 on  ...)
-       TODO: check
+       NOT-FOR-US: create-react-app
 CVE-2026-14801 (A security vulnerability has been detected in GPAC 
26.03-DEV-rev342-g8 ...)
        TODO: check
 CVE-2026-14800 (A weakness has been identified in imhamzaazam ecommerceFlask 
up to cb7 ...)
-       TODO: check
+       NOT-FOR-US: ecommerceFlask
 CVE-2026-13753 (A missing authorization vulnerability exists in the embedded 
webserver ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2026-12686 (An authenticated user could manipulate a company ID parameter 
in a POS ...)
-       TODO: check
+       NOT-FOR-US: Adiss Biloop
 CVE-2026-12154 (The Reviews Widgets for Google, Yelp & TripAdvisor plugin for 
WordPres ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12083 (The Admin and Site Enhancements (ASE) WordPress plugin before 
8.8.4, a ...)
@@ -512,15 +512,15 @@ CVE-2026-10830 (The AllCoach  WordPress plugin before 
1.0.2 does not verify that
 CVE-2025-8591 (The software accepts user-supplied input via a URL parameter 
without a ...)
        NOT-FOR-US: WSO2
 CVE-2025-53831 (DrawIO for ownCloud is an application for using DrawIO with 
the file s ...)
-       TODO: check
+       NOT-FOR-US: ownCloud addon
 CVE-2025-53830 (Anti-Virus for ownCloud is an anti-virus application for file 
storage, ...)
-       TODO: check
+       NOT-FOR-US: ownCloud addon
 CVE-2025-53829 (ownCloud is a file storage, synchronization, and sharing 
application.  ...)
-       TODO: check
+       - owncloud <removed>
 CVE-2025-53828 (SharePoint for ownCloud is an application for using SharePoint 
with th ...)
-       TODO: check
+       NOT-FOR-US: ownCloud addon
 CVE-2025-53827 (ownCloud Core is the server-side component of the file 
storage, synchr ...)
-       TODO: check
+       - owncloud <removed>
 CVE-2025-15668 (A vulnerability was identified in GPAC up to b40ce70f5. This 
issue aff ...)
        TODO: check
 CVE-2025-15667 (A vulnerability was determined in GPAC up to 2.5-DEV. This 
vulnerabili ...)
@@ -641,11 +641,11 @@ CVE-2026-14771 (A flaw has been found in SourceCodester 
Class and Exam Timetabli
 CVE-2026-14770 (A vulnerability was detected in SourceCodester Class and Exam 
Timetabl ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-14769 (A security vulnerability has been detected in code-projects 
Real State ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-14768 (A weakness has been identified in code-projects Real State 
Services 1. ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-14767 (A security flaw has been discovered in CodeAstro Ecommerce 
Website 1.0 ...)
-       TODO: check
+       NOT-FOR-US: CodeAstro
 CVE-2026-10657 (Zephyr's DNS resolver detects mDNS (.local) queries in 
dns_resolve_nam ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10656 (The MAX32xxx USB device controller driver 
(drivers/usb/udc/udc_max32.c ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313a2b40c215f8c8ddeff27f7cf25e0c7b1419f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313a2b40c215f8c8ddeff27f7cf25e0c7b1419f2
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to