Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
313a2b40 by Moritz Muehlenhoff at 2026-07-07T12:32:12+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -345,13 +345,13 @@ CVE-2026-58203 (pydantic-settings provides settings
management using Pydantic. F
CVE-2026-56810 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
NOT-FOR-US: elixir-mint Mint
CVE-2026-56140 (Improper Input Validation vulnerability in Apache Camel AWS
SNS compon ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-56139 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-55994 (Improper Input Validation, Exposure of Sensitive Information
to an Una ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-55993 (Improper Input Validation, Exposure of Sensitive Information
to an Una ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-55798 (Pillow is a Python imaging library. Prior to 12.3.0,
WindowsViewer.get ...)
- pillow <not-affected> (Only affects Windows specific WindowsViewer)
NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6
@@ -382,19 +382,19 @@ CVE-2026-54059 (Pillow is a Python imaging library. Prior
to 12.3.0, PIL/PcfFont
NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x
NOTE: Fixed by:
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
(12.3.0)
CVE-2026-53913 (Improper Authentication, Missing Authentication for Critical
Function, ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-4249 (The throttling event handling mechanism in multiple WSO2
products acce ...)
NOT-FOR-US: WSO2
CVE-2026-49365 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49099 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-49098 (Improper Input Validation, Improper Neutralization of Special
Elements ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49097 (Improper Input Validation, Improper Neutralization of Special
Elements ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49086 (Improper Input Validation, Unintended Proxy or Intermediary
('Confused ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-49042 (Improper Input Validation vulnerability in Apache Camel. This
issue a ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-48614 (An improper authorization vulnerability in the Plesk XML API
allows an ...)
@@ -402,15 +402,15 @@ CVE-2026-48614 (An improper authorization vulnerability
in the Plesk XML API all
CVE-2026-48316 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
NOT-FOR-US: Adobe
CVE-2026-48206 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-48205 (Improper Input Validation, Server-Side Request Forgery (SSRF)
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-48204 (Improper Input Validation, Improper Access Control
vulnerability in Ap ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-48203 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46726 (Improper Input Validation, Exposure of Sensitive Information
to an Una ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-46592 (Improper Input Validation, Unintended Proxy or Intermediary
('Confused ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46591 (Improper Neutralization of Special Elements in Data Query
Logic vulner ...)
@@ -422,9 +422,9 @@ CVE-2026-46588 (Improper Input Validation vulnerability in
Apache Camel. This i
CVE-2026-46587 (Improper Input Validation vulnerability in Apache Camel. This
issue a ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46585 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-46584 (Improper Input Validation, Exposure of Sensitive Information
to an Una ...)
- TODO: check
+ NOT-FOR-US: Camel addon
CVE-2026-46457 (Improper Input Validation vulnerability in Apache Camel NATS
component ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46456 (Improper Input Validation vulnerability in Apache Camel
AWS2-SQS Compo ...)
@@ -444,7 +444,7 @@ CVE-2026-44934 (A information disclosure when DEBUG
loglevel is set in SUSE Ranc
CVE-2026-43867 (Deserialization of Untrusted Data vulnerability in Apache
Camel PQC Co ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-43866 (Deserialization of Untrusted Data vulnerability in Apache
Camel, Apach ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-43865 (Deserialization of Untrusted Data vulnerability in Apache
Camel Hazelc ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-43825 (Untrusted Java Deserialization in Apache OpenNLP
SvmDoccatModel Versi ...)
@@ -482,21 +482,21 @@ CVE-2026-24012 (Uncontrolled Resource Consumption
vulnerability in Apache IoTDB.
CVE-2026-1433 (uniFLOW Universal Login Manager (ULM) Standalone contains an
informati ...)
NOT-FOR-US: Canon
CVE-2026-14809 (Prog Management System developed by PROG MIS has a SQL
Injection vulne ...)
- TODO: check
+ NOT-FOR-US: PROG MIS
CVE-2026-14808 (Prog Management System developed by PROG MIS has a Exposure
of Sensi ...)
- TODO: check
+ NOT-FOR-US: PROG MIS
CVE-2026-14807 (ERP App developed by PROG MIS has a Use of Hard-coded
Credentials vuln ...)
- TODO: check
+ NOT-FOR-US: PROG MIS
CVE-2026-14802 (A vulnerability was detected in react create-react-app up to
5.0.1 on ...)
- TODO: check
+ NOT-FOR-US: create-react-app
CVE-2026-14801 (A security vulnerability has been detected in GPAC
26.03-DEV-rev342-g8 ...)
TODO: check
CVE-2026-14800 (A weakness has been identified in imhamzaazam ecommerceFlask
up to cb7 ...)
- TODO: check
+ NOT-FOR-US: ecommerceFlask
CVE-2026-13753 (A missing authorization vulnerability exists in the embedded
webserver ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-12686 (An authenticated user could manipulate a company ID parameter
in a POS ...)
- TODO: check
+ NOT-FOR-US: Adiss Biloop
CVE-2026-12154 (The Reviews Widgets for Google, Yelp & TripAdvisor plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12083 (The Admin and Site Enhancements (ASE) WordPress plugin before
8.8.4, a ...)
@@ -512,15 +512,15 @@ CVE-2026-10830 (The AllCoach WordPress plugin before
1.0.2 does not verify that
CVE-2025-8591 (The software accepts user-supplied input via a URL parameter
without a ...)
NOT-FOR-US: WSO2
CVE-2025-53831 (DrawIO for ownCloud is an application for using DrawIO with
the file s ...)
- TODO: check
+ NOT-FOR-US: ownCloud addon
CVE-2025-53830 (Anti-Virus for ownCloud is an anti-virus application for file
storage, ...)
- TODO: check
+ NOT-FOR-US: ownCloud addon
CVE-2025-53829 (ownCloud is a file storage, synchronization, and sharing
application. ...)
- TODO: check
+ - owncloud <removed>
CVE-2025-53828 (SharePoint for ownCloud is an application for using SharePoint
with th ...)
- TODO: check
+ NOT-FOR-US: ownCloud addon
CVE-2025-53827 (ownCloud Core is the server-side component of the file
storage, synchr ...)
- TODO: check
+ - owncloud <removed>
CVE-2025-15668 (A vulnerability was identified in GPAC up to b40ce70f5. This
issue aff ...)
TODO: check
CVE-2025-15667 (A vulnerability was determined in GPAC up to 2.5-DEV. This
vulnerabili ...)
@@ -641,11 +641,11 @@ CVE-2026-14771 (A flaw has been found in SourceCodester
Class and Exam Timetabli
CVE-2026-14770 (A vulnerability was detected in SourceCodester Class and Exam
Timetabl ...)
NOT-FOR-US: SourceCodester
CVE-2026-14769 (A security vulnerability has been detected in code-projects
Real State ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-14768 (A weakness has been identified in code-projects Real State
Services 1. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-14767 (A security flaw has been discovered in CodeAstro Ecommerce
Website 1.0 ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-10657 (Zephyr's DNS resolver detects mDNS (.local) queries in
dns_resolve_nam ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10656 (The MAX32xxx USB device controller driver
(drivers/usb/udc/udc_max32.c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313a2b40c215f8c8ddeff27f7cf25e0c7b1419f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313a2b40c215f8c8ddeff27f7cf25e0c7b1419f2
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits