Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d9dd2c27 by security tracker role at 2026-07-08T07:14:10+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2026-9842 (The Backstage - Customizer Demo Access plugin for WordPress is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9731 (The Wp Js Detect plugin for WordPress is vulnerable to 
Cross-Site Requ ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9701 (The Eventer plugin for WordPress is vulnerable to an insecure 
password ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9700 (The Eventer plugin for WordPress is vulnerable to time-based 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9695 (An Improper Authentication vulnerability affecting DELMIA 
Apriso from  ...)
-       TODO: check
+       NOT-FOR-US: Dassault Systemes
 CVE-2026-8377 (Missing Authorization vulnerability in Armiya Information 
Technologies ...)
        TODO: check
 CVE-2026-8309 (Improper neutralization of input during web page generation 
('cross-si ...)
@@ -17,7 +17,7 @@ CVE-2026-8306 (Improper neutralization of input during web 
page generation ('cro
 CVE-2026-7380 (Improper neutralization of Script-Related HTML tags in a web 
page (bas ...)
        TODO: check
 CVE-2026-6101 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for 
WordPress is ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-60002 (ssh in OpenSSH before 10.4 can have a use-after-free when a 
server cha ...)
        TODO: check
 CVE-2026-60001 (sshd in OpenSSH before 10.4 does not always honor the minimum 
authenti ...)
@@ -77,7 +77,7 @@ CVE-2026-57895 (Incorrect default permissions issue exists in 
Pupsman versions p
 CVE-2026-57851 (MSI Feature Manager contains a local privilege escalation 
vulnerabilit ...)
        TODO: check
 CVE-2026-57172 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-56843 (Incorrect authorization in the XML-RPC API of WebPros Plesk 
before 18. ...)
        TODO: check
 CVE-2026-56812 (Improper Check for Unusual or Exceptional Conditions 
vulnerability in  ...)
@@ -87,13 +87,13 @@ CVE-2026-56811 (Allocation of Resources Without Limits or 
Throttling vulnerabili
 CVE-2026-56437 (Uncontrolled search path element issue exists in Pupsman 
versions prio ...)
        TODO: check
 CVE-2026-55647 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-55635 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-55633 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-55631 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-55592 (Dashy is a self-hostable personal dashboard. Prior to 4.3.7, 
Dashy's w ...)
        TODO: check
 CVE-2026-55490 (OpenWrt is a Linux operating system targeting embedded 
devices. Before ...)
@@ -149,19 +149,19 @@ CVE-2026-54601 (FastGPT is an open source AI knowledge 
base platform. From 4.14.
 CVE-2026-53935 (Cilium is a networking, observability, and security solution. 
Prior to ...)
        TODO: check
 CVE-2026-53751 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-53730 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-53729 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-53511 (calibre is an e-book manager. Prior to 9.10.0, a malicious 
EPUB, OPF,  ...)
        TODO: check
 CVE-2026-53483 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-53481 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-53479 (DellPowerProtectData Domain, versions 7.7.1.0 through 8.7, 
LTS2026 rel ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-51937 (An issue in Oneblog V2.3.9 allows a remote attacker to obtain 
sensitiv ...)
        TODO: check
 CVE-2026-50811 (An out-of-bounds read vulnerability exists in FreeType 2.14.3 
and vers ...)
@@ -169,9 +169,9 @@ CVE-2026-50811 (An out-of-bounds read vulnerability exists 
in FreeType 2.14.3 an
 CVE-2026-50810 (A NULL pointer dereference in smooth_parse_stream_index() in 
src/media ...)
        TODO: check
 CVE-2026-50530 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-50529 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-50179 (Actual is a local-first personal finance tool. Prior to 
26.6.0, export ...)
        TODO: check
 CVE-2026-50007 (Actual is an open-source personal finance application. Prior 
to 26.7.0 ...)
@@ -183,29 +183,29 @@ CVE-2026-49229 (Actual is a local-first personal finance 
app. Prior to 26.6.0, i
 CVE-2026-49033 (The application contains a stack-based buffer overflow 
vulnerability t ...)
        TODO: check
 CVE-2026-48958 (An improper access check allows unauthorized users to create 
custom fi ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48957 (An improper access check allows unauthorized users to access 
com_priva ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48956 (An improper access check allows users to display a list of 
modules in  ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48955 (An improper access check allows unauthorized users to access 
workflow  ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48954 (Improper validation leads to a generic XSS vector in the 
language over ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48953 (Lack of escaping leads to an XSS vulnerability in the generic 
image ou ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48952 (Lack of escaping leads to an XSS vulnerability in the update 
list view ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48951 (Lack of escaping leads to XSS vulnerabilities in modalreturn 
layouts o ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48950 (Lack of escaping leads to an XSS vulnerability in the file 
management  ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48949 (Lack of validation leads to an XSS vulnerability in the MFA 
management ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48948 (An improper access check allows user to download vcard exports 
of com_ ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48947 (An improper access check allows privileged users to overwrite 
media fi ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-46700 (Actual is a local-first personal finance tool. Prior to 
26.6.0, the GE ...)
        TODO: check
 CVE-2026-46672 (Actual is a local-first personal finance app. Prior to 26.6.0, 
@actual ...)
@@ -217,7 +217,7 @@ CVE-2026-45796 (Coder allows organizations to provision 
remote development envir
 CVE-2026-44938 (A vulnerability has been identified in Fleet's agent-side 
deployer, wh ...)
        TODO: check
 CVE-2026-44877 (An unauthenticated remote disclosure vulnerability has been 
identified ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2026-44454 (Coder allows organizations to provision remote development 
environment ...)
        TODO: check
 CVE-2026-42958 (The application contains a use-after-free vulnerability that 
can be ex ...)
@@ -245,51 +245,51 @@ CVE-2026-14940 (A heap-buffer-overflow flaw was found in 
389 Directory Server (3
 CVE-2026-14935 (A logic vulnerability was found in GStreamer's webrtcbin 
component. Th ...)
        TODO: check
 CVE-2026-14904 (AWS Research and Engineering Studio (RES) is an open-source 
solution t ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-14868 (The encryption algorithm used to protect the configuration of 
user acc ...)
        TODO: check
 CVE-2026-14867 (Credentials of built-in users are insecurely stored in the 
User direct ...)
        TODO: check
 CVE-2026-14500 (The Bulk Order Update for WooCommerce plugin for WordPress is 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14495 (The DoLogin Security plugin for WordPress is vulnerable to 
Authenticat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14489 (The WHMCS Bridge plugin for WordPress is vulnerable to 
arbitrary file  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14487 (The Simple Coherent Form plugin for WordPress is vulnerable to 
arbitra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14482 (The \u591a\u8bf4\u793e\u4f1a\u5316\u8bc4\u8bba\u6846 plugin 
for WordPr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14476 (A path traversal flaw was found in SSSD's AD GPO provider. The 
ad_gpo_ ...)
        TODO: check
 CVE-2026-14474 (A flaw was found in SSSD's LDAP sudo provider. When the 
ldap_sudo_sear ...)
        TODO: check
 CVE-2026-14244 (The Jssor Slider by jssor.com plugin for WordPress is 
vulnerable to Di ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14158 (The Widget Logic Visual plugin for WordPress is vulnerable to 
Remote C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13696 (Improper neutralization of special elements used in an LDAP 
query ('LD ...)
        TODO: check
 CVE-2026-13199 (EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices 
produce ...)
        TODO: check
 CVE-2026-13020 (A Weak Password Recovery Mechanism for Forgotten Password 
exists in Es ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2026-13019 (Esri Portal for ArcGIS versions 12.1 and earlier on Windows, 
Linux and ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2026-12948 (A stored cross-site scripting (XSS) vulnerability in the web 
managemen ...)
-       TODO: check
+       NOT-FOR-US: Digi
 CVE-2026-12378 (The Appointment Booking Calendar Plugin and Scheduling Plugin  
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12352 (This vulnerability allows an unauthenticated actor to bypass 
authentic ...)
-       TODO: check
+       NOT-FOR-US: Digi
 CVE-2026-12153 (The WP Learn Manager plugin for WordPress is vulnerable to 
authorizati ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12097 (The User Management plugin for WordPress is vulnerable to 
authorizatio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12041 (The Chatra Live Chat + ChatBot + Cart Saver plugin for 
WordPress is vu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11798 (The Social Share, Social Login and Social Comments Plugin 
\u2013 Super ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11610 (A heap buffer overflow flaw was found in the SASL I/O layer of 
389 Dir ...)
        TODO: check
 CVE-2026-11348 (Improper verification of cryptographic signature vulnerability 
in HAVE ...)
@@ -297,9 +297,9 @@ CVE-2026-11348 (Improper verification of cryptographic 
signature vulnerability i
 CVE-2026-11340 (Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS 
allows  ...)
        TODO: check
 CVE-2026-10659 (The Dhara flash translation layer disk driver 
(drivers/disk/ftl_dhara. ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-10570 (The Sympl Repeater for ACF and Elementor plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site 
Scripti ...)
        TODO: check
 CVE-2026-56003 [computeProps Property Buffer Heap Buffer Overflow]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9dd2c27a93b090500bbb6d91fe8e46ff5af5fd8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9dd2c27a93b090500bbb6d91fe8e46ff5af5fd8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to