Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c5b109b6 by Moritz Muehlenhoff at 2026-07-09T22:35:06+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -256,20 +256,20 @@ CVE-2026-15191 (A flaw has been found in mettle 
sendportal up to 3.0.1. This vul
 CVE-2026-15190 (A vulnerability was detected in SourceCodester Simple and Nice 
Shoppin ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-15189 (A security vulnerability has been detected in aerostackdev 
aerostack-m ...)
-       TODO: check
+       NOT-FOR-US: aerostack-mcp
 CVE-2026-15188 (A weakness has been identified in manjurulhoque 
django-job-portal up t ...)
-       TODO: check
+       NOT-FOR-US: django-job-portal
 CVE-2026-15187 (A security flaw has been discovered in enquirer up to 2.4.1. 
Affected  ...)
-       TODO: check
+       NOT-FOR-US: enquirer
 CVE-2026-15186 (A vulnerability was identified in macrozheng mall up to 1.0.3. 
This im ...)
-       TODO: check
+       NOT-FOR-US: macrozheng mall
 CVE-2026-15185 (A vulnerability was determined in GPAC 26.03-DEV. This affects 
the fun ...)
        - gpac <removed>
        [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2026-15184 (A vulnerability was found in GNU LibreDWG up to 0.13.4. The 
impacted e ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2026-15182 (A vulnerability has been found in GNU LibreDWG up to 0.13.4. 
The affec ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2026-15158 (The Blocksy Companion plugin for WordPress is vulnerable to 
Arbitrary  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-15000 (The Connect Contact Form 7 and Mailchimp plugin for WordPress 
is vulne ...)
@@ -283,7 +283,7 @@ CVE-2026-14342 (The Mail Mint \u2013 Email Marketing, 
Newsletter, Email Automati
 CVE-2026-14278
        REJECTED
 CVE-2026-14261 (A vulnerability in the Xerte Online Tools allows for 
authentication by ...)
-       TODO: check
+       NOT-FOR-US: Xerte Online Tools
 CVE-2026-14245 (The miniOrange OTP Login, Verification and SMS Notifications 
plugin fo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13771 (The Customer Reviews for WooCommerce plugin for WordPress is 
vulnerabl ...)
@@ -291,9 +291,9 @@ CVE-2026-13771 (The Customer Reviews for WooCommerce plugin 
for WordPress is vul
 CVE-2026-13492 (The UsersWP plugin for WordPress is vulnerable to Arbitrary 
File Delet ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13462 (PayRange Android app, version 7.0.7 and below, contains an SSL 
bypass  ...)
-       TODO: check
+       NOT-FOR-US: PayRange Android app
 CVE-2026-13461 (When coupled with the SSL bypass vulnerability, JavaScript can 
be inje ...)
-       TODO: check
+       NOT-FOR-US: PayRange Android app
 CVE-2026-13450 (The GamiPress \u2013 Gamification plugin to reward points, 
achievement ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13441 (The EventPrime \u2013 Events Calendar, Bookings and Tickets 
plugin for ...)
@@ -307,7 +307,7 @@ CVE-2026-13080 (The WPFunnels \u2013 Funnel Builder for 
WooCommerce with Checkou
 CVE-2026-13011 (The ERP: Complete HR, Accounting & CRM Suite with Recruitment 
and WooC ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12879 (An Improper Input Validation vulnerability in BigQuery DAO in 
Google C ...)
-       TODO: check
+       NOT-FOR-US: Google Cloud Apigee
 CVE-2026-12593 (The implementation of an internalandundocumentedDashboardAPI 
endpoint( ...)
        TODO: check
 CVE-2026-12590 (Impact: In body-parser versions prior to 1.20.6 (1.x line) and 
2.3.0 ( ...)
@@ -323,7 +323,7 @@ CVE-2026-12406 (The User Frontend: AI Powered Frontend 
Posting, User Directory,
 CVE-2026-12170 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and 
Marketing Auto ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12116 (A vulnerability in the Xerte Online Tools allows for RCE 
through the a ...)
-       TODO: check
+       NOT-FOR-US: Xerte Online Tools
 CVE-2026-11404 (Cesanta Mongoose before 7.22 contains an out-of-bounds read in 
the bui ...)
        TODO: check
 CVE-2026-11359 (The Memberships and User Profiles for WooCommerce \u2013 
ProfileGrid W ...)
@@ -347,7 +347,7 @@ CVE-2026-0280 (An IPv6 packet processing vulnerability in 
the dataplane of Palo
 CVE-2026-0279 (Multiple cross site scripting vulnerabilities in the 
User-ID\u2122 Aut ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information 
stored in ...)
-       TODO: check
+       NOT-FOR-US: Kyocera
 CVE-2026-57825
        - opam 2.5.2-1
        NOTE: https://github.com/ocaml/opam/releases/tag/2.5.2
@@ -470,13 +470,13 @@ CVE-2026-57481 (Parse Server is an open source backend 
that can be deployed to a
 CVE-2026-57480 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-56669 (Elysia is a Typescript framework for request validation, type 
inferenc ...)
-       TODO: check
+       NOT-FOR-US: Elysia
 CVE-2026-55878 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-55877 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-55849 (@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of 
Materials  ...)
-       TODO: check
+       NOT-FOR-US: cyclonedx-npm
 CVE-2026-55778 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache 
templates wi ...)
@@ -534,15 +534,15 @@ CVE-2026-54527 (JupyterLab Git is a Git extension for 
JupyterLab. From 0.30.0b3
 CVE-2026-54499 (Stanza is a Stanford NLP Python library for tokenization, 
sentence seg ...)
        TODO: check
 CVE-2026-53624 (Fiber is an Express inspired web framework written in Go. 
Prior to 3.4 ...)
-       TODO: check
+       NOT-FOR-US: Fiber
 CVE-2026-52200 (An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: Generic OEM UZ801_v2.1 4G LTE Router
 CVE-2026-51535 (In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion 
(Denial of Ser ...)
        TODO: check
 CVE-2026-49866 (libp2p is a JavaScript Implementation of libp2p networking 
stack. Prio ...)
        TODO: check
 CVE-2026-48492 (Snipe-IT is an IT asset/license management system. Prior to 
version 8. ...)
-       TODO: check
+       - snipe-it <itp> (bug #1005172)
 CVE-2026-47840 (A network attacker positioned between UAA and its LDAP 
directory can i ...)
        TODO: check
 CVE-2026-47831 (Use of a cryptographically weak random number generator in the 
Generat ...)
@@ -558,35 +558,35 @@ CVE-2026-47826 (The blobs.yml path key traversal 
vulnerability in the BOSH CLI t
 CVE-2026-47646 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45045 (Fiber is an Express inspired web framework written in Go. 
Prior to 3.3 ...)
-       TODO: check
+       NOT-FOR-US: Fiber
 CVE-2026-44512 (Open Neural Network Exchange (ONNX) is an open standard for 
machine le ...)
        TODO: check
 CVE-2026-44332 (Fiber is an Express inspired web framework written in Go. 
Prior to 3.3 ...)
-       TODO: check
+       NOT-FOR-US: Fiber
 CVE-2026-44161 (Fluentd collects events from various data sources and writes 
them to f ...)
-       TODO: check
+       NOT-FOR-US: Fluentd
 CVE-2026-44160 (Fluentd collects events from various data sources and writes 
them to f ...)
-       TODO: check
+       NOT-FOR-US: Fluentd
 CVE-2026-44025 (Fluentd collects events from various data sources and writes 
them to f ...)
-       TODO: check
+       NOT-FOR-US: Fluentd
 CVE-2026-44024 (Fluentd collects events from various data sources and writes 
them to f ...)
-       TODO: check
+       NOT-FOR-US: Fluentd
 CVE-2026-41857 (A compromised or malicious BOSH Director can execute arbitrary 
shell c ...)
-       TODO: check
+       NOT-FOR-US: BOSH
 CVE-2026-39179 (A SQL injection vulnerability in SOGo before 5.12.7 allows 
authenticat ...)
        TODO: check
 CVE-2026-39178 (A SQL injection vulnerability in SOGo before 5.12.7 allows 
authenticat ...)
        TODO: check
 CVE-2026-36028 (A protection mechanism failure in the Code 27 Companion Hub 
allows an  ...)
-       TODO: check
+       NOT-FOR-US: Code 27 Companion Hub
 CVE-2026-36027 (An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a 
physicall ...)
-       TODO: check
+       NOT-FOR-US: Code 27 Companion Hub
 CVE-2026-35552 (In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and 
UDiTH Portal ...)
-       TODO: check
+       NOT-FOR-US: CAXperts UPVWebServices
 CVE-2026-35211 (OpenCTI is an open source platform for managing cyber threat 
intellige ...)
-       TODO: check
+       NOT-FOR-US: OpenCTI
 CVE-2026-35210 (OpenCTI is an open source platform for managing cyber threat 
intellige ...)
-       TODO: check
+       NOT-FOR-US: OpenCTI
 CVE-2026-31309 (Improper authorization in the /tequilapi/config/user endpoint 
of Myste ...)
        TODO: check
 CVE-2026-15174 (Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 
to 4.6.6  ...)
@@ -614,9 +614,9 @@ CVE-2026-15164 (Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 
to 4.4.16 allows den
 CVE-2026-15163 (Multiple protocol dissector infinite loops in Wireshark 4.6.0 
to 4.6.6 ...)
        NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15154 (A flaw was found in `guardrails-detectors`, a component of Red 
Hat Ope ...)
-       TODO: check
+       NOT-FOR-US: Red Hat OpenShift AI
 CVE-2026-15138 (A security vulnerability has been detected in tumf 
mcp-text-editor up  ...)
-       TODO: check
+       NOT-FOR-US: mcp-text-editor
 CVE-2026-15137 (A weakness has been identified in code-projects Interview 
Management S ...)
        NOT-FOR-US: code-projects
 CVE-2026-15135 (A security flaw has been discovered in code-projects Online 
Food Order ...)
@@ -624,13 +624,13 @@ CVE-2026-15135 (A security flaw has been discovered in 
code-projects Online Food
 CVE-2026-15134 (A vulnerability was determined in CodeAstro Simple Online 
Leave Manage ...)
        NOT-FOR-US: CodeAstro
 CVE-2026-15105 (A flaw has been found in davenardella snap7 up to 1.4.3. This 
affects  ...)
-       TODO: check
+       NOT-FOR-US: davenardella snap7
 CVE-2026-14896 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a 
cross-namespa ...)
-       TODO: check
+       - nomad <removed>
 CVE-2026-14891 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a 
sandbox escap ...)
-       TODO: check
+       - nomad <removed>
 CVE-2026-14373 (HashiCorp Nomad and Nomad Enterprise did not enforce the 
allow_privile ...)
-       TODO: check
+       - nomad <removed>
 CVE-2026-14361 (The consul-template library before version 0.42.1 is 
vulnerable to a p ...)
        TODO: check
 CVE-2026-13320 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b109b6fd2bf02c02c6c235499aee057282f1f8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b109b6fd2bf02c02c6c235499aee057282f1f8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to