Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
51347738 by security tracker role at 2026-07-10T07:14:20+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-60120 (Bagisto before 2.4.4 contains a stored cross-site scripting 
vulnerabil ...)
        TODO: check
 CVE-2026-5069 (The Fluent Forms plugin for WordPress is vulnerable to 
incorrect autho ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-59858 (Vim is an open source, command line text editor. Prior to 
9.2.0735, th ...)
        TODO: check
 CVE-2026-59857 (Vim is an open source, command line text editor. Prior to 
9.2.0725, th ...)
@@ -23,7 +23,7 @@ CVE-2026-59832 (SiYuan is an open-source personal knowledge 
management system. P
 CVE-2026-59831 (GitHub CLI (gh) is GitHub\u2019s official command line tool. 
From 2.10 ...)
        TODO: check
 CVE-2026-59828 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-58144 (Cotonti Siena 0.9.26 and earlier contains a stored cross-site 
scriptin ...)
        TODO: check
 CVE-2026-58143 (Cotonti Siena 0.9.26 and earlier contains a cross-site request 
forgery ...)
@@ -35,35 +35,35 @@ CVE-2026-58122 (Hermes WebUI before 0.51.307 contains an 
authentication bypass v
 CVE-2026-57501 (Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance 
and spl ...)
        TODO: check
 CVE-2026-57054 (A Use of Incorrectly-Resolved Name or Reference vulnerability 
in the U ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57032 (An Improper Handling of Undefined Parameters vulnerability in 
the pack ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57031 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57030 (A Concurrent Execution using Shared Resource with Improper 
Synchroniza ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57029 (AMissing Synchronization vulnerability in the flow collector 
handler o ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57028 (An Improper Restriction of Communication Channel to Intended 
Endpoints ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57027 (A Missing Release of Memory after Effective Lifetime 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57026 (An Improper Validation of Syntactic Correctness of Input 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57025 (A Return of Pointer Value Outside of Expected Range 
vulnerability in t ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57024 (A Use of Multiple Resources with Duplicate Identifier 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57023 (An Improper Validation of Specified Quantity in Input 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57022 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57021 (An Out-of-bounds Write vulnerability in the http-gatekeeper 
(http-gk)  ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57020 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-57019 (An Improper Validation of Specified Quantity in Input 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-55865 (Python Liquid is a Python engine for the Liquid template 
language. Pri ...)
        TODO: check
 CVE-2026-55689 (OpenFGA is an authorization/permission engine built for 
developers. Pr ...)
@@ -77,7 +77,7 @@ CVE-2026-55605 (DeepSeek MCP Server is an MCP server for 
DeepSeek V4. Starting i
 CVE-2026-55604 (DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting 
in vers ...)
        TODO: check
 CVE-2026-55424 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-55212 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
        TODO: check
 CVE-2026-55208 (Pimcore Studio Backend Bundle is the backend bundle for 
Pimcore Studio ...)
@@ -93,11 +93,11 @@ CVE-2026-54769 (Langroid is a framework for building 
large-language-model-powere
 CVE-2026-54760 (Langroid is a framework for building 
large-language-model-powered appl ...)
        TODO: check
 CVE-2026-53963 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-53962 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-53961 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-51926 (An issue in docuForm GmbH FSM Client v.11.11c allows a remote 
attacker ...)
        TODO: check
 CVE-2026-51925 (A Local File Inclusion (LFI) vulnerability exists in docuForm 
GmbH Cli ...)
@@ -111,15 +111,15 @@ CVE-2026-50181 (Langroid is a framework for building 
large-language-model-powere
 CVE-2026-50180 (Langroid is a framework for building 
large-language-model-powered appl ...)
        TODO: check
 CVE-2026-49256 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-46413 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-45788 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-45780 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-44787 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-44342 (New API is a large language mode (LLM) gateway and artificial 
intellig ...)
        TODO: check
 CVE-2026-39246 (decompress before 4.2.2 allows arbitrary symlink creation 
during archi ...)
@@ -131,59 +131,59 @@ CVE-2026-39243 (decompress before 4.2.2 allows arbitrary 
hardlink creation durin
 CVE-2026-38076 (An integer overflow in the jbig2_arith_iaid_ctx_new() function 
of Arti ...)
        TODO: check
 CVE-2026-33803 (An Improper Restriction of Communication Channel to Intended 
Endpoints ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-33802 (A Missing Authorization vulnerability in the CLI of Juniper 
Networks J ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-33801 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-33800 (An Unchecked Input for Loop Condition vulnerability in the 
Packet Forw ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-33799 (An Out-of-bounds Write vulnerability in the SNMP daemon 
(snmpd) of Jun ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-33794 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-33655 (New API is a large language mode (LLM) gateway and artificial 
intellig ...)
        TODO: check
 CVE-2026-31267 (Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is 
vulnerable to Buf ...)
        TODO: check
 CVE-2026-21901 (A NULL Pointer Dereference vulnerability in the management 
daemon (mgd ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2026-21057 (Improper input validation in Samsung Pass prior to version 
5.2.10.3 al ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21056 (Improper authorization in Samsung Health prior to version 
7.00.0.107 a ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21055 (Improper export of android application components in Bixby 
prior to ve ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21054 (Improper export of android application components in 
InputSharing prio ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21053 (Improper input validation in Samsung Email prior to version 
6.2.13.1 a ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21052 (Path traversal in SemClipboardService prior to SMR Jul-2026 
Release 1  ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21051 (Incorrect default permissions in WLAN security prior to SMR 
Jul-2026 R ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21050 (Improper access control in SmartThingsKit prior to SMR 
Jul-2026 Releas ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21049 (Out-of-bounds write in libpadm.so library prior to SMR 
Jul-2026 Releas ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21048 (Out-of-bounds write in parsing DNG format in 
libimagecodec.media.quram ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21046 (Time-of-check time-of-use race condition in fabricKeymaster 
trustlet p ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21045 (Out-of-bounds write in parsing TIFF format in 
libimagecodec.media.qura ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21044 (Improper authorization in KnoxGuardManager prior to SMR 
Jul-2026 Relea ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21043 (Path traversal in Wallpaper service prior to SMR Jul-2026 
Release 1 al ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21042 (Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 
Release 1 al ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21041 (Improper access control in SamsungSEAgentService prior to SMR 
Jul-2026 ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21040 (Improper access control in IAFDService prior to SMR Jul-2026 
Release 1 ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-21039 (Improper access control in Settings prior to SMR Jul-2026 
Release 1 al ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-15332 (A security flaw has been discovered in zhayujie CowAgent up to 
2.1.0.  ...)
        TODO: check
 CVE-2026-15331 (A vulnerability was identified in zhayujie CowAgent up to 
2.1.0. The a ...)
@@ -207,81 +207,81 @@ CVE-2026-15317 (A security flaw has been discovered in 
Sipeed PicoClaw up to 0.2
 CVE-2026-15311 (A vulnerability was identified in NousResearch hermes-agent up 
to 2026 ...)
        TODO: check
 CVE-2026-15302 (The ARMember plugin for WordPress is vulnerable to Directory 
Traversal ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15301 (The BuddyHolis TableSearch plugin for WordPress is vulnerable 
to Store ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15300 (The GEO my WP plugin for WordPress was vulnerable to SQL 
Injection via ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15299 (The Animation Addons for Elementor plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15298 (The TelSender plugin for WordPress is vulnerable to DOM-Based 
Cross-Si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15297 (The Newsletter, SMTP, Email marketing and Subscribe forms by 
Brevo (fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15296 (The affiliate-toolkit \u2013 WP Affiliate Plugin with Amazon 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15293 (The WP Business Intelligence Lite plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15292 (The Sudoku Shortcode plugin for WordPress is vulnerable to 
Stored Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15291 (The Chat Help \u2013 Click to Chat Button & Form plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15290 (The Ultimate Member \u2013 User Profile, Registration, Login, 
Member D ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15289 (The Booking calendar, Appointment Booking System plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15288 (The SureForms \u2013 Drag and Drop Form Builder for WordPress 
plugin f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15287 (The rtMedia for WordPress, BuddyPress and bbPress plugin for 
WordPress ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15286 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder 
Feature ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15285 (The Plus Addons for Elementor plugin for WordPress was 
vulnerable to A ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15284 (The King Addons for Elementor plugin for WordPress is 
vulnerable to St ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15283 (The WPvivid Backup for MainWP plugin for WordPress is 
vulnerable to St ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15282 (The Instant Appointment plugin for WordPress is vulnerable to 
arbitrar ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15276 (A flaw has been found in pdeljanov Symphonia up to 0.6.0. This 
vulnera ...)
        TODO: check
 CVE-2026-15274 (A vulnerability was detected in lo48576 fbxcel up to 0.9.0. 
This affec ...)
        TODO: check
 CVE-2026-15271 (A security vulnerability has been detected in TOTOLINK 
A3000RU, A3100R ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-15270 (A weakness has been identified in D-link DIR-823G 
1.0.2B05_20181207. A ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-15070 (The Salon Booking System \u2013 Free Version plugin for 
WordPress is v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14894 (The Super Forms \u2013 Drag & Drop Form Builder plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13430 (The Post Export Import with Media plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12685 (The EscortWP escortwp WordPress theme through 3.6.2 was 
distributed wi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12598 (The LoginPress Pro plugin for WordPress is vulnerable to 
authenticatio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12597 (The LoginPress Pro plugin for WordPress is vulnerable to 
Authenticatio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12595 (The LoginPress Pro plugin for WordPress is vulnerable to 
Authenticatio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12276 (The LA-Studio Element Kit for Elementor WordPress plugin 
before 1.6.1  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12123 (The All-in-One Video Gallery plugin for WordPress is 
vulnerable to Ser ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11818 (The WPCafe \u2013 Restaurant Menu, Online Food Ordering & 
Table Bookin ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11392 (The WP Hotel Booking plugin for WordPress is vulnerable to 
Reflected C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-0278 (Multiple protection mechanism failures in the Prisma Access 
Agent Data ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0277 (An improper certificate validation vulnerability in the 
Prisma\xae Acc ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0276 (A privilege escalation vulnerability in Palo Alto Networks 
Cortex\xae  ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0275 (A local privilege escalation vulnerability in Palo Alto 
Networks Prism ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2025-45422 (Incorrect access control in Proximus b-box v8c.725A allows 
authenticat ...)
        TODO: check
 CVE-2026-14741



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/513477383bec01d5d2927d4c9c9c0b5e315271d8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/513477383bec01d5d2927d4c9c9c0b5e315271d8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to