Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
550ab1a3 by security tracker role at 2026-07-15T19:14:50+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,9 +77,9 @@ CVE-2026-61841
 CVE-2026-61839
        REJECTED
 CVE-2026-61836 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-61835 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-61829
        REJECTED
 CVE-2026-61828 (Nixpkgs is a collection of software packages that can be 
installed wit ...)
@@ -151,17 +151,17 @@ CVE-2026-59955 (Apollo is a reliable configuration 
management system suitable fo
 CVE-2026-59954 (Apollo is a reliable configuration management system suitable 
for micr ...)
        TODO: check
 CVE-2026-59838 (A improper neutralization of script-related html tags in a web 
page (b ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2026-59762 (When an HTTP/2 profile is configured on a virtual server, 
undisclosed  ...)
        TODO: check
 CVE-2026-59259 (n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a 
permission ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-59258 (immich before 3.0.3 contains a broken access control 
vulnerability in  ...)
        TODO: check
 CVE-2026-59255 (BloodHound through 9.4.0, fixed in commit 8f79035, contains a 
missing  ...)
        TODO: check
 CVE-2026-59254 (n8n before 2.28.1 contains an information disclosure 
vulnerability whe ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-59236 (Authorization Bypass Through User-Controlled Key (CWE-639) in 
the Exce ...)
        TODO: check
 CVE-2026-59235 (Missing Authorization (CWE-862) in BankAccountListController 
(app/Http ...)
@@ -175,45 +175,45 @@ CVE-2026-58658 (GPUStack through 2.2.1, fixed in commit 
4e20551, contains an una
 CVE-2026-58655 (The bundled Grav Flex Objects plugin 
(getgrav/grav-plugin-flex-objects ...)
        TODO: check
 CVE-2026-58559 (DoS vulnerability in the vibration service.Impact: Successful 
exploita ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58558 (Permission control vulnerability in the file system.Impact: 
Successful ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58557 (Design defect vulnerability in Expedition mode.Impact: 
Successful expl ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58556 (Permission control vulnerability in the Bluetooth 
module.Impact: Succe ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58555 (Permission bypass vulnerability in the card module.Impact: 
Successful  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58554 (Permission control vulnerability in the Settings 
module.Impact: Succes ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58553 (Out-of-bounds read vulnerability in the image codec 
module.Impact: Suc ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58552 (Out-of-bounds read vulnerability in the image codec 
module.Impact: Suc ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58551 (Out-of-bounds read vulnerability in the image codec 
module.Impact: Suc ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58550 (Out-of-bounds read vulnerability in the image codec module. 
Impact: Su ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58549 (Out-of-bounds read vulnerability in the image codec module. 
Impact: Su ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2026-58077 (The Joomla extension 4Analytics is vulnerable to an 
unauthenticated st ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-57996 (phpMyFAQ before 4.1.5 contains a privilege escalation 
vulnerability in ...)
        TODO: check
 CVE-2026-57833 (The Joomla extension 4Analytics is vulnerable to an 
unauthenticated st ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-57832 (The Joomla extension EDocman is vulnerable to an 
unauthenticated SQL i ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-57831 (The Joomla extension DP Calendar is vulnerable to an 
unauthenticated S ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-57821 (A SQL Injection vulnerability exists in Apache Fineract's 
Office Searc ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-56764 (Hono before 4.11.10 contains a timing attack vulnerability in 
the basi ...)
        TODO: check
 CVE-2026-56699 (Wazuh Manager before 5.0.0-beta3 fails to escape the 
DataValue.index f ...)
        TODO: check
 CVE-2026-56687 (Dell ThinOS 10, versions prior to 2605_10.2100, contain an 
Obsolete Fe ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-56434 (NGINX Plus and NGINX Open Source have a vulnerability in the 
ngx_http_ ...)
        TODO: check
 CVE-2026-56400 (open-webui before 0.3.14 contains a cross-origin resource 
sharing misc ...)
@@ -223,19 +223,19 @@ CVE-2026-56398 (Open WebUI before 0.9.5 contains a stored 
cross-site scripting v
 CVE-2026-56375 (ImageMagick through 7.1.2-18 contains a memory leak 
vulnerability in t ...)
        TODO: check
 CVE-2026-56353 (n8n contains an authentication bypass in the Chat Trigger node 
when co ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56352 (n8n before 2.19.3 contains a file path restriction bypass in 
the legac ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56349 (n8n before version 2.10.0 contains an input validation 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56339 (Capgo (Cap-go/capgo) before 12.128.2 contains an information 
disclosur ...)
        TODO: check
 CVE-2026-56287 (A boolean-based SQL Injection vulnerability exists in Apache 
Fineract' ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-56087 (Dell ThinOS 10, versions prior to 2605_10.2100 contain a 
Protection Me ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-55723 (When NGINX Ingress Controller is configured with Custom 
Resource Defin ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-55242 (ERPNext is a free and open source Enterprise Resource Planning 
tool. P ...)
        TODO: check
 CVE-2026-54563 (Cloudreve is a self-hosted file management and sharing system. 
Prior t ...)
@@ -261,7 +261,7 @@ CVE-2026-53513 (Better Auth is an authentication and 
authorization library for T
 CVE-2026-53512 (Better Auth is an authentication and authorization library for 
TypeScr ...)
        TODO: check
 CVE-2026-52865 (When NGINX Ingress Controller processes Ingress or 
TransportServer res ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-52843 (Lightpanda is a headless browser designed for AI and 
automation. Prior ...)
        TODO: check
 CVE-2026-52842 (Lightpanda is a headless browser designed for AI and 
automation. Prior ...)
@@ -279,7 +279,7 @@ CVE-2026-49988 (Repomix is a tool that packs repositories 
into AI-friendly files
 CVE-2026-49987 (Repomix is a tool that packs repositories into AI-friendly 
files. Prio ...)
        TODO: check
 CVE-2026-49501 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and 
versions  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-48799 (Postiz is an AI social media scheduling tool. Prior to 2.21.8, 
Postiz  ...)
        TODO: check
 CVE-2026-47703 (AdGuard Home is a network-wide software for blocking ads and 
tracking. ...)
@@ -319,31 +319,31 @@ CVE-2026-42533 (A vulnerability exists in NGINX Plus and 
NGINX Open Source when
 CVE-2026-41580 (Stirling-PDF is a locally hosted web application that 
facilitates vari ...)
        TODO: check
 CVE-2026-40633 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, 
versions 9.11 ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-40501 (Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 
1518530,  ...)
        TODO: check
 CVE-2026-35152 (A SQL Injection vulnerability exists in Apache Fineract's 
Report Execu ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-33213 (Redash is a package for data visualization and sharing. From 
5.0.2 to  ...)
        TODO: check
 CVE-2026-20298 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 
and 9.4.13 ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20297 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 
9.4.13, an ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20296 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 
and 9.4.13 ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20187 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20158 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20157 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20156 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20153 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20150 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20146 (A vulnerability in Cisco Identity Services Engine (ISE) and 
Cisco ISE  ...)
        TODO: check
 CVE-2026-1563 (Pega Platform versions 8.1.0 through 25.1.2 are affected by an 
Reflect ...)
@@ -357,7 +357,7 @@ CVE-2026-15804 (The HCM developed by MetaGuru has a SQL 
Injection vulnerability.
 CVE-2026-15779 (A flaw was found in samba's pam_winbind. When mkhomedir is 
enabled, pa ...)
        TODO: check
 CVE-2026-15746 (Strands Agents is an open-source Python SDK for building and 
running A ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-15583 (A confused-deputy flaw in Grafana MCP Server allows an 
unauthenticated ...)
        TODO: check
 CVE-2026-14961 (Pegatron `Tdelo64.sys` exposes a privileged device interface, 
`\\.\Tde ...)
@@ -365,13 +365,13 @@ CVE-2026-14961 (Pegatron `Tdelo64.sys` exposes a 
privileged device interface, `\
 CVE-2026-14960 (Pegatron `Tdelo64.sys` improperly exposes privileged hardware 
access f ...)
        TODO: check
 CVE-2026-14251 (A flaw was found in the OpenShift GitOps operator. The 
ClusterRole rec ...)
-       TODO: check
+       NOT-FOR-US: Argo CD
 CVE-2026-12997 (The Gravity Forms plugin for WordPress is vulnerable to 
Directory Trav ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12382 (A flaw was found in the AAP Gateway Envoy proxy configuration. 
The non ...)
        TODO: check
 CVE-2026-10673 (The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver 
(drivers/e ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-32781 (Apollo is a reliable configuration management system suitable 
for micr ...)
        TODO: check
 CVE-2026-56136



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/550ab1a3664a2cb74470570b0d72df9a3270be11

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/550ab1a3664a2cb74470570b0d72df9a3270be11
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to