Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d830fb97 by security tracker role at 2026-06-24T19:14:39+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
 CVE-2026-7761 (The Ultimate Member plugin for WordPress is vulnerable to 
Account Take ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-57307 (A missing permission check in Jenkins Zowe zDevOps Plugin 
1.1.3.50.ve3 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57306 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Zowe zDev ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57305 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Assembla  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57304 (A missing permission check in Jenkins Assembla Plugin 1.4 and 
earlier  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57303 (Jenkins Assembla Plugin 1.4 and earlier does not configure its 
XML par ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57302 (Jenkins FitNesse Plugin 1.36 and earlier stores passwords 
unencrypted  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57301 (Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build 
operations o ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57300 (A missing permission check in Jenkins MCP Server Plugin 
0.177.v629fdb_ ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57299 (Missing permission checks in Jenkins Contrast Continuous 
Application S ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57298 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Contrast  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57297 (A missing permission check in Jenkins Contrast Continuous 
Application  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57296 (Jenkins External Workspace Manager Plugin 1.3.2 and earlier 
does not r ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57295 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
EC2 Fleet ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57294 (A missing permission check in Jenkins EC2 Fleet Plugin 
4.2.3.539.v8fed ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57293 (An incorrect permission check in Jenkins Gitee Plugin 
1288.v18b_deb_c9 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57292 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Gitee Plu ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57291 (Missing permission checks in Jenkins Gitee Plugin 
1288.v18b_deb_c9069b ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57290 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Priority  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57289 (Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and 
earlier uncon ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57288 (Jenkins Active Directory Plugin 2.41.1 and earlier does not 
escape the ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57287 (Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ 
and earl ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57286 (A missing permission check in Jenkins Git Parameter Plugin 
462.vdcf3df ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57285 (A missing permission check in Jenkins GitHub Branch Source 
Plugin 1967 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57284 (Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier 
does no ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57283 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Pipeline: ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57282 (Jenkins Git client Plugin 6.6.0 and earlier does not correctly 
escape  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57281 (Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier 
does not ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-57280 (Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier 
does not ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-56761 (hono before 4.12.14 contains an html injection vulnerability 
in jsx se ...)
        TODO: check
 CVE-2026-56370 (ImageMagick before 7.1.2-19 contains an out-of-bounds access 
vulnerabi ...)
@@ -107,7 +107,7 @@ CVE-2026-56118
 CVE-2026-56111 (Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when 
built w ...)
        TODO: check
 CVE-2026-56052 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-55611 (AnythingLLM is an application that turns pieces of content 
into contex ...)
        TODO: check
 CVE-2026-55488 (motionEye (mEye) is an online interface for a piece of 
software called ...)
@@ -219,21 +219,21 @@ CVE-2026-13150 (Server-Side Request Forgery (SSRF) 
(CWE-918) in the PDF generati
 CVE-2026-13140 (Stored Cross-Site Scripting in the exposed AWS API key store 
ofThinkst ...)
        TODO: check
 CVE-2026-12986 (A critical vulnerability in Admin GUI in Payara Server Full 
4.x, 5.x,  ...)
-       TODO: check
+       NOT-FOR-US: Payara
 CVE-2026-12760 (A denial-of-service (DoS) vulnerability has been identified in 
Tapo C2 ...)
-       TODO: check
+       NOT-FOR-US: TPLink
 CVE-2026-12537 (Improper Neutralization used in an OS Command in the container 
launche ...)
        TODO: check
 CVE-2026-12242 (The AdRotate Banner Manager plugin for WordPress is vulnerable 
to PHP  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11968 (Argument Injection in TortoiseGitBlame via Malicious Git 
History Filen ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-11878 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: OpenText
 CVE-2026-11877 (An unauthorized user can modify configuration through API 
calls that a ...)
-       TODO: check
+       NOT-FOR-US: OpenText
 CVE-2026-10745 (Improper output neutralization for logs vulnerability in 
upKeeper Solu ...)
-       TODO: check
+       NOT-FOR-US: upKeeper Solutions
 CVE-2025-71361 (picklescan before 0.0.29 fails to detect malicious 
idlelib.calltip.Cal ...)
        TODO: check
 CVE-2025-71354 (picklescan before 0.0.29 fails to detect malicious pickle 
files that e ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d830fb973b826dd05662732bc794a2b950db2265

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d830fb973b826dd05662732bc794a2b950db2265
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to