Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
96532fb3 by security tracker role at 2026-06-25T19:14:26+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,17 +3,17 @@ CVE-2026-9800 (A flaw was found in Keycloak Policy Enforcer. 
This vulnerability
 CVE-2026-9799 (A flaw was found in org.keycloak.authorization. An 
authenticated user  ...)
        TODO: check
 CVE-2026-9718 (CWE-617 Reachable Assertion vulnerability exists that could 
allow an a ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2026-9717 (CWE-78 Neutralization of Special Elements used in an OS Command 
('OS C ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2026-9716 (CWE-476 NULL Pointer Dereference vulnerability exists that 
could cause ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2026-9705 (A flaw was found in Keycloak's client registration service. A 
remote a ...)
        TODO: check
 CVE-2026-9651 (CWE-732 Incorrect Permission Assignment for Critical Resource 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2026-9650 (CWE-522 Insufficiently Protected Credentials vulnerability that 
could  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2026-9099 (A flaw was found in Keycloak. A missing authorization check in 
the Gro ...)
        TODO: check
 CVE-2026-9086 (A flaw was found in Keycloak. A remote attacker with 
administrative pr ...)
@@ -21,7 +21,7 @@ CVE-2026-9086 (A flaw was found in Keycloak. A remote 
attacker with administrati
 CVE-2026-9083 (A flaw was found in Keycloak. A realm administrator with the 
"manage-r ...)
        TODO: check
 CVE-2026-6432 (Improper bounds validation in EmberZNet SDK versions 9.0.2 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-6291 (Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When 
decrypti ...)
        TODO: check
 CVE-2026-6094 (Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when 
parsing craf ...)
@@ -29,23 +29,23 @@ CVE-2026-6094 (Heap buffer overread in 
wc_PKCS7_DecodeEnvelopedData when parsing
 CVE-2026-6091 (Partial-chain certificate verification may accept chains that 
terminat ...)
        TODO: check
 CVE-2026-57700 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Daan. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57619 (Contributor Sensitive Data Exposure in Elementor Website 
Builder <= 4. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57588 (A SQL injection vulnerability in Nessus allows an attacker to 
craft a  ...)
-       TODO: check
+       NOT-FOR-US: Tenable
 CVE-2026-57587 (A SQL injection vulnerability in Nessus allows a remote, 
unauthenticat ...)
-       TODO: check
+       NOT-FOR-US: Tenable
 CVE-2026-57536 (Our payment integration with Mollie did not properly validate 
payment  ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-57535 (Content injected to PDF rendering contexts could, in many 
places, incl ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-57534 (Malicious HTML content could be injected into the content of a 
page in ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-57533 (Malicious HTML content could be injected into the page pretix 
shows wh ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-57532 (Malicious HTML content contained in the layout specification 
of a PDF  ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-57456 (Vim is an open source, command line text editor. Prior to 
9.2.0699, Vi ...)
        TODO: check
 CVE-2026-57455 (Vim is an open source, command line text editor. Prior to 
9.2.0698, th ...)
@@ -69,7 +69,7 @@ CVE-2026-57435 (Nokogiri is an open source XML and HTML 
library for the Ruby pro
 CVE-2026-57434 (Nokogiri is an open source XML and HTML library for the Ruby 
programmi ...)
        TODO: check
 CVE-2026-57429 (Contributor Broken Access Control in Slim SEO <= 4.6.2 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57236 (Nokogiri is an open source XML and HTML library for the Ruby 
programmi ...)
        TODO: check
 CVE-2026-57235 (Nokogiri is an open source XML and HTML library for the Ruby 
programmi ...)
@@ -115,29 +115,29 @@ CVE-2026-56122 (Winstone Servlet Engine through 0.9.10 
contains a path traversal
 CVE-2026-56091 (When using Apache Shiro with the shiro-guice module in a web 
servlet c ...)
        TODO: check
 CVE-2026-56071 (Unauthenticated Cross Site Scripting (XSS) in Forminator <= 
1.53.1 ver ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56054 (Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56053 (Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56051 (Unauthenticated Cross Site Scripting (XSS) in TablePress <= 
3.3.1 vers ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56050 (Improper Access Control vulnerability in Themeisle PPOM for 
WooCommerc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56049 (Contributor Remote Code Execution (RCE) in Post Snippets <= 
4.0.19 ver ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56042 (Customer Cross Site Scripting (XSS) in Advanced Order Export 
For WooCo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56023 (Customer Broken Access Control in UPI QR Code Payment Gateway 
for WooC ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56014 (Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 
3.11.2  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56013 (Unauthenticated Insecure Direct Object References (IDOR) in 
License Ma ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56006 (Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56005 (Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 
5.6.3.1 ve ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-55967 (AES-GCM encryption/decryption with extremely large cumulative 
single m ...)
        TODO: check
 CVE-2026-55961 (wolfSSL_PKCS7_verify() returning success for a degenerate 
(certs-only) ...)
@@ -177,35 +177,35 @@ CVE-2026-55092 (Trivy is a security scanner. Prior to 
0.71.1, when Trivy downloa
 CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage 
(S3), fil ...)
        TODO: check
 CVE-2026-54849 (Unauthenticated SQL Injection in Premmerce Wishlist for 
WooCommerce <= ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54848 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Saa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54845 (Unauthenticated Local File Inclusion in MDTF <= 1.3.8 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54844 (Unauthenticated Broken Access Control in CheckView Automated 
Testing < ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54843 (Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54842 (Missing Authorization vulnerability in Royal Plugins Royal MCP 
allows  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54841 (Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54838 (Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54836 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54830 (Unauthenticated Broken Access Control in Five Star Restaurant 
Reservat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54829 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54828 (Unauthenticated Broken Access Control in Motors <= 1.4.109 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54823 (Contributor Remote Code Execution (RCE) in Widget Options <= 
4.2.3 ver ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54822 (Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54821 (Subscriber Sensitive Data Exposure in Visual Link Preview <= 
2.3.1 ver ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54679 (jq is a command-line JSON processor. Prior to 1.8.2, on 32bit 
system,  ...)
        TODO: check
 CVE-2026-54573 (Outline is a service that allows for collaborative 
documentation. Prio ...)
@@ -269,59 +269,59 @@ CVE-2026-50015 (pnpm is a package manager. Prior to 
10.34.0 and 11.4.0, pnpm's p
 CVE-2026-50014 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm 
passes th ...)
        TODO: check
 CVE-2026-4930 (SYMCRYPTO is the SiXG301's host side hardware engine accessed 
by PSA c ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-4526 (In EmberZNet v9.0.2 and earlier, malformed global ZCL messages 
can tri ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-4522 (Missing authentication for critical function vulnerability in 
HYPR Pas ...)
-       TODO: check
+       NOT-FOR-US: HYPR
 CVE-2026-49506 (Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, 
contain an  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-49319 (Remote Keyless Entry System (RKES), using the 433 MHz key fob 
bearing  ...)
        TODO: check
 CVE-2026-48995 (pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a 
malicious co ...)
        TODO: check
 CVE-2026-48946 (The K2 frontend article-attachment upload path accepts files 
whose ext ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48945 (The K2 article gallery upload path accepts a zip/tar archive, 
extracts ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48944 (The K2 frontend article-save handler accepts an 
`attachment[N][existin ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48943 (K2 \u2264 2.24 contains a mass-assignment defect in the K2 
system user ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48942 (K2 \u2264 2.26 renders the `#__k2_users.image` column directly 
into HT ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48941 (The K2 frontend `item.checkin` task accepts an unauthenticated 
`sigPro ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-48940 (A Joomla user with K2 "create item" rights (Author tier by 
default) ca ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-47154 (In EmberZNet v9.0.2 and earlier, a malformed 
GetProfileResponse messag ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47153 (In EmberZNet v9.0.2 and earlier, a malformed Level Control 
Step comman ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47152 (In EmberZNet v9.0.2 and earlier, a malformed Level Control 
Move comman ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47151 (In EmberZNet v9.0.2 and earlier, malformed 
ClearWeekdaySchedule messag ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47150 (In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment 
message ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47149 (In EmberZNet v9.0.2 and earlier, malformed or out-of-range 
Door Lock u ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47148 (In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership 
commands ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47147 (In EmberZNet v9.0.2 and earlier, malformed OTA requests can 
drive the  ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47146 (In EmberZNet v9.0.2 and earlier, malformed Color Control 
messages can  ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-47145 (In EmberZNet v9.0.2 and earlier, malformed Color Control 
messages can  ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-46735 (Dell Display and Peripheral Manager (DDPM Mac), versions prior 
to 2.3, ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-46734 (Dell Display and Peripheral Manager (DDPM Mac), versions prior 
to 2.3, ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-46733 (Dell Display and Peripheral Manager (DDPM Windows), versions 
prior to  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-46732 (Dell Display and Peripheral Manager (DDPM Mac), versions prior 
to 2.3, ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-46611 (Glances is an open-source system cross-platform monitoring 
tool. Prior ...)
        TODO: check
 CVE-2026-46608 (Glances is an open-source system cross-platform monitoring 
tool. Prior ...)
@@ -333,33 +333,33 @@ CVE-2026-46606 (Glances is an open-source system 
cross-platform monitoring tool.
 CVE-2026-45233 (HTMLy CMS through 3.1.1 contains a path traversal 
vulnerability that a ...)
        TODO: check
 CVE-2026-41120 (Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, 
contain an  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-2815 (Incorrect use of the PUF key for user key generation in 
EFR32xG27 resu ...)
-       TODO: check
+       NOT-FOR-US: Silicon Labs
 CVE-2026-28898 (swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate 
pseudo-hea ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2026-27366 (Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 
version ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-13351 (Zephyr's IPv6 network stack can be prevented from receiving or 
process ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-13350 (Permissions where checked incorrectly during room creation, 
allowing a ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-13314 (Malicious HTML content could be injected into the content 
rendered by  ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-13225 (Malicious HTML content could be injected into the email 
address of an  ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-13223 (Our payment integration with Computop-based payment methods 
did not  p ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-13222 (Our payment integration with Oppwa-based payment methods did 
not  prop ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-12937 (The Tourfic \u2013 AI Powered Travel Booking, Hotel Booking & 
Car Rent ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12921 (In AzeoTech DAQFactory versions 21.1 and prior, a Use After 
Free vulne ...)
        TODO: check
 CVE-2026-12897 (Horner Automation Cscape versions prior to 10.2 SP3 are 
vulnerable to  ...)
        TODO: check
 CVE-2026-12755 (Improper input validation in the PAM AD discovery endpoints in 
 Devolu ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-11999 (X.509 trust-chain bypass (path-depth exhaustion) in the 
OpenSSL compat ...)
        TODO: check
 CVE-2026-12844 (List::SomeUtils::XS versions before 0.59 for Perl have a heap 
buffer o ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96532fb39fd0fb21949c2b73a26a723c76ecc44e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96532fb39fd0fb21949c2b73a26a723c76ecc44e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to