Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
98597a52 by Moritz Muehlenhoff at 2026-07-02T16:15:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -76,9 +76,9 @@ CVE-2026-54756 (Jodit Editor is a WYSIWYG editor with written 
in pure TypeScript
 CVE-2026-54720 (Silverstripe Framework is a PHP framework which powers the 
Silverstrip ...)
        NOT-FOR-US: Silverstripe Framework
 CVE-2026-54712 (OpenTelemetry Java Instrumentation provides OpenTelemetry 
auto-instrum ...)
-       TODO: check
+       NOT-FOR-US: opentelemetry-javaagent
 CVE-2026-54704 (OpenTelemetry Java Instrumentation provides OpenTelemetry 
auto-instrum ...)
-       TODO: check
+       NOT-FOR-US: opentelemetry-javaagent
 CVE-2026-54263 (Wagtail is an open source content management system built on 
Django. I ...)
        NOT-FOR-US: Wagtail
 CVE-2026-54262 (Wagtail is an open source content management system built on 
Django. I ...)
@@ -110,7 +110,7 @@ CVE-2026-50279 (Craft CMS is a content management system 
(CMS). IN versions 5.0.
 CVE-2026-49858 (API Platform Core is a system to create hypermedia-driven REST 
and Gra ...)
        NOT-FOR-US: API Platform Core
 CVE-2026-38891 (An improper input validation in the gazebo_ros_diff_drive.cpp 
componen ...)
-       TODO: check
+       NOT-FOR-US: gazebo-plugins
 CVE-2026-36912 (A NULL pointer dereference in the 
AP4_AtomSampleTable::GetSample() fun ...)
        NOT-FOR-US: MPC-BE
 CVE-2026-36911 (A division-by-zero vulnerability in the 
CStreamSwitcherOutputPin::Deci ...)
@@ -521,9 +521,9 @@ CVE-2026-51947 (An issue in Pivotal CRM 6.6.4.08 and 
systems using patch-ghi-153
 CVE-2026-51946 (SQL Injection vulnerability in GoAdminGroup GoAdmin (last 
release v1.2 ...)
        NOT-FOR-US: GoAdminGroup GoAdmin
 CVE-2026-50043 (Improper neutralization of special elements used in an OS 
command ('OS ...)
-       TODO: check
+       NOT-FOR-US: SkyBridge
 CVE-2026-49119 (Gradio before 6.16.0 contain a path traversal vulnerability in 
the Fil ...)
-       TODO: check
+       NOT-FOR-US: Gradio
 CVE-2026-49091 (Improper Output Neutralization for Logs (CWE-117) in Kibana 
can lead t ...)
        - kibana <itp> (bug #700337)
 CVE-2026-49090 (Uncontrolled Resource Consumption (CWE-400) in Elasticsearch 
can lead  ...)
@@ -531,7 +531,7 @@ CVE-2026-49090 (Uncontrolled Resource Consumption (CWE-400) 
in Elasticsearch can
 CVE-2026-49088 (Insertion of Sensitive Information into Log File (CWE-532) in 
Kibana c ...)
        - kibana <itp> (bug #700337)
 CVE-2026-49087 (Allocation of Resources Without Limits or Throttling (CWE-770) 
in Kiba ...)
-       TODO: check
+       - kibana <itp> (bug #700337)
 CVE-2026-46680 (containerd is an open-source container runtime. In versions 
prior to 1 ...)
        TODO: check
 CVE-2026-41121 (Dell Device Management Agent, versions prior to DDMA 26.05, 
contain an ...)
@@ -647,7 +647,7 @@ CVE-2026-20213 (A vulnerability in the PE file format 
parser of ClamAV could all
        [trixie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: 
https://blog.clamav.net/2026/07/clamav-153-and-145-security-patch.html
 CVE-2026-20191 (A vulnerability in Cisco Catalyst Center could allow an 
unauthenticate ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-14358 (Improper neutralization of input during web page generation 
('cross-si ...)
        TODO: check
 CVE-2026-14330 (Multiple unbounded alloca() calls in the PulseAudio protocol 
server.)
@@ -664,9 +664,9 @@ CVE-2026-14258 (A flaw was found in dhcpcd's IPv6 Neighbor 
Discovery Router Adve
        NOTE: https://github.com/NetworkConfiguration/dhcpcd/issues/415
        NOTE: https://github.com/NetworkConfiguration/dhcpcd/commit/75289ca 
(v10.2.0)
 CVE-2026-14198 (@fastify/middie versions 9.1.0 through 9.3.2 decode the 
encoded slash  ...)
-       TODO: check
+       NOT-FOR-US: @fastify/middie
 CVE-2026-14181 (@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the 
URL nor ...)
-       TODO: check
+       NOT-FOR-US: @fastify/middie
 CVE-2026-13769 (Overly permissive file permissions in AWS CLI before 1.44.78 
(v1) and  ...)
        NOT-FOR-US: Amazon
 CVE-2026-13760 (OS command injection in the NodejsFunction Docker bundling 
pipeline (O ...)
@@ -684,11 +684,11 @@ CVE-2026-13602 (We found a chain of combining multiple 
weaknesses in the product
 CVE-2026-13454 (The MotoPress Appointment Booking plugin for WordPress is 
vulnerable t ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13323 (In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint 
serves  ...)
-       TODO: check
+       NOT-FOR-US: Open VSX Registry
 CVE-2026-13228 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13211 (The genucenter web interface before version 8.0p11 
unnecessarily expos ...)
-       TODO: check
+       NOT-FOR-US: genucenter
 CVE-2026-12754 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress 
is vuln ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12732 (The LearnPress plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
@@ -717,11 +717,11 @@ CVE-2026-12142 (The NEX-Forms \u2013 Ultimate Forms 
Plugin for WordPress plugin
 CVE-2026-11387 (The SMS Alert \u2013 SMS & OTP for WooCommerce, Order 
Notifications &  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-10540 (The Control-M/Enterprise Manager uses weak protections for 
stored hash ...)
-       TODO: check
+       NOT-FOR-US: Control-M
 CVE-2026-10539 (A Control-M/Server communication command does not sufficiently 
filter  ...)
-       TODO: check
+       NOT-FOR-US: Control-M
 CVE-2026-10538 (Messaging consumer functionality allows deserialization of 
user-contro ...)
-       TODO: check
+       NOT-FOR-US: Control-M
 CVE-2026-10096 (The Qi Blocks plugin for WordPress is vulnerable to Insecure 
Direct Ob ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-10095 (The WP Photo Album Plus plugin for WordPress is vulnerable to 
Stored C ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98597a5237e6c58483881b98c954dcdc6e092dbd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98597a5237e6c58483881b98c954dcdc6e092dbd
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to