Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98597a52 by Moritz Muehlenhoff at 2026-07-02T16:15:52+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -76,9 +76,9 @@ CVE-2026-54756 (Jodit Editor is a WYSIWYG editor with written
in pure TypeScript
CVE-2026-54720 (Silverstripe Framework is a PHP framework which powers the
Silverstrip ...)
NOT-FOR-US: Silverstripe Framework
CVE-2026-54712 (OpenTelemetry Java Instrumentation provides OpenTelemetry
auto-instrum ...)
- TODO: check
+ NOT-FOR-US: opentelemetry-javaagent
CVE-2026-54704 (OpenTelemetry Java Instrumentation provides OpenTelemetry
auto-instrum ...)
- TODO: check
+ NOT-FOR-US: opentelemetry-javaagent
CVE-2026-54263 (Wagtail is an open source content management system built on
Django. I ...)
NOT-FOR-US: Wagtail
CVE-2026-54262 (Wagtail is an open source content management system built on
Django. I ...)
@@ -110,7 +110,7 @@ CVE-2026-50279 (Craft CMS is a content management system
(CMS). IN versions 5.0.
CVE-2026-49858 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
NOT-FOR-US: API Platform Core
CVE-2026-38891 (An improper input validation in the gazebo_ros_diff_drive.cpp
componen ...)
- TODO: check
+ NOT-FOR-US: gazebo-plugins
CVE-2026-36912 (A NULL pointer dereference in the
AP4_AtomSampleTable::GetSample() fun ...)
NOT-FOR-US: MPC-BE
CVE-2026-36911 (A division-by-zero vulnerability in the
CStreamSwitcherOutputPin::Deci ...)
@@ -521,9 +521,9 @@ CVE-2026-51947 (An issue in Pivotal CRM 6.6.4.08 and
systems using patch-ghi-153
CVE-2026-51946 (SQL Injection vulnerability in GoAdminGroup GoAdmin (last
release v1.2 ...)
NOT-FOR-US: GoAdminGroup GoAdmin
CVE-2026-50043 (Improper neutralization of special elements used in an OS
command ('OS ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2026-49119 (Gradio before 6.16.0 contain a path traversal vulnerability in
the Fil ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2026-49091 (Improper Output Neutralization for Logs (CWE-117) in Kibana
can lead t ...)
- kibana <itp> (bug #700337)
CVE-2026-49090 (Uncontrolled Resource Consumption (CWE-400) in Elasticsearch
can lead ...)
@@ -531,7 +531,7 @@ CVE-2026-49090 (Uncontrolled Resource Consumption (CWE-400)
in Elasticsearch can
CVE-2026-49088 (Insertion of Sensitive Information into Log File (CWE-532) in
Kibana c ...)
- kibana <itp> (bug #700337)
CVE-2026-49087 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Kiba ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2026-46680 (containerd is an open-source container runtime. In versions
prior to 1 ...)
TODO: check
CVE-2026-41121 (Dell Device Management Agent, versions prior to DDMA 26.05,
contain an ...)
@@ -647,7 +647,7 @@ CVE-2026-20213 (A vulnerability in the PE file format
parser of ClamAV could all
[trixie] - clamav <no-dsa> (clamav is updated via -updates)
NOTE:
https://blog.clamav.net/2026/07/clamav-153-and-145-security-patch.html
CVE-2026-20191 (A vulnerability in Cisco Catalyst Center could allow an
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-14358 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2026-14330 (Multiple unbounded alloca() calls in the PulseAudio protocol
server.)
@@ -664,9 +664,9 @@ CVE-2026-14258 (A flaw was found in dhcpcd's IPv6 Neighbor
Discovery Router Adve
NOTE: https://github.com/NetworkConfiguration/dhcpcd/issues/415
NOTE: https://github.com/NetworkConfiguration/dhcpcd/commit/75289ca
(v10.2.0)
CVE-2026-14198 (@fastify/middie versions 9.1.0 through 9.3.2 decode the
encoded slash ...)
- TODO: check
+ NOT-FOR-US: @fastify/middie
CVE-2026-14181 (@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the
URL nor ...)
- TODO: check
+ NOT-FOR-US: @fastify/middie
CVE-2026-13769 (Overly permissive file permissions in AWS CLI before 1.44.78
(v1) and ...)
NOT-FOR-US: Amazon
CVE-2026-13760 (OS command injection in the NodejsFunction Docker bundling
pipeline (O ...)
@@ -684,11 +684,11 @@ CVE-2026-13602 (We found a chain of combining multiple
weaknesses in the product
CVE-2026-13454 (The MotoPress Appointment Booking plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13323 (In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint
serves ...)
- TODO: check
+ NOT-FOR-US: Open VSX Registry
CVE-2026-13228 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13211 (The genucenter web interface before version 8.0p11
unnecessarily expos ...)
- TODO: check
+ NOT-FOR-US: genucenter
CVE-2026-12754 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress
is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12732 (The LearnPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
@@ -717,11 +717,11 @@ CVE-2026-12142 (The NEX-Forms \u2013 Ultimate Forms
Plugin for WordPress plugin
CVE-2026-11387 (The SMS Alert \u2013 SMS & OTP for WooCommerce, Order
Notifications & ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10540 (The Control-M/Enterprise Manager uses weak protections for
stored hash ...)
- TODO: check
+ NOT-FOR-US: Control-M
CVE-2026-10539 (A Control-M/Server communication command does not sufficiently
filter ...)
- TODO: check
+ NOT-FOR-US: Control-M
CVE-2026-10538 (Messaging consumer functionality allows deserialization of
user-contro ...)
- TODO: check
+ NOT-FOR-US: Control-M
CVE-2026-10096 (The Qi Blocks plugin for WordPress is vulnerable to Insecure
Direct Ob ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10095 (The WP Photo Album Plus plugin for WordPress is vulnerable to
Stored C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98597a5237e6c58483881b98c954dcdc6e092dbd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98597a5237e6c58483881b98c954dcdc6e092dbd
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits