[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 10 08:13:59 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb68e3cd by security tracker role at 2026-06-10T07:13:53+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,11 +27,11 @@ CVE-2026-9740 (A vulnerability in MongoDB Server's BSON validation logic allows
CVE-2026-9735 (MongoDB server may log authentication parameters, including credential ...)
TODO: check
CVE-2026-9067 (The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9060 (The Store Locator WordPress plugin before 1.6.6 does not sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8071 (The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6445 (A flaw exists in FlashArray Purity where insufficient filtering of cer ...)
TODO: check
CVE-2026-6444 (A flaw exists in the FlashArray Purity management interface where an a ...)
@@ -43,89 +43,89 @@ CVE-2026-53674 (BuddyPress 14.4.0 contains a regular expression injection vulner
CVE-2026-53673 (BuddyPress 14.4.0 contains an insecure direct object reference vulnera ...)
TODO: check
CVE-2026-48306 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48305 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48303 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48292 (Format Plugins versions 1.1.2 and earlier are affected by a Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48291 (Format Plugins versions 1.1.2 and earlier are affected by a Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47961 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47960 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47959 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47955 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47952 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47938 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47937 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47933 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stor ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47932 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47931 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47930 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47929 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Inc ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47928 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47926 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47925 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47924 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47923 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47921 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47920 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47919 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47918 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47917 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47916 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47915 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47914 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47913 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47912 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47911 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47910 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Incor ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47909 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47908 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Acces ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47907 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47906 (Dreamweaver Desktop versions 21.7 and earlier are affected by a Depend ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47905 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47904 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47903 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47902 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47838 (SubjectDnX509PrincipalExtractor does not correctly handle certain malf ...)
TODO: check
CVE-2026-47106 (Ellucian Banner Self-Service before the April T2 release (2025-04-23) ...)
@@ -147,7 +147,7 @@ CVE-2026-46539 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake proto
CVE-2026-46532 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
TODO: check
CVE-2026-46518 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-46517 (LMDeploy is a toolkit for compressing, deploying, and serving large la ...)
TODO: check
CVE-2026-46491 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in t ...)
@@ -231,19 +231,19 @@ CVE-2026-40991 (When using spring-restdocs-webtestclient or spring-restdocs-rest
CVE-2026-40988 (An application using spring-security-saml2-service-provider and the RE ...)
TODO: check
CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-34713 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34712 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34711 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34710 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34709 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34657 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34417 (OSCAL-GUI contains a reflected cross-site scripting vulnerability that ...)
TODO: check
CVE-2026-34416 (OSCAL-GUI contains a reflected cross-site scripting vulnerability that ...)
@@ -251,37 +251,37 @@ CVE-2026-34416 (OSCAL-GUI contains a reflected cross-site scripting vulnerabilit
CVE-2026-32856 (Ellucian Banner Self-Service before the April T2 release (2025-04-23) ...)
TODO: check
CVE-2026-29116 (A vulnerability has been found in some Dahua products could allow an u ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2026-29115 (A vulnerability has been found in some Dahua products could allow an a ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2026-29114 (A vulnerability has been found in some Dahua products. An attacker may ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2026-26241 (A buffer overflow vulnerability has been reported to affect File Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-26240 (A buffer overflow vulnerability has been reported to affect File Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-26239 (A buffer overflow vulnerability has been reported to affect File Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-26237 (A missing authorization vulnerability has been reported to affect QuMa ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-25860 (OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulne ...)
TODO: check
CVE-2026-25557 (Evoluted PHP Directory Listing Script through 4.0.5 contains a reflect ...)
TODO: check
CVE-2026-24724 (An incorrect authorization vulnerability has been reported to affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24720 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24719 (A command injection vulnerability has been reported to affect several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24717 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24716 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-22899 (A NULL pointer dereference vulnerability has been reported to affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-22893 (A command injection vulnerability has been reported to affect several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-11837 (A local privilege escalation vulnerability was found in the ansible.po ...)
TODO: check
CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based buffer overflow vulnerabili ...)
@@ -289,7 +289,7 @@ CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based buffer overflow vulne
CVE-2026-11822 (SQLite before 3.53.2 contains memory corruption vulnerabilities in the ...)
TODO: check
CVE-2026-11815 (An attacker who intercepts and tampers with traffic between the client ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2026-11799 (UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was ...)
TODO: check
CVE-2026-10846 (NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in ...)
@@ -297,27 +297,27 @@ CVE-2026-10846 (NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when u
CVE-2026-10238
REJECTED
CVE-2025-8444 (The Animation Addons for Elementor \u2013 GSAP Powered Elementor Addon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-71319 (image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial ...)
TODO: check
CVE-2025-66281 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66280 (An integer overflow or wraparound vulnerability has been reported to a ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66279 (A command injection vulnerability has been reported to affect several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66276 (QuTS hero is not affected. We have already fixed the vulnerability in ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66273 (A command injection vulnerability has been reported to affect several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62851 (A path traversal vulnerability has been reported to affect License Cen ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62850 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not affected. We have already fixed the ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-11526
- libgd-perl <unfixed>
NOTE: Fixed by: https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210 (v2.86)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb68e3cd1437fa8102f75a5cdfb6947fdde013ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb68e3cd1437fa8102f75a5cdfb6947fdde013ef
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/abeaa3b8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list