[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 10 20:14:17 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6ceff25 by security tracker role at 2026-06-10T19:14:11+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2026-9758 (Improper comparison with the certificates trusted list in S2OPC allows ...)
TODO: check
CVE-2026-9151 (An OS command injection vulnerability exists in the VPN module of TP-L ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-9045 (During an internal security assessment, a potential vulnerability was ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-9019 (The Easy Image Collage plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8853 (The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8637 (A potential uncontrolled search path vulnerability was reported in the ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-8613 (The aThemes Addons for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8335 (A missing authentication check on the Aix\u2011DB "/llm/process_llm_ou ...)
TODO: check
CVE-2026-7516 (A vulnerability was identified in the Lenovo Android Application, dist ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-6090 (A potential authentication bypass was reported in Lenovo Smart Connect ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-53698 (Silverpeas through 6.4.6 mishandles the "Personal space" feature that ...)
TODO: check
CVE-2026-53694 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
@@ -41,21 +41,21 @@ CVE-2026-53470 (A flaw was found in migration-planner. An authenticated attacker
CVE-2026-53469 (A flaw was found in migration-planner. An authenticated user can explo ...)
TODO: check
CVE-2026-53442 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt se ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53441 (Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.55 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53440 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure tha ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53439 (Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 an ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53438 (A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53437 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determin ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53436 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determin ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-53435 (In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-52759 (Ghidra before 12.1.1 contains an uncontrolled memory allocation vulner ...)
TODO: check
CVE-2026-52758 (Ghidra before 12.1 contains a SQL injection vulnerability in BSim filt ...)
@@ -121,7 +121,7 @@ CVE-2026-49496 (Ghidra before 12.1 contains a heap-use-after-free vulnerability
CVE-2026-49495 (Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption ...)
TODO: check
CVE-2026-49069 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48860 (Reliance on IP Address for Authentication vulnerability in Erlang/OTP ...)
TODO: check
CVE-2026-48859 (Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_aut ...)
@@ -143,13 +143,13 @@ CVE-2026-46618 (Fission is an open-source, Kubernetes-native serverless framewor
CVE-2026-46617 (Fission is an open-source, Kubernetes-native serverless framework that ...)
TODO: check
CVE-2026-46616 (Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2026-46614 (Fission is an open-source, Kubernetes-native serverless framework that ...)
TODO: check
CVE-2026-46612 (Fission is an open-source, Kubernetes-native serverless framework that ...)
TODO: check
CVE-2026-46609 (Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4. ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2026-46558 (Plane is an open-source project management tool. Prior to version 1.3. ...)
TODO: check
CVE-2026-46497 (Crawlee is a web scraping and browser automation library. From version ...)
@@ -185,45 +185,45 @@ CVE-2026-45549 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache a
CVE-2026-45062 (FrankenPHP is a modern application server for PHP. From version 1.11.2 ...)
TODO: check
CVE-2026-3018 (The Newsletters plugin for WordPress is vulnerable to time-based SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-25700 (Improper Restriction of Security Token Assignment vulnerability in Apa ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24067 (Slate Digital Connect 1.37.0 for macOS installs a privileged helper to ...)
TODO: check
CVE-2026-24066 (Slate Digital Connect 1.37.0 for macOS installs a privileged helper to ...)
TODO: check
CVE-2026-20260 (In Splunk SOAR (Security Orchestration, Automation, and Response) vers ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20259 (In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Clou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20258 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20257 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20256 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20255 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20254 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20253 (In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Clou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20252 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20251 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-11884 (A heap buffer overflow flaw was found in 389 Directory Server. When se ...)
TODO: check
CVE-2026-11859 (An HTML injection vulnerability in the "fetch links" email sent by Thi ...)
TODO: check
CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be susceptible ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2026-11596 (In ScreenConnect\u2122 versions prior to 26.2, input validation within ...)
TODO: check
CVE-2026-11417 (OS command injection in the NodejsFunction local bundling pipeline in ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-10740 (Unbounded memory allocation in the CRYPTO frame reassembler in s2n-qui ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-10721 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection viaunse ...)
TODO: check
CVE-2025-71330 (image-size through 2.0.2 contains a denial of service vulnerability th ...)
@@ -231,11 +231,11 @@ CVE-2025-71330 (image-size through 2.0.2 contains a denial of service vulnerabil
CVE-2025-71329 (image-size through 2.0.2 contains a denial of service vulnerability th ...)
TODO: check
CVE-2025-6254 (The Doctreat Core plugin for WordPress is vulnerable to Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10238 (During an internal security assessment, apotential out-of-bounds write ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-10237 (During an internal security assessment, a potential vulnerability was ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-58350 (Ghidra before 11.2 contains a use after free vulnerability in the Slei ...)
TODO: check
CVE-2026-XXXX [OnionShare follows symlinks in shared directories, allowing unintended disclosure of local files]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6ceff25bfc91364efe6e317e444c89ee3f51f14
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6ceff25bfc91364efe6e317e444c89ee3f51f14
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/81aa3616/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list