[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 11 20:14:29 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
27b375f0 by security tracker role at 2026-06-11T19:14:23+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,11 +11,11 @@ CVE-2026-8464 (Golem OEE MES is vulnerable to an unauthenticated path traversal
CVE-2026-8406 (openSIS Classic 9.3 contains an insecure direct object reference vulne ...)
TODO: check
CVE-2026-7870 (IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7852 (Unrestricted upload of file with dangerous type vulnerability in Limat ...)
TODO: check
CVE-2026-7787 (IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7250 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-6976 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -85,7 +85,7 @@ CVE-2026-52858 (Vim is an open source, command line text editor. Prior to versio
CVE-2026-52726 (Dulwich is a pure-Python implementation of the Git file formats and pr ...)
TODO: check
CVE-2026-50223 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50131 (Fedify is a TypeScript library for building federated server apps powe ...)
TODO: check
CVE-2026-50127 (Weblate is a web based localization tool. From version 5.15 to before ...)
@@ -93,7 +93,7 @@ CVE-2026-50127 (Weblate is a web based localization tool. From version 5.15 to b
CVE-2026-4764 (A Missing Authorization vulnerability in the playbook import functiona ...)
TODO: check
CVE-2026-4096 (IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injec ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-49982 (tmp is a temporary file and directory creator for node.js. In version ...)
TODO: check
CVE-2026-49219 (ImageMagick is free and open-source software used for editing and mani ...)
@@ -121,7 +121,7 @@ CVE-2026-48107 (Russh is a Rust SSH client & server library. From version 0.37.0
CVE-2026-48011 (Shopware is an open commerce platform. Prior to versions 6.6.10.18 and ...)
TODO: check
CVE-2026-47342 (A privilege escalation vulnerability in Apache OFBiz allows a low-priv ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-47250 (mcp-server-kubernetes is a Model Context Protocol server for Kubernete ...)
TODO: check
CVE-2026-47213 (Boxlite is a sandbox service that allows users to create lightweight v ...)
@@ -199,11 +199,11 @@ CVE-2026-45384 (bit7z is a cross-platform C++ static library that allows the com
CVE-2026-45380 (bit7z is a cross-platform C++ static library that allows the compressi ...)
TODO: check
CVE-2026-45178 (Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit im ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-45177 (Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-45176 (Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-45106 (Weblate is a web based localization tool. Prior to version 2026.5, Web ...)
TODO: check
CVE-2026-44705 (tmp is a temporary file and directory creator for node.js. Prior to 0. ...)
@@ -245,7 +245,7 @@ CVE-2026-41700 (Spring for GraphQL applications that have enabled the WebSocket
CVE-2026-41699 (Spring for GraphQL applications are vulnerable to Unsafe Deserializati ...)
TODO: check
CVE-2026-41001 (Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41000 (Wss4jSecurityInterceptor did not consistently wire Apache WSS4J Replay ...)
TODO: check
CVE-2026-40999 (When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addre ...)
@@ -261,7 +261,7 @@ CVE-2026-40995 (X509AuthenticationProvider could issue a fully authenticated X50
CVE-2026-40994 (Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Prof ...)
TODO: check
CVE-2026-40992 (Spring Boot's Mail auto-configuration does not enable hostname verific ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40987 (A malicious or compromised FTP/SFTP/SMB server can write arbitrary fil ...)
TODO: check
CVE-2026-40986 (Spring Web Flow's JavaScript RemotingHandler renders the body of an er ...)
@@ -271,15 +271,15 @@ CVE-2026-40985 (Applications that configure the WebFlowELExpressionParser are vu
CVE-2026-3553 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3329 (A remote unauthenticated attacker may be able to conduct credential-gu ...)
- TODO: check
+ NOT-FOR-US: Sonatype
CVE-2026-38581 (SQL Injection vulnerability in damasac thaipalliative_lte through vers ...)
TODO: check
CVE-2026-35273 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-2827 (The Open User Map PRO plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1500 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-11986 (A flaw was found in the admin-ui-ext component of Keycloak, which prov ...)
@@ -301,9 +301,9 @@ CVE-2026-11604 (An incorrect buffer size calculation in the epoch key generator
CVE-2026-11561 (Improper neutralization of special elements used in an expression lang ...)
TODO: check
CVE-2026-10847 (A local privilege escalation vulnerability exists in Check Point Ident ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-10795 (The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10733 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-10142 (kafka-python prior to 2.3.2 contains a denial-of-service vulnerability ...)
@@ -311,63 +311,63 @@ CVE-2026-10142 (kafka-python prior to 2.3.2 contains a denial-of-service vulnera
CVE-2026-10087 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-0274 (An improper validation of credentials vulnerability in the CommvaultSe ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0273 (A command injection vulnerability in Palo Alto Networks PAN-OS\xae sof ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0272 (A privilege escalation vulnerability in Palo Alto Networks PAN-OS\xae ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0271 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Pr ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0270 (A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engi ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0269 (A memory corruption vulnerability in the processing of tunnel traffic ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0268 (A security control bypass vulnerability in Prisma Access Agent for Lin ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0267 (An information exposure vulnerability in the Palo Alto Networks Global ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0266 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-7064 (Authentication bypass by primary weakness vulnerability in ABB Freelan ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-46315 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46313 (A logging issue was addressed with improved data redaction. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46308 (An authorization issue was addressed with improved state management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46293 (This issue was addressed with improved handling of symlinks. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43339 (An access issue was addressed with additional sandbox restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43278 (This issue was addressed with improved handling of symlinks. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-31272 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30459 (A privacy issue was addressed by removing the vulnerable code. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-30431 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24284 (This issue was addressed with improved checks to prevent unauthorized ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24268 (A parsing issue in the handling of directory paths was addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-24165 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-45636 (IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-32110 (Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpE ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-21944 (Improper input validation for DIMM serial presence detect (SPD) metada ...)
TODO: check
CVE-2023-40200 (Authorization bypass through User-Controlled key vulnerability in Esse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2023-33999 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2023-32959 (Missing Authorization vulnerability in Sparkle WP MetroStore metrostor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-48575 (A person with access to a Mac may be able to bypass Login Window. A co ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-10143 (kafka-python prior to 2.3.2 contains a denial-of-service vulnerability ...)
- python-kafka <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487722
@@ -364668,7 +364668,7 @@ CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare
CVE-2023-25970 (Unrestricted Upload of File with Dangerous Type vulnerability in Zendr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25969 (Missing Authorization vulnerability in ThemeHunk Contact Form & Lead F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...)
@@ -381169,7 +381169,7 @@ CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC C
CVE-2022-47151 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47150 (Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF In ...)
@@ -385381,7 +385381,7 @@ CVE-2022-45815 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixTheme
CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen W ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45813 (Missing Authorization vulnerability in BeRocket Advanced AJAX Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45811 (Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issu ...)
@@ -389974,7 +389974,7 @@ CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1ap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44630 (Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-44629 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cata ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jump ...)
@@ -394858,7 +394858,7 @@ CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One S
CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galax ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42479 (Missing Authorization vulnerability in TemplateHouse Soledad allows Ac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inAdeel Ahmed'sI ...)
NOT-FOR-US: Adeel Ahmed's IP Blacklist
CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google Authenticat ...)
@@ -442399,7 +442399,7 @@ CVE-2022-26760 (A memory corruption issue was addressed with improved state mana
CVE-2022-26759
RESERVED
CVE-2022-26758 (A malicious application may cause unexpected changes in memory shared ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26757 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2022-26756 (An out-of-bounds write issue was addressed with improved input validat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b375f0d85149aced6fddda2ebf321143f6abb5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b375f0d85149aced6fddda2ebf321143f6abb5
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/d30204d7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list