Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56e70a81 by security tracker role at 2026-07-06T19:14:45+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2026-9182 (ArcGIS Server contains an unrestricted file upload
vulnerability. An u ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2026-9181 (ArcGIS Server contains a directory traversal vulnerability. An
unauth ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2026-9165 (A flaw was found in Red Hat Advanced Cluster Security for
Kubernetes ( ...)
TODO: check
CVE-2026-7185 (A validation vulnerability has been identified in certain web
features ...)
TODO: check
CVE-2026-6901 (Untrusted Search Path vulnerability in B&R Industrial
Automation GmbH ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2026-6900 (Improper certificate validation vulnerability in B&R Industrial
Automa ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2026-6382 (The FileOrganizer WordPress plugin before 1.1.9, Advanced File
Manage ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5268 (An authentication bypass vulnerability exists in the default
SFTP serv ...)
TODO: check
CVE-2026-59196 (pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a
crafted lock ...)
@@ -55,57 +55,57 @@ CVE-2026-54059 (Pillow is a Python imaging library. Prior
to 12.3.0, PIL/PcfFont
CVE-2026-53913 (Improper Authentication, Missing Authentication for Critical
Function, ...)
TODO: check
CVE-2026-4249 (The throttling event handling mechanism in multiple WSO2
products acce ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2026-49365 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49099 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
TODO: check
CVE-2026-49098 (Improper Input Validation, Improper Neutralization of Special
Elements ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49097 (Improper Input Validation, Improper Neutralization of Special
Elements ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49086 (Improper Input Validation, Unintended Proxy or Intermediary
('Confused ...)
TODO: check
CVE-2026-49042 (Improper Input Validation vulnerability in Apache Camel. This
issue a ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-48614 (An improper authorization vulnerability in the Plesk XML API
allows an ...)
TODO: check
CVE-2026-48316 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48206 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
TODO: check
CVE-2026-48205 (Improper Input Validation, Server-Side Request Forgery (SSRF)
vulnerab ...)
TODO: check
CVE-2026-48204 (Improper Input Validation, Improper Access Control
vulnerability in Ap ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-48203 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46726 (Improper Input Validation, Exposure of Sensitive Information
to an Una ...)
TODO: check
CVE-2026-46592 (Improper Input Validation, Unintended Proxy or Intermediary
('Confused ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46591 (Improper Neutralization of Special Elements in Data Query
Logic vulner ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46590 (Deserialization of Untrusted Data vulnerability in Apache
Camel PQC co ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46588 (Improper Input Validation vulnerability in Apache Camel. This
issue a ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46587 (Improper Input Validation vulnerability in Apache Camel. This
issue a ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46585 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
TODO: check
CVE-2026-46584 (Improper Input Validation, Exposure of Sensitive Information
to an Una ...)
TODO: check
CVE-2026-46457 (Improper Input Validation vulnerability in Apache Camel NATS
component ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46456 (Improper Input Validation vulnerability in Apache Camel
AWS2-SQS Compo ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46455 (Insufficient Session Expiration vulnerability in Apache Camel
Keycloak ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46454 (Improper Input Validation vulnerability in Apache Camel Cometd
Compone ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-46453 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44937 (Potential forgery of webhook requests when using a
unauthenticated web ...)
TODO: check
CVE-2026-44936 (Missing filtering when the helmRepoURLRegex field isn't set on
a GitRe ...)
@@ -113,39 +113,39 @@ CVE-2026-44936 (Missing filtering when the
helmRepoURLRegex field isn't set on a
CVE-2026-44934 (A information disclosure when DEBUG loglevel is set in SUSE
Rancher AI ...)
TODO: check
CVE-2026-43867 (Deserialization of Untrusted Data vulnerability in Apache
Camel PQC Co ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-43866 (Deserialization of Untrusted Data vulnerability in Apache
Camel, Apach ...)
TODO: check
CVE-2026-43865 (Deserialization of Untrusted Data vulnerability in Apache
Camel Hazelc ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-43825 (Untrusted Java Deserialization in Apache OpenNLP
SvmDoccatModel Versi ...)
TODO: check
CVE-2026-42527 (Deserialization of Untrusted Data vulnerability in Apache
Camel. The ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-41434 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
TODO: check
CVE-2026-40859 (Deserialization of Untrusted Data vulnerability in Apache
Camel. The ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-40257 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
TODO: check
CVE-2026-40141 (A high-severity vulnerability exists in a web application
component of ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2026-40140 (BeyondTrust Remote Support and Privileged Remote Access
contain a high ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2026-40139 (A critical pre-authentication vulnerability exists in the
authenticati ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2026-40138 (A critical pre-authentication vulnerability exists in the
authenticati ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2026-40047 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24014 (Apache IoTDB DataNode\u2019s internal RPC interface for
creating Trigg ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24013 (Authentication Bypass by Spoofing vulnerability in Apache
IoTDB. Certa ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24012 (Uncontrolled Resource Consumption vulnerability in Apache
IoTDB. Some ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-1433 (uniFLOW Universal Login Manager (ULM) Standalone contains an
informati ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-14809 (Prog Management System developed by PROG MIS has a SQL
Injection vulne ...)
TODO: check
CVE-2026-14808 (Prog Management System developed by PROG MIS has a Exposure
of Sensi ...)
@@ -163,19 +163,19 @@ CVE-2026-13753 (A missing authorization vulnerability
exists in the embedded web
CVE-2026-12686 (An authenticated user could manipulate a company ID parameter
in a POS ...)
TODO: check
CVE-2026-12154 (The Reviews Widgets for Google, Yelp & TripAdvisor plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12083 (The Admin and Site Enhancements (ASE) WordPress plugin before
8.8.4, a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11962 (The FileOrganizer WordPress plugin before 1.2.0 does not
validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11855 (The Simple Membership WordPress plugin before 4.7.5 does not
verify th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11766 (The Ultimate Member WordPress plugin before 2.12.0 does not
properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10830 (The AllCoach WordPress plugin before 1.0.2 does not verify
that an em ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8591 (The software accepts user-supplied input via a URL parameter
without a ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-53831 (DrawIO for ownCloud is an application for using DrawIO with
the file s ...)
TODO: check
CVE-2025-53830 (Anti-Virus for ownCloud is an anti-virus application for file
storage, ...)
@@ -191,7 +191,7 @@ CVE-2025-15668 (A vulnerability was identified in GPAC up
to b40ce70f5. This iss
CVE-2025-15667 (A vulnerability was determined in GPAC up to 2.5-DEV. This
vulnerabili ...)
TODO: check
CVE-2024-6228 (The Notifications for Forms & WordPress Actions WordPress
plugin befor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-XXXX [RUSTSEC-2026-0190]
- rust-anyhow <unfixed> (bug #1141593)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0190.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56e70a81138e515203c7cbe23e679ad2fc23ba66
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56e70a81138e515203c7cbe23e679ad2fc23ba66
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits