Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
503079ce by security tracker role at 2026-07-09T07:14:15+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
 CVE-2026-8801 (Path equivalence: vulnerability in Progress MOVEit Transfer 
(File Uplo ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8800 (Incorrect Authorization vulnerability in Progress MOVEit 
Transfer (Aud ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8651 (Limited authentication bypass by spoofing vulnerability in 
Progress MO ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8650 (Relative path traversal vulnerability in Progress MOVEit 
Transfer (Adm ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8649 (Improper Neutralization of Special Elements in Data Query Logic 
vulner ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8472 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-7492 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-6896 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-6352 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-60105 (Monsta FTP before 2.14.5 contains a server-side request 
forgery vulner ...)
        TODO: check
 CVE-2026-60104 (Bitwarden Server before 2026.6.0 does not verify that the 
email in a P ...)
        TODO: check
 CVE-2026-5923 (Malicious use of a stolen cookie might allow modifications to 
the cont ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2026-5922 (The IP phone might use malicious input stored in configuration 
paramet ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2026-5523 (The Divi Form Builder plugin for WordPress is vulnerable to 
Missing Au ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-59948 (Composer is a dependency Manager for the PHP language. Prior 
to 2.2.29 ...)
        TODO: check
 CVE-2026-59947 (Composer is a dependency Manager for the PHP language. Prior 
to 2.2.29 ...)
@@ -63,7 +63,7 @@ CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI 
schemes in URL push
 CVE-2026-59723 (Cline is an autonomous coding agent as an SDK, IDE extension, 
or CLI a ...)
        TODO: check
 CVE-2026-58525 (Improper access control in Microsoft Edge (Chromium-based) 
allows an u ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-58501 (Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, 
Settings.forbid ...)
        TODO: check
 CVE-2026-58494 (Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 
36.0.12, 45.0 ...)
@@ -73,9 +73,9 @@ CVE-2026-58192 (Appium is a cross-platform automation 
framework for all kinds of
 CVE-2026-58191 (Appium is a cross-platform automation framework for all kinds 
of apps, ...)
        TODO: check
 CVE-2026-57481 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-57480 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-56669 (Elysia is a Typescript framework for request validation, type 
inferenc ...)
        TODO: check
 CVE-2026-55878 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 
before 2 ...)
@@ -85,7 +85,7 @@ CVE-2026-55877 (Symfony UX is a JavaScript ecosystem for 
Symfony. From 2.17.0 be
 CVE-2026-55849 (@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of 
Materials  ...)
        TODO: check
 CVE-2026-55778 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache 
templates wi ...)
        TODO: check
 CVE-2026-55596 (Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 
until 5 ...)
@@ -163,7 +163,7 @@ CVE-2026-47828 (During bosh create-env and bosh delete-env, 
the CLI uploads comp
 CVE-2026-47826 (The blobs.yml path key traversal vulnerability in the BOSH CLI 
tool al ...)
        TODO: check
 CVE-2026-47646 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-45045 (Fiber is an Express inspired web framework written in Go. 
Prior to 3.3 ...)
        TODO: check
 CVE-2026-44512 (Open Neural Network Exchange (ONNX) is an open standard for 
machine le ...)
@@ -197,39 +197,39 @@ CVE-2026-35210 (OpenCTI is an open source platform for 
managing cyber threat int
 CVE-2026-31309 (Improper authorization in the /tequilapi/config/user endpoint 
of Myste ...)
        TODO: check
 CVE-2026-15174 (Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 
to 4.6.6  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15173 (pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows 
denial of  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15172 (FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 
4.6.6 and 4. ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15171 (SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 
4.4.0 to  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15170 (Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 
and 4.4.0  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15169 (UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 
and 4.4.0 ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15168 (BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 
4.4.16 allows ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15167 (DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 
and 4.4.0 ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15166 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 
4.6.6 and 4 ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15165 (TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows 
denial of s ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15164 (Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows 
denial of ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15163 (Multiple protocol dissector infinite loops in Wireshark 4.6.0 
to 4.6.6 ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15154 (A flaw was found in `guardrails-detectors`, a component of Red 
Hat Ope ...)
        TODO: check
 CVE-2026-15138 (A security vulnerability has been detected in tumf 
mcp-text-editor up  ...)
        TODO: check
 CVE-2026-15137 (A weakness has been identified in code-projects Interview 
Management S ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-15135 (A security flaw has been discovered in code-projects Online 
Food Order ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-15134 (A vulnerability was determined in CodeAstro Simple Online 
Leave Manage ...)
-       TODO: check
+       NOT-FOR-US: CodeAstro
 CVE-2026-15105 (A flaw has been found in davenardella snap7 up to 1.4.3. This 
affects  ...)
        TODO: check
 CVE-2026-14896 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a 
cross-namespa ...)
@@ -241,29 +241,29 @@ CVE-2026-14373 (HashiCorp Nomad and Nomad Enterprise did 
not enforce the allow_p
 CVE-2026-14361 (The consul-template library before version 0.42.1 is 
vulnerable to a p ...)
        TODO: check
 CVE-2026-13320 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-13151 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-12517 (The Fediverse Embeds WordPress plugin before 1.5.8 does not 
validate t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12516 (The Fediverse Embeds WordPress plugin before 1.5.8 does not 
validate t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12270 (The Everest Forms  WordPress plugin before 3.5.0 does not 
correctly re ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11875 (The WP Support Plus Responsive Ticket System WordPress plugin 
through  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11869 (The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does 
not perf ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11827 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-11571 (The Everest Forms  WordPress plugin before 3.5.0 does not 
reliably del ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10037 (A sandbox escape vulnerability exists in the OpenJDK packages 
provided ...)
        TODO: check
 CVE-2026-0288 (Multiple buffer overflow vulnerabilities in the User-ID 
Terminal Serve ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2025-12506 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
-       TODO: check
+       NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15112 (Use after free in Ozone in Google Chrome prior to 
150.0.7871.115 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503079ce79a8ca055d5bf31993a82cc93cd2d873

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503079ce79a8ca055d5bf31993a82cc93cd2d873
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to