Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
503079ce by security tracker role at 2026-07-09T07:14:15+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
CVE-2026-8801 (Path equivalence: vulnerability in Progress MOVEit Transfer
(File Uplo ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-8800 (Incorrect Authorization vulnerability in Progress MOVEit
Transfer (Aud ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-8651 (Limited authentication bypass by spoofing vulnerability in
Progress MO ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-8650 (Relative path traversal vulnerability in Progress MOVEit
Transfer (Adm ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-8649 (Improper Neutralization of Special Elements in Data Query Logic
vulner ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-8472 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-7492 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-6896 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-6352 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-60105 (Monsta FTP before 2.14.5 contains a server-side request
forgery vulner ...)
TODO: check
CVE-2026-60104 (Bitwarden Server before 2026.6.0 does not verify that the
email in a P ...)
TODO: check
CVE-2026-5923 (Malicious use of a stolen cookie might allow modifications to
the cont ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-5922 (The IP phone might use malicious input stored in configuration
paramet ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-5523 (The Divi Form Builder plugin for WordPress is vulnerable to
Missing Au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-59948 (Composer is a dependency Manager for the PHP language. Prior
to 2.2.29 ...)
TODO: check
CVE-2026-59947 (Composer is a dependency Manager for the PHP language. Prior
to 2.2.29 ...)
@@ -63,7 +63,7 @@ CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI
schemes in URL push
CVE-2026-59723 (Cline is an autonomous coding agent as an SDK, IDE extension,
or CLI a ...)
TODO: check
CVE-2026-58525 (Improper access control in Microsoft Edge (Chromium-based)
allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-58501 (Zeep is a Python SOAP client. From 4.0.0 before 4.3.3,
Settings.forbid ...)
TODO: check
CVE-2026-58494 (Wasmtime is a runtime for WebAssembly. Prior to 24.0.11,
36.0.12, 45.0 ...)
@@ -73,9 +73,9 @@ CVE-2026-58192 (Appium is a cross-platform automation
framework for all kinds of
CVE-2026-58191 (Appium is a cross-platform automation framework for all kinds
of apps, ...)
TODO: check
CVE-2026-57481 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-57480 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-56669 (Elysia is a Typescript framework for request validation, type
inferenc ...)
TODO: check
CVE-2026-55878 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0
before 2 ...)
@@ -85,7 +85,7 @@ CVE-2026-55877 (Symfony UX is a JavaScript ecosystem for
Symfony. From 2.17.0 be
CVE-2026-55849 (@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of
Materials ...)
TODO: check
CVE-2026-55778 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache
templates wi ...)
TODO: check
CVE-2026-55596 (Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0
until 5 ...)
@@ -163,7 +163,7 @@ CVE-2026-47828 (During bosh create-env and bosh delete-env,
the CLI uploads comp
CVE-2026-47826 (The blobs.yml path key traversal vulnerability in the BOSH CLI
tool al ...)
TODO: check
CVE-2026-47646 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45045 (Fiber is an Express inspired web framework written in Go.
Prior to 3.3 ...)
TODO: check
CVE-2026-44512 (Open Neural Network Exchange (ONNX) is an open standard for
machine le ...)
@@ -197,39 +197,39 @@ CVE-2026-35210 (OpenCTI is an open source platform for
managing cyber threat int
CVE-2026-31309 (Improper authorization in the /tequilapi/config/user endpoint
of Myste ...)
TODO: check
CVE-2026-15174 (Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0
to 4.6.6 ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15173 (pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows
denial of ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15172 (FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to
4.6.6 and 4. ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15171 (SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and
4.4.0 to ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15170 (Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6
and 4.4.0 ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15169 (UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6
and 4.4.0 ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15168 (BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to
4.4.16 allows ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15167 (DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6
and 4.4.0 ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15166 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to
4.6.6 and 4 ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15165 (TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows
denial of s ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15164 (Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows
denial of ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15163 (Multiple protocol dissector infinite loops in Wireshark 4.6.0
to 4.6.6 ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15154 (A flaw was found in `guardrails-detectors`, a component of Red
Hat Ope ...)
TODO: check
CVE-2026-15138 (A security vulnerability has been detected in tumf
mcp-text-editor up ...)
TODO: check
CVE-2026-15137 (A weakness has been identified in code-projects Interview
Management S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-15135 (A security flaw has been discovered in code-projects Online
Food Order ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-15134 (A vulnerability was determined in CodeAstro Simple Online
Leave Manage ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-15105 (A flaw has been found in davenardella snap7 up to 1.4.3. This
affects ...)
TODO: check
CVE-2026-14896 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a
cross-namespa ...)
@@ -241,29 +241,29 @@ CVE-2026-14373 (HashiCorp Nomad and Nomad Enterprise did
not enforce the allow_p
CVE-2026-14361 (The consul-template library before version 0.42.1 is
vulnerable to a p ...)
TODO: check
CVE-2026-13320 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-13151 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-12517 (The Fediverse Embeds WordPress plugin before 1.5.8 does not
validate t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12516 (The Fediverse Embeds WordPress plugin before 1.5.8 does not
validate t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12270 (The Everest Forms WordPress plugin before 3.5.0 does not
correctly re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11875 (The WP Support Plus Responsive Ticket System WordPress plugin
through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11869 (The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does
not perf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11827 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-11571 (The Everest Forms WordPress plugin before 3.5.0 does not
reliably del ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10037 (A sandbox escape vulnerability exists in the OpenJDK packages
provided ...)
TODO: check
CVE-2026-0288 (Multiple buffer overflow vulnerabilities in the User-ID
Terminal Serve ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-12506 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15112 (Use after free in Ozone in Google Chrome prior to
150.0.7871.115 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503079ce79a8ca055d5bf31993a82cc93cd2d873
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503079ce79a8ca055d5bf31993a82cc93cd2d873
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits