Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
550ab1a3 by security tracker role at 2026-07-15T19:14:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -77,9 +77,9 @@ CVE-2026-61841
CVE-2026-61839
REJECTED
CVE-2026-61836 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2026-61835 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2026-61829
REJECTED
CVE-2026-61828 (Nixpkgs is a collection of software packages that can be
installed wit ...)
@@ -151,17 +151,17 @@ CVE-2026-59955 (Apollo is a reliable configuration
management system suitable fo
CVE-2026-59954 (Apollo is a reliable configuration management system suitable
for micr ...)
TODO: check
CVE-2026-59838 (A improper neutralization of script-related html tags in a web
page (b ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-59762 (When an HTTP/2 profile is configured on a virtual server,
undisclosed ...)
TODO: check
CVE-2026-59259 (n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a
permission ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-59258 (immich before 3.0.3 contains a broken access control
vulnerability in ...)
TODO: check
CVE-2026-59255 (BloodHound through 9.4.0, fixed in commit 8f79035, contains a
missing ...)
TODO: check
CVE-2026-59254 (n8n before 2.28.1 contains an information disclosure
vulnerability whe ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-59236 (Authorization Bypass Through User-Controlled Key (CWE-639) in
the Exce ...)
TODO: check
CVE-2026-59235 (Missing Authorization (CWE-862) in BankAccountListController
(app/Http ...)
@@ -175,45 +175,45 @@ CVE-2026-58658 (GPUStack through 2.2.1, fixed in commit
4e20551, contains an una
CVE-2026-58655 (The bundled Grav Flex Objects plugin
(getgrav/grav-plugin-flex-objects ...)
TODO: check
CVE-2026-58559 (DoS vulnerability in the vibration service.Impact: Successful
exploita ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58558 (Permission control vulnerability in the file system.Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58557 (Design defect vulnerability in Expedition mode.Impact:
Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58556 (Permission control vulnerability in the Bluetooth
module.Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58555 (Permission bypass vulnerability in the card module.Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58554 (Permission control vulnerability in the Settings
module.Impact: Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58553 (Out-of-bounds read vulnerability in the image codec
module.Impact: Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58552 (Out-of-bounds read vulnerability in the image codec
module.Impact: Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58551 (Out-of-bounds read vulnerability in the image codec
module.Impact: Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58550 (Out-of-bounds read vulnerability in the image codec module.
Impact: Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58549 (Out-of-bounds read vulnerability in the image codec module.
Impact: Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-58077 (The Joomla extension 4Analytics is vulnerable to an
unauthenticated st ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-57996 (phpMyFAQ before 4.1.5 contains a privilege escalation
vulnerability in ...)
TODO: check
CVE-2026-57833 (The Joomla extension 4Analytics is vulnerable to an
unauthenticated st ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-57832 (The Joomla extension EDocman is vulnerable to an
unauthenticated SQL i ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-57831 (The Joomla extension DP Calendar is vulnerable to an
unauthenticated S ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-57821 (A SQL Injection vulnerability exists in Apache Fineract's
Office Searc ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-56764 (Hono before 4.11.10 contains a timing attack vulnerability in
the basi ...)
TODO: check
CVE-2026-56699 (Wazuh Manager before 5.0.0-beta3 fails to escape the
DataValue.index f ...)
TODO: check
CVE-2026-56687 (Dell ThinOS 10, versions prior to 2605_10.2100, contain an
Obsolete Fe ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-56434 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
TODO: check
CVE-2026-56400 (open-webui before 0.3.14 contains a cross-origin resource
sharing misc ...)
@@ -223,19 +223,19 @@ CVE-2026-56398 (Open WebUI before 0.9.5 contains a stored
cross-site scripting v
CVE-2026-56375 (ImageMagick through 7.1.2-18 contains a memory leak
vulnerability in t ...)
TODO: check
CVE-2026-56353 (n8n contains an authentication bypass in the Chat Trigger node
when co ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56352 (n8n before 2.19.3 contains a file path restriction bypass in
the legac ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56349 (n8n before version 2.10.0 contains an input validation
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56339 (Capgo (Cap-go/capgo) before 12.128.2 contains an information
disclosur ...)
TODO: check
CVE-2026-56287 (A boolean-based SQL Injection vulnerability exists in Apache
Fineract' ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-56087 (Dell ThinOS 10, versions prior to 2605_10.2100 contain a
Protection Me ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-55723 (When NGINX Ingress Controller is configured with Custom
Resource Defin ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-55242 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
TODO: check
CVE-2026-54563 (Cloudreve is a self-hosted file management and sharing system.
Prior t ...)
@@ -261,7 +261,7 @@ CVE-2026-53513 (Better Auth is an authentication and
authorization library for T
CVE-2026-53512 (Better Auth is an authentication and authorization library for
TypeScr ...)
TODO: check
CVE-2026-52865 (When NGINX Ingress Controller processes Ingress or
TransportServer res ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-52843 (Lightpanda is a headless browser designed for AI and
automation. Prior ...)
TODO: check
CVE-2026-52842 (Lightpanda is a headless browser designed for AI and
automation. Prior ...)
@@ -279,7 +279,7 @@ CVE-2026-49988 (Repomix is a tool that packs repositories
into AI-friendly files
CVE-2026-49987 (Repomix is a tool that packs repositories into AI-friendly
files. Prio ...)
TODO: check
CVE-2026-49501 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and
versions ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-48799 (Postiz is an AI social media scheduling tool. Prior to 2.21.8,
Postiz ...)
TODO: check
CVE-2026-47703 (AdGuard Home is a network-wide software for blocking ads and
tracking. ...)
@@ -319,31 +319,31 @@ CVE-2026-42533 (A vulnerability exists in NGINX Plus and
NGINX Open Source when
CVE-2026-41580 (Stirling-PDF is a locally hosted web application that
facilitates vari ...)
TODO: check
CVE-2026-40633 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7,
versions 9.11 ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-40501 (Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit
1518530, ...)
TODO: check
CVE-2026-35152 (A SQL Injection vulnerability exists in Apache Fineract's
Report Execu ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-33213 (Redash is a package for data visualization and sharing. From
5.0.2 to ...)
TODO: check
CVE-2026-20298 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8,
and 9.4.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20297 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8,
9.4.13, an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20296 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8,
and 9.4.13 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20187 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20158 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20157 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20156 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20153 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20150 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20146 (A vulnerability in Cisco Identity Services Engine (ISE) and
Cisco ISE ...)
TODO: check
CVE-2026-1563 (Pega Platform versions 8.1.0 through 25.1.2 are affected by an
Reflect ...)
@@ -357,7 +357,7 @@ CVE-2026-15804 (The HCM developed by MetaGuru has a SQL
Injection vulnerability.
CVE-2026-15779 (A flaw was found in samba's pam_winbind. When mkhomedir is
enabled, pa ...)
TODO: check
CVE-2026-15746 (Strands Agents is an open-source Python SDK for building and
running A ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-15583 (A confused-deputy flaw in Grafana MCP Server allows an
unauthenticated ...)
TODO: check
CVE-2026-14961 (Pegatron `Tdelo64.sys` exposes a privileged device interface,
`\\.\Tde ...)
@@ -365,13 +365,13 @@ CVE-2026-14961 (Pegatron `Tdelo64.sys` exposes a
privileged device interface, `\
CVE-2026-14960 (Pegatron `Tdelo64.sys` improperly exposes privileged hardware
access f ...)
TODO: check
CVE-2026-14251 (A flaw was found in the OpenShift GitOps operator. The
ClusterRole rec ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2026-12997 (The Gravity Forms plugin for WordPress is vulnerable to
Directory Trav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12382 (A flaw was found in the AAP Gateway Envoy proxy configuration.
The non ...)
TODO: check
CVE-2026-10673 (The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver
(drivers/e ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-32781 (Apollo is a reliable configuration management system suitable
for micr ...)
TODO: check
CVE-2026-56136
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/550ab1a3664a2cb74470570b0d72df9a3270be11
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/550ab1a3664a2cb74470570b0d72df9a3270be11
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits