Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
85b79f70 by security tracker role at 2026-07-17T07:13:56+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2026-9810 (The AI Copilot  WordPress plugin before 1.5.4 does not bind 
OAuth acce ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9494 (An information disclosure vulnerability exists in Canonical 
ubuntu-pro ...)
        TODO: check
 CVE-2026-9046 (A potential insecure permissions vulnerability was reported in 
Legion  ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-8616 (The Fense Proxy & VPN Blocker plugin for WordPress is 
vulnerable to un ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7543 (The Breakdance plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6511 (During an internal security assessment, a potential improper 
access co ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-6424 (Use-after-free vulnerability in ESET Linux productspotentially 
allowed ...)
        TODO: check
 CVE-2026-6423 (A local privilege escalation vulnerability in ESET Inspect 
Connector.  ...)
@@ -41,7 +41,7 @@ CVE-2026-62994 (CoreDNS is a DNS server written in Go. From 
1.9.4 until 1.14.5,
 CVE-2026-62963 (Centrifugo is an open-source scalable real-time messaging 
server. Prio ...)
        TODO: check
 CVE-2026-62826 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-62387 (The Grav API plugin (getgrav/grav-plugin-api) before 
1.0.0-rc.16 shipp ...)
        TODO: check
 CVE-2026-62386 (The Grav API plugin (getgrav/grav-plugin-api) before 
1.0.0-rc.16 accep ...)
@@ -73,61 +73,61 @@ CVE-2026-62231 (The Grav API plugin 
(getgrav/grav-plugin-api) before 1.0.6 conta
 CVE-2026-62230 (Grav before 2.0.4 ships a default .htaccess (and reference 
webserver-c ...)
        TODO: check
 CVE-2026-62229 (OpenClaw before 2026.5.18 contain an authorization bypass 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62228 (OpenClaw before 2026.6.5 contain an authorization bypass 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62227 (OpenClaw 2026.4.14 before 2026.5.26 contain a server-side 
request forg ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62226 (OpenClaw 2026.3.28 before 2026.5.19 contain an authorization 
bypass vu ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62225 (OpenClaw versions before 2026.5.18 contain an authorization 
bypass vul ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62224 (OpenClaw MS Teams before 2026.5.12 contain an authorization 
bypass vul ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62223 (OpenClaw before 2026.5.18 contain an authorization bypass 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62222 (OpenClaw before 2026.5.22 contain a vulnerability in 
setup-mode discov ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62221 (OpenClaw 2026.5.12 before 2026.5.26 contain an incorrect 
authorization ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62220 (OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller 
or conf ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62219 (OpenClaw 2026.2.12 before 2026.5.26 contain an authorization 
bypass vu ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62218 (OpenClaw 2026.1.20 before 2026.5.27 contain an authorization 
bypass vu ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62217 (OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an 
authorization fl ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62216 (OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in 
the QQB ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62215 (OpenClaw versions before 2026.6.5 contain an authentication 
bypass vul ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62214 (OpenClaw versions before 2026.5.28 Bot Framework contains an 
improper  ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62213 (OpenClaw versions before 2026.5.27 contain a token leakage 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62212 (OpenClaw before 2026.5.28 contains a race condition in the MS 
Teams sa ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62211 (OpenClaw versions before 2026.6.1 contain a credential 
redaction bypas ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62210 (OpenClaw versions before 2026.6.1 contain a denial of service 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62209 (OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an 
authoriz ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62208 (OpenClaw before 2026.6.5 could forward Authorization headers 
during MC ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62207 (OpenClaw versions before 2026.6.5 contain an authentication 
bypass vul ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62206 (OpenClaw versions before 2026.6.9 contain a missing 
authorization vuln ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62205 (OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a 
missing-a ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62203 (OpenClaw versions before 2026.6.6 contain an environment 
variable filt ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62202 (OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege 
escalat ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62201 (OpenClaw versions before 2026.6.6 contain a network policy 
bypass vuln ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-61718 (bunkerweb is an Open-source and next-generation Web 
Application Firewa ...)
        TODO: check
 CVE-2026-61389 (An out-of-bounds write vulnerability in the Productivity Suite 
allows  ...)
@@ -167,15 +167,15 @@ CVE-2026-59249 (Inconsistent interpretation of HTTP 
requests (HTTP response smug
 CVE-2026-59237 (Authorization Bypass Through User-Controlled Key (CWE-639) in 
the Orde ...)
        TODO: check
 CVE-2026-59117 (Integer overflow or wraparound in Windows Terminal allows an 
unauthori ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-58643 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-58598 (Concurrent execution using shared resource with improper 
synchronizati ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-58317 (Unsigned to Signed Conversion Error (CWE-196) vulnerability 
exists in  ...)
        TODO: check
 CVE-2026-58078 (The Joomla extension Quix Page Builder Pro is vulnerable to an 
unauthe ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-57896 (An out-of-bounds read vulnerability in the Productivity Suite 
allows a ...)
        TODO: check
 CVE-2026-57206 (SimpleChat is a secure AI conversation application with 
personal and g ...)
@@ -183,13 +183,13 @@ CVE-2026-57206 (SimpleChat is a secure AI conversation 
application with personal
 CVE-2026-57205 (SimpleChat is a secure AI conversation application with 
personal and g ...)
        TODO: check
 CVE-2026-56456 (HCL DFXAnalytics is affected by an Internal File Path 
Disclosure vulne ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-56455 (HCL DFXAnalytics is affected by a Buffer Overflow 
vulnerability that c ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-56454 (HCL DFXAnalytics is affected by a Deprecated Protocol 
vulnerability du ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-56453 (HCL DFXAnalytics is affected by an Account Takeover via 
Response Manip ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-55629 (Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging 
proxy. Prior ...)
        TODO: check
 CVE-2026-55548 (Yamcs is a mission control framework. Prior to 5.12.8 and 
5.13.2, the  ...)
@@ -221,13 +221,13 @@ CVE-2026-53536 (Activepieces is an open source AI 
workflow automation platform.
 CVE-2026-53535 (Activepieces is an open source AI workflow automation 
platform. Prior  ...)
        TODO: check
 CVE-2026-53412 (Improper Input Validation in Zoom Desktop Client for Windows, 
Zoom VDI ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2026-53411 (A time-of-check to time-of-use (TOCTOU) race condition in the 
installa ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2026-53410 (A time-of-check to time-of-use (TOCTOU) race condition in the 
installa ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2026-53409 (Improper Privilege Management in Zoom Rooms for Windows before 
version ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2026-49998 (Centrifugo is an open-source scalable real-time messaging 
server. Prio ...)
        TODO: check
 CVE-2026-47751 (Claude Code Action is a general-purpose GitHub action that 
runs Claude ...)
@@ -251,9 +251,9 @@ CVE-2026-47082 (An issue was discovered in cyrus-imapd in 
Cyrus IMAP through 3.1
 CVE-2026-47081 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. T ...)
        TODO: check
 CVE-2026-46687 (Emlog is an open source website building system. In 2.6.13 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Emlog
 CVE-2026-46686 (Emlog is an open source website building system. In 2.6.13 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Emlog
 CVE-2026-46621 (Yamcs is a mission control framework. Prior to 5.12.7, the 
Yamcs scrip ...)
        TODO: check
 CVE-2026-46562 (Yamcs is a mission control framework. Prior to 5.12.7, the 
Nashorn Scr ...)
@@ -365,23 +365,23 @@ CVE-2026-38158 (A SQL injection vulnerability in the 
/ureport/datasource/preview
 CVE-2026-36425 (An issue in OPSWAT AppRemover Driver (ardrv.sys) 
v2017.10.02.1551 and  ...)
        TODO: check
 CVE-2026-35149 (HCL DFXServer is affected by an Authentication Bypass 
vulnerability vi ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-35148 (HCL DFXServer is affected by a Missing Access Control 
vulnerability. T ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-35147 (HCL DFXServer is affected by a Broken Authentication 
vulnerability via ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-35146 (HCL DFXServer is affected by an Unencrypted Communication 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-35145 (HCL DFXAnalytics is affected by a Missing HTTP 
Strict-Transport-Securi ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-35143 (HCL DFXAnalytics is affected by a Missing SameSite Attribute 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-35142 (HCL DFXAnalytics is affected by an Internal IP Address 
Disclosure vuln ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-35141 (HCL DFXAnalytics is affected by a Login Replay Attack 
vulnerability. T ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-35140 (HCL DFXAnalytics is affected by a Missing Secure Attribute in 
Encrypte ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-34150 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
        TODO: check
 CVE-2026-33754 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
@@ -393,129 +393,129 @@ CVE-2026-33692 (WWBN AVideo is an open source video 
platform. Versions prior to
 CVE-2026-33434 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
        TODO: check
 CVE-2026-2594 (The Smart Custom Fields plugin for WordPress is vulnerable to 
Stored C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-22752 (Authentication bypass by primary weakness vulnerability in 
Spring Secu ...)
        TODO: check
 CVE-2026-21770 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a 
DLL hija ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-15997 (Out-of-bounds write vulnerability in Legion of the Bouncy 
Castle Inc.  ...)
        TODO: check
 CVE-2026-15982 (The Aimogen Pro - All-in-One AI Content Writer, Editor, 
ChatBot & Auto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15945 (A flaw was found in the group search functionality of the 
Keycloak ser ...)
        TODO: check
 CVE-2026-15759 (The ChatHelp \u2013 Click to Chat Button, WooCommerce Chat to 
Order &  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15737 (AWS Bedrock AgentCore Python SDK is an open-source Python 
library that ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-15727 (The WP Bulk Delete plugin for WordPress is vulnerable to 
generic SQL I ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15651 (The WP TripAdvisor Review Slider plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15610 (The WPBot \u2013 AI ChatBot for Live Support, Lead Generation, 
AI Serv ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15457 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15449 (A time-of-check to time-of-use (TOCTOU) flaw in the illumos 
data-link  ...)
        TODO: check
 CVE-2026-15422 (The illumos SCTP inbound path performs association lookup for 
INIT ACK ...)
        TODO: check
 CVE-2026-15407 (The Themify Builder plugin for WordPress is vulnerable to 
authorizatio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15395 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder 
plugin for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15352 (A vulnerability exists in the Health & Safety (HS) application 
of NASA ...)
        TODO: check
 CVE-2026-15350 (The The Cache Purger plugin for WordPress is vulnerable to 
authorizati ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15349 (The ERP: Complete HR, Accounting & CRM Suite Built for 
WooCommerce plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15324 (The SysBasics Customize My Account for WooCommerce \u2013 Live 
My Acco ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15161 (The Ninja Forms - Excel Export plugin for WordPress is 
vulnerable to S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15160 (The Ninja Forms - Excel Export plugin for WordPress is 
vulnerable to D ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15159 (The Ninja Forms - Excel Export plugin for WordPress is 
vulnerable to I ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15106 (The WPBot \u2013 AI ChatBot for Live Support, Lead Generation, 
AI Serv ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15103 (The WPFunnels \u2013 Funnel Builder for WooCommerce with 
Checkout & On ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15099 (The Delicious Recipes plugin for WordPress is vulnerable to 
Stored Cro ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15094 (The WP Hotel Booking plugin for WordPress is vulnerable to 
Reflected C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15022 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15021 (The wpForo Forum plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15008 (The Uncanny Automator \u2013 Easy Automation, Integration, 
Webhooks &  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15005 (The Loco Translate plugin for WordPress is vulnerable to 
Cross-Site Re ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14956 (The Bricksforge plugin for WordPress is vulnerable to 
Privilege Escala ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14890 (SGLang uses an expert-parallel backup subsystem that exposes a 
ZeroMQ  ...)
        TODO: check
 CVE-2026-14782 (The Booking for Appointments and Events Calendar \u2013 Amelia 
plugin  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14503 (The pCloud WP Backup plugin for WordPress is vulnerable to 
Sensitive I ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14371 (The Lenovo XClarity Integrator for Windows Admin Center plugin 
version ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-14254 (A race condition in the account lockout mechanism 
inDelphixContinousDa ...)
        TODO: check
 CVE-2026-14253
        REJECTED
 CVE-2026-13767 (The Quiz Master Next plugin for WordPress is vulnerable to SQL 
Injecti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13765 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell 
Online  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13755 (The Tickera \u2013 Sell Tickets & Manage Events plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13754 (The Tickera \u2013 Sell Tickets & Manage Events plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13741 (The Digits: WordPress Mobile Number Signup and Login plugin 
for WordPr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13402 (The Royal Addons for Elementor  WordPress plugin before 
1.7.1063 does  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13352 (The Paid Membership Plugin, Ecommerce, User Registration Form, 
Login F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13104 (A potential vulnerability was reported in Lenovo App Store, 
distribute ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-13103 (A potential path traversal vulnerability was reported in 
Lenovo App St ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-12393 (The WPS Bookings for WooCommerce WordPress plugin before 
3.11.7 does n ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12391 (An insecure symlink following vulnerability exists in 
Canonical ubuntu ...)
        TODO: check
 CVE-2026-12379 (An Open Redirect vulnerability (CWE-601) exists in the 
OAuth/OIDC auth ...)
        TODO: check
 CVE-2026-11966 (The User Registration & Membership  WordPress plugin before 
5.2.3 does ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11961 (The User Registration & Membership  WordPress plugin before 
5.2.3 does ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11889 (SALTO ProAccess Space software using the tenancy feature / 
logical  pa ...)
        TODO: check
 CVE-2026-11740
        REJECTED
 CVE-2026-11575 (The PhonePe Payment Solutions WordPress plugin before 3.1.0 
does not p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11386 (An input validation and injection vulnerability exists in 
Canonical ub ...)
        TODO: check
 CVE-2026-11324 (The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay 
gateway plug ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10590 (A potential missing authentication vulnerability could allow a 
local p ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-10589 (A potential out of bounds write vulnerability could allow a 
local priv ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-10588 (A potential vulnerability could allow a local privileged 
attacker to d ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-10587 (A potential out-of-bounds write vulnerability could allow a 
local priv ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2026-10525 (The NEX-Forms  WordPress plugin before 9.2.3 does not sanitise 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-71388 (stoatchat (delta/Revolt) versions from 20241213-1 before 
20250210-1 al ...)
        TODO: check
 CVE-2025-71377 (stoatchat (delta) versions before 20250210-1 (0.8.2) contain a 
logic e ...)
@@ -541,7 +541,7 @@ CVE-2023-49900 (An unauthenticated remote attacker is able 
to perform remote cod
 CVE-2023-49899 (An unauthenticated remote attacker canexecute any command on 
the affec ...)
        TODO: check
 CVE-2019-25764 (**UNSUPPORTED WHEN ASSIGNED** Exposed IOCTL with Insufficient 
Access C ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2026-57077 (YAML::Syck versions before 1.47 for Perl allow an 
out-of-bounds read v ...)
        - libyaml-syck-perl <unfixed> (bug #1142267)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85b79f701898caa8586f0af9a85fdb2357d2cf57

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85b79f701898caa8586f0af9a85fdb2357d2cf57
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to