Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
43f4ebd8 by security tracker role at 2026-06-22T19:14:24+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
 CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 
9.1.7, 9 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere 
Applic ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9162 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x 
<= 11.5 ...)
        TODO: check
 CVE-2026-9072 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, 
and IB ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9071 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere 
Applic ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9029 (The geomap panel's XYZ tile layer has a 
sanitize-then-interpolate orde ...)
        TODO: check
 CVE-2026-9006 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to 
server- ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8934 (A Missing Authorization vulnerability in a GraphQL private API 
operati ...)
        TODO: check
 CVE-2026-8858 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server 
and IBM ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8823 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail 
to vali ...)
        TODO: check
 CVE-2026-8646 (IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere 
Applica ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8636 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 
9.1.7, 9 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8074 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail 
to enfo ...)
        TODO: check
 CVE-2026-8059 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 
9.1.7, 9 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7664 (IBM Langflow OSS 1.0.0 through 1.8.4 could allow 
unauthenticated attac ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7253 (IBM Watson Speech Services Cartridge is vulnerable to 
Server-Side Requ ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7167 (The vulnerability arises when the system fails to properly 
validate th ...)
        TODO: check
 CVE-2026-7166 (Vulnerability involving the exposure of sensitive data provided 
withou ...)
@@ -69,7 +69,7 @@ CVE-2026-55443 (LangChain is a framework for building agents 
and LLM-powered app
 CVE-2026-55388 (piscina is a node.js worker pool implementation. Prior to 
6.0.0-rc.2,  ...)
        TODO: check
 CVE-2026-54665 (Apache NiFi 0.0.1 through 2.9.0 support building qualified 
URLs from o ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-54300 (@astrojs/netlify is an adapter that allows Astro to deploy 
your hybrid ...)
        TODO: check
 CVE-2026-54299 (Astro is a web framework. Prior to 6.4.6, Astro SSR apps with 
prerende ...)
@@ -185,11 +185,11 @@ CVE-2026-48712 (protobufjs compiles protobuf definitions 
into JavaScript (JS) fu
 CVE-2026-46417 (Angular is a development platform for building mobile and 
desktop web  ...)
        TODO: check
 CVE-2026-44914 (Apache NiFi 1.12.0 through 2.9.0 are missing authorization 
when replac ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44913 (Improper escaping of database table names in the 
CaptureChangeMySQL Pr ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44911 (Authorization handling for component configuration 
verification reques ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42129 (The Loki datasource plugin's callResource handler contains a 
path trav ...)
        TODO: check
 CVE-2026-42127 (The public dashboard query endpoint does not limit request 
body size b ...)
@@ -209,13 +209,13 @@ CVE-2026-28381 (The Snowflake datasource allows for 
GET/PUT commands, which can
 CVE-2026-12888 (An HTML injection vulnerability exists in the Google Chat 
webhook noti ...)
        TODO: check
 CVE-2026-12863 (An unvalidated redirect was contained in Venueless' social 
login funct ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-12862 (Untrusted user data was passed verbatim to Excel exports for 
administr ...)
-       TODO: check
+       NOT-FOR-US: rami.io products
 CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC 
validat ...)
        TODO: check
 CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM 
Storage Pro ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions 
prior t ...)
        TODO: check
 CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation 
vulnerabilit ...)
@@ -235,41 +235,41 @@ CVE-2026-11943 (Akaunting 3.1.21 contains an 
authenticated stored cross-site scr
 CVE-2026-11942 (Akaunting 3.1.21 contains an authenticated stored cross-site 
scripting ...)
        TODO: check
 CVE-2026-11834 (A command injection vulnerability has been identified in the 
DHCP opti ...)
-       TODO: check
+       NOT-FOR-US: TPLink
 CVE-2026-11825
        REJECTED
 CVE-2026-11372 (IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-10845 (IBM WebSphere Application Server 8.5 and 9.0could allow a 
remote attac ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-10789 (A maliciously crafted webpage, when visited by a user with 
Autodesk Fu ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2026-10601 (The Tempo and Loki datasource plugins construct backend HTTP 
requests  ...)
        TODO: check
 CVE-2026-10561 (IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due 
to an im ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-66389 (GitHub Copilot 1.372.0 allows filesystem access outside of a 
workspace ...)
        TODO: check
 CVE-2025-66336 (Apache Doris MCP Server contains a SQL injection vulnerability 
in a me ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-62198 (An authenticated user can perform XSS.  This issue affects 
Apache Atla ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-4994 (The SafeLine SL6 and SL6+ devices integrated into elevator 
emergency i ...)
        TODO: check
 CVE-2025-33128 (IBM Engineering Workflow Management 7.0.3 through 7.0.3 
Interim Fix 02 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-2669 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak 
for Data  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-54178 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak 
for Data  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-51454 (IBM Engineering Workflow Management 7.0.2 through 7.0.2 
Interim Fix 03 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-45796 (A stored cross-site scripting vulnerability in the Runtime 
component o ...)
        TODO: check
 CVE-2023-45795 (A cross-site scripting vulnerability in the Builder Component 
of Pilz  ...)
        TODO: check
 CVE-2023-33854 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak 
for Data  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11373 (Net::Statsite::Client versions through 1.1.0 for Perl allow 
metric inj ...)
        NOT-FOR-US: Net::Statsite::Client Perl module
 CVE-2026-6653 (Use After Free in libxml2's xmlParseInternalSubset from GNOME 
libxml2  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f4ebd83cb52f0c6be41fad26b691c23efd086b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f4ebd83cb52f0c6be41fad26b691c23efd086b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to