Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a22e9302 by Salvatore Bonaccorso at 2026-07-01T09:19:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,19 +15,19 @@ CVE-2026-7873 (IBM Langflow OSS 1.0.0 through 1.10.0 allows 
authenticated attack
 CVE-2026-7871 (IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis 
access t ...)
        NOT-FOR-US: IBM
 CVE-2026-7840 (UltraVNC repeater through 1.8.2.2 contains a global buffer 
overflow in ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-7839 (UltraVNC repeater through 1.8.2.2 initializes the HTTP 
administration  ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-7838 (UltraVNC viewer through 1.8.2.2 contains an integer overflow 
leading t ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-7831 (UltraVNC viewer through 1.8.2.2 contains an off-by-one stack 
buffer ov ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-7830 (UltraVNC through 1.8.2.2 uses inadequate cryptography in the 
MS-Logon  ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-7829 (UltraVNC repeater through 1.8.2.2 contains a 
post-authentication out-o ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-7828 (UltraVNC repeater through 1.8.2.2 contains an integer overflow 
in the  ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-7803 (IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary 
code execu ...)
        NOT-FOR-US: IBM
 CVE-2026-7663 (IBM Langflow OSS 1.0.0 through 1.9.6 could allow 
unauthenticated attac ...)
@@ -87,23 +87,23 @@ CVE-2026-56356 (n8n contains a stored cross-site scripting 
vulnerability in the
 CVE-2026-56350 (n8n before 2.8.0 contains an authentication bypass 
vulnerability allow ...)
        TODO: check
 CVE-2026-56334 (Capgo before 12.128.2 lacks an UPDATE row-level security 
policy for th ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56333 (Capgo before 12.128.2 contains a server-side validation bypass 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56331 (Capgo before 12.128.2 contains improper error handling in the 
/private ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56328 (Capgo before 12.128.2 allows multiple public channels for the 
same app ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56327 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56320 (Capgo before 12.128.2 contains an authorization flaw in POST 
/private/ ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56318 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56300 (Capgo before 12.128.2 contains unauthenticated security 
definer RPC fu ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56286 (Capgo before 12.128.2 contains an authentication bypass 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56278 (Flowise before 3.1.0 (affected versions 3.0.13 and earlier) 
uses a wea ...)
        NOT-FOR-US: Flowise
 CVE-2026-56277 (Flowise before 3.1.2 sets Access-Control-Allow-Origin to a 
hardcoded w ...)
@@ -111,17 +111,17 @@ CVE-2026-56277 (Flowise before 3.1.2 sets 
Access-Control-Allow-Origin to a hardc
 CVE-2026-56264 (Crawl4AI before 0.8.7 contains an arbitrary JavaScript 
execution vulne ...)
        TODO: check
 CVE-2026-56249 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56247 (Capgo before 12.128.2 allows org admins to assign org-scoped 
RBAC role ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56233 (Capgo before 12.128.2 contains a path traversal vulnerability 
in the b ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56230 (Capgo before 12.128.2 contains a broken object level 
authorization vul ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56224 (Capgo console.capgo.app/login before 12.128.2 accepts 
access_token and ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56219 (Capgo before 12.128.2 contains a NULL-auth bypass 
vulnerability in the ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-55721 (Storage Concentrator (SC & SCVM) is vulnerable to SQL 
injection throug ...)
        TODO: check
 CVE-2026-55223 (c3p0 is a JDBC Connection pooling library. In versions prior 
to 0.14.0 ...)
@@ -177,11 +177,11 @@ CVE-2026-50003 (A malicious or compromised server can 
make a DCMTK client using
 CVE-2026-44628 (An unauthenticated attacker can crash the worklist server with 
a singl ...)
        TODO: check
 CVE-2026-44042 (UltraVNC repeater through 1.8.2.2 contains an off-by-one error 
in the  ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-44041 (UltraVNC through 1.8.2.2 contains an out-of-bounds read in the 
wide-st ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-44040 (UltraVNC through 1.8.2.2 uses a cryptographically weak 
pseudo-random n ...)
-       TODO: check
+       NOT-FOR-US: UltraVNC
 CVE-2026-3602 (IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 
12.0.1.0 thr ...)
        NOT-FOR-US: IBM
 CVE-2026-37106 (An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a 
remote atta ...)
@@ -321,21 +321,21 @@ CVE-2026-10109 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 
through 12.1.4 is vuln
 CVE-2025-71381 (Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its 
CORS middl ...)
        TODO: check
 CVE-2025-71374 (picklescan before 0.0.29 fails to detect the built-in python 
profile.P ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71371 (picklescan before 0.0.29 fails to detect malicious pickle 
files using  ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71368 (picklescan before 0.0.30 fails to detect the 
doctest.debug_script func ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71363 (picklescan before 0.0.30 fails to detect cProfile.run function 
calls i ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71355 (Picklescan before 0.0.25 fails to detect unsafe global 
functions in th ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71352 (picklescan before 0.0.29 fails to detect the built-in Python 
trace.Tra ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71350 (picklescan before 0.0.28 fails to detect malicious pickle 
files using  ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71349 (picklescan before 0.0.29 fails to detect the built-in 
trace.Trace.run  ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-36372 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for 
Linux, UN ...)
        NOT-FOR-US: IBM
 CVE-2025-36359 (IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not 
invalid ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a22e9302f11eaf11aebba18bbd2a82c5c7959486

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a22e9302f11eaf11aebba18bbd2a82c5c7959486
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to