Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
84b1a550 by Salvatore Bonaccorso at 2026-07-16T07:20:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-9007 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: HCL Notes
CVE-2026-8281
REJECTED
CVE-2026-8055
@@ -143,13 +143,13 @@ CVE-2026-61464 (ImageMagick before 7.1.2-26 and 6.9.13-51
contains a heap-based
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/378bfc12bf7bbc4d9ab081120873efef935ebd85
(7.1.2-26)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/d0aa5c9e09e0cf5e400309ca76ae886a980b0555
(6.9.13-51)
CVE-2026-61457 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3
contains a ...)
- TODO: check
+ NOT-FOR-US: Grav API plugin
CVE-2026-61453 (Grav v2.0.0 contains a cross-site scripting vulnerability
(fixed in 2. ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-61452 (The Grav API plugin (getgrav/grav-plugin-api) before 2.0.4
contains an ...)
- TODO: check
+ NOT-FOR-US: Grav API plugin
CVE-2026-61451 (The Grav API plugin (grav-plugin-api) before 1.0.4 does not
validate t ...)
- TODO: check
+ NOT-FOR-US: Grav API plugin
CVE-2026-61449 (Grav 2.0.1 contains a decompression-bomb size-cap bypass in
ZipArchive ...)
NOT-FOR-US: Grav CMS
CVE-2026-61446 (PraisonAI (praisonaiagents) before 1.6.78 contains a remote
code execu ...)
@@ -171,7 +171,7 @@ CVE-2026-61430 (PraisonAI before 1.6.78 contains a
server-side request forgery v
CVE-2026-61427 (PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport
without ...)
NOT-FOR-US: PraisonAI
CVE-2026-61371 (Microsoft AVML before 0.17.0 could follow a symlink when
opening a des ...)
- TODO: check
+ NOT-FOR-US: Microsoft AVML
CVE-2026-60087 (PraisonAI before 1.6.78 caches tool approval decisions by tool
name on ...)
NOT-FOR-US: PraisonAI
CVE-2026-60085 (PraisonAI before 4.6.78 contains an unenforced security policy
vulnera ...)
@@ -183,9 +183,9 @@ CVE-2026-60062 (The NGINX Agent config_dirsdirective allows
a low-privileged att
CVE-2026-60005 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
TODO: check
CVE-2026-59955 (Apollo is a reliable configuration management system suitable
for micr ...)
- TODO: check
+ NOT-FOR-US: Apollo
CVE-2026-59954 (Apollo is a reliable configuration management system suitable
for micr ...)
- TODO: check
+ NOT-FOR-US: Apollo
CVE-2026-59838 (A improper neutralization of script-related html tags in a web
page (b ...)
NOT-FOR-US: Fortinet
CVE-2026-59762 (When an HTTP/2 profile is configured on a virtual server,
undisclosed ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84b1a55050db265ba8811ef543c334e007b71649
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84b1a55050db265ba8811ef543c334e007b71649
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits