Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e53cf80 by Salvatore Bonaccorso at 2026-07-17T23:08:31+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2026-63094 (SigNoz through 0.133.0 contains an open
redirect vulnerability i
CVE-2026-63093 (Cursor for Windows version 3.2.16 contains a binary planting
vulnerabi ...)
NOT-FOR-US: Cursor
CVE-2026-62764 (Improper Handling of Insufficient Privileges vulnerability in
Apache A ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-60025 (The Joomla extension Events Booking prior version 5.8.0 had an
fronten ...)
NOT-FOR-US: Joomla
CVE-2026-60024 (The Joomla extension Events Booking prior version 5.8.0 did by
default ...)
@@ -75,15 +75,15 @@ CVE-2026-59694 (Improper Validation of Specified Quantity
in Input in ZenHive mp
CVE-2026-59252 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
TODO: check
CVE-2026-58195 (Agentic-Flow is an AI agent orchestration platform. Prior to
2.0.14, a ...)
- TODO: check
+ NOT-FOR-US: Agentic-Flow
CVE-2026-58149 (The Joomla extension Events Booking is vulnerable to an
unauthenticate ...)
NOT-FOR-US: Joomla
CVE-2026-58148 (The Joomla extension ChronoForms is vulnerable to an
unauthenticated s ...)
NOT-FOR-US: Joomla
CVE-2026-57860 (ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI,
automati ...)
- TODO: check
+ NOT-FOR-US: ForgeCode
CVE-2026-54496 (ZEBRA is a Zcash node written entirely in Rust. Prior to
zebrad 5.0.0, ...)
- TODO: check
+ NOT-FOR-US: ZEBRA
CVE-2026-53712 (SCRAM (Salted Challenge Response Authentication Mechanism) is
part of ...)
TODO: check
CVE-2026-52746 (JSONata is a JSON query and transformation language. Prior to
2.2.0, m ...)
@@ -467,9 +467,9 @@ CVE-2026-58078 (The Joomla extension Quix Page Builder Pro
is vulnerable to an u
CVE-2026-57896 (An out-of-bounds read vulnerability in the Productivity Suite
allows a ...)
NOT-FOR-US: Productivity Suite
CVE-2026-57206 (SimpleChat is a secure AI conversation application with
personal and g ...)
- TODO: check
+ NOT-FOR-US: SimpleChat
CVE-2026-57205 (SimpleChat is a secure AI conversation application with
personal and g ...)
- TODO: check
+ NOT-FOR-US: SimpleChat
CVE-2026-56456 (HCL DFXAnalytics is affected by an Internal File Path
Disclosure vulne ...)
NOT-FOR-US: HCL
CVE-2026-56455 (HCL DFXAnalytics is affected by a Buffer Overflow
vulnerability that c ...)
@@ -479,9 +479,9 @@ CVE-2026-56454 (HCL DFXAnalytics is affected by a
Deprecated Protocol vulnerabil
CVE-2026-56453 (HCL DFXAnalytics is affected by an Account Takeover via
Response Manip ...)
NOT-FOR-US: HCL
CVE-2026-55629 (Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging
proxy. Prior ...)
- TODO: check
+ NOT-FOR-US: Whistle
CVE-2026-55548 (Yamcs is a mission control framework. Prior to 5.12.8 and
5.13.2, the ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2026-55440 (Microsoft UFO open-source framework for intelligent automation
across ...)
TODO: check
CVE-2026-55407 (Buffa is a pure-Rust Protocol Buffers implementation with
first-class ...)
@@ -489,15 +489,15 @@ CVE-2026-55407 (Buffa is a pure-Rust Protocol Buffers
implementation with first-
CVE-2026-55406 (Buffa is a pure-Rust Protocol Buffers implementation with
first-class ...)
TODO: check
CVE-2026-55173 (WWBN AVideo is an open source video platform. Versions 29.0
and below ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-54733 (The Microsoft 365 and Microsoft Entra ID Plugins for Moodle
provide Of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-54728 (bunkerweb is an Open-source and next-generation Web
Application Firewa ...)
- TODO: check
+ NOT-FOR-US: bunkerweb
CVE-2026-54568 (Microsoft UFO open-source framework for intelligent automation
across ...)
TODO: check
CVE-2026-54526 (Argo Workflows is an open source container-native workflow
engine for ...)
- TODO: check
+ NOT-FOR-US: Argo
CVE-2026-54340 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Pr ...)
TODO: check
CVE-2026-53598 (Prompty is a markdown file format (.prompty) for LLM prompts.
Prior to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e53cf8022a9e5fbac8667ff985591171199f642
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e53cf8022a9e5fbac8667ff985591171199f642
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits