Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1e53cf80 by Salvatore Bonaccorso at 2026-07-17T23:08:31+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2026-63094 (SigNoz through 0.133.0 contains an open 
redirect vulnerability i
 CVE-2026-63093 (Cursor for Windows version 3.2.16 contains a binary planting 
vulnerabi ...)
        NOT-FOR-US: Cursor
 CVE-2026-62764 (Improper Handling of Insufficient Privileges vulnerability in 
Apache A ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-60025 (The Joomla extension Events Booking prior version 5.8.0 had an 
fronten ...)
        NOT-FOR-US: Joomla
 CVE-2026-60024 (The Joomla extension Events Booking prior version 5.8.0 did by 
default ...)
@@ -75,15 +75,15 @@ CVE-2026-59694 (Improper Validation of Specified Quantity 
in Input in ZenHive mp
 CVE-2026-59252 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
        TODO: check
 CVE-2026-58195 (Agentic-Flow is an AI agent orchestration platform. Prior to 
2.0.14, a ...)
-       TODO: check
+       NOT-FOR-US: Agentic-Flow
 CVE-2026-58149 (The Joomla extension Events Booking is vulnerable to an 
unauthenticate ...)
        NOT-FOR-US: Joomla
 CVE-2026-58148 (The Joomla extension ChronoForms is vulnerable to an 
unauthenticated s ...)
        NOT-FOR-US: Joomla
 CVE-2026-57860 (ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, 
automati ...)
-       TODO: check
+       NOT-FOR-US: ForgeCode
 CVE-2026-54496 (ZEBRA is a Zcash node written entirely in Rust. Prior to 
zebrad 5.0.0, ...)
-       TODO: check
+       NOT-FOR-US: ZEBRA
 CVE-2026-53712 (SCRAM (Salted Challenge Response Authentication Mechanism) is 
part of  ...)
        TODO: check
 CVE-2026-52746 (JSONata is a JSON query and transformation language. Prior to 
2.2.0, m ...)
@@ -467,9 +467,9 @@ CVE-2026-58078 (The Joomla extension Quix Page Builder Pro 
is vulnerable to an u
 CVE-2026-57896 (An out-of-bounds read vulnerability in the Productivity Suite 
allows a ...)
        NOT-FOR-US: Productivity Suite
 CVE-2026-57206 (SimpleChat is a secure AI conversation application with 
personal and g ...)
-       TODO: check
+       NOT-FOR-US: SimpleChat
 CVE-2026-57205 (SimpleChat is a secure AI conversation application with 
personal and g ...)
-       TODO: check
+       NOT-FOR-US: SimpleChat
 CVE-2026-56456 (HCL DFXAnalytics is affected by an Internal File Path 
Disclosure vulne ...)
        NOT-FOR-US: HCL
 CVE-2026-56455 (HCL DFXAnalytics is affected by a Buffer Overflow 
vulnerability that c ...)
@@ -479,9 +479,9 @@ CVE-2026-56454 (HCL DFXAnalytics is affected by a 
Deprecated Protocol vulnerabil
 CVE-2026-56453 (HCL DFXAnalytics is affected by an Account Takeover via 
Response Manip ...)
        NOT-FOR-US: HCL
 CVE-2026-55629 (Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging 
proxy. Prior ...)
-       TODO: check
+       NOT-FOR-US: Whistle
 CVE-2026-55548 (Yamcs is a mission control framework. Prior to 5.12.8 and 
5.13.2, the  ...)
-       TODO: check
+       NOT-FOR-US: Yamcs
 CVE-2026-55440 (Microsoft UFO open-source framework for intelligent automation 
across  ...)
        TODO: check
 CVE-2026-55407 (Buffa is a pure-Rust Protocol Buffers implementation with 
first-class  ...)
@@ -489,15 +489,15 @@ CVE-2026-55407 (Buffa is a pure-Rust Protocol Buffers 
implementation with first-
 CVE-2026-55406 (Buffa is a pure-Rust Protocol Buffers implementation with 
first-class  ...)
        TODO: check
 CVE-2026-55173 (WWBN AVideo is an open source video platform. Versions 29.0 
and below  ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2026-54733 (The Microsoft 365 and Microsoft Entra ID Plugins for Moodle 
provide Of ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-54728 (bunkerweb is an Open-source and next-generation Web 
Application Firewa ...)
-       TODO: check
+       NOT-FOR-US: bunkerweb
 CVE-2026-54568 (Microsoft UFO open-source framework for intelligent automation 
across  ...)
        TODO: check
 CVE-2026-54526 (Argo Workflows is an open source container-native workflow 
engine for  ...)
-       TODO: check
+       NOT-FOR-US: Argo
 CVE-2026-54340 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and 
HTTP/3. Pr ...)
        TODO: check
 CVE-2026-53598 (Prompty is a markdown file format (.prompty) for LLM prompts. 
Prior to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e53cf8022a9e5fbac8667ff985591171199f642

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e53cf8022a9e5fbac8667ff985591171199f642
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to