Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
27c2a183 by Salvatore Bonaccorso at 2026-07-17T09:39:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2026-59173
 CVE-2026-9810 (The AI Copilot  WordPress plugin before 1.5.4 does not bind 
OAuth acce ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-9494 (An information disclosure vulnerability exists in Canonical 
ubuntu-pro ...)
-       TODO: check
+       NOT-FOR-US: Canonical
 CVE-2026-9046 (A potential insecure permissions vulnerability was reported in 
Legion  ...)
        NOT-FOR-US: Lenovo
 CVE-2026-8616 (The Fense Proxy & VPN Blocker plugin for WordPress is 
vulnerable to un ...)
@@ -14,67 +14,67 @@ CVE-2026-7543 (The Breakdance plugin for WordPress is 
vulnerable to Stored Cross
 CVE-2026-6511 (During an internal security assessment, a potential improper 
access co ...)
        NOT-FOR-US: Lenovo
 CVE-2026-6424 (Use-after-free vulnerability in ESET Linux productspotentially 
allowed ...)
-       TODO: check
+       NOT-FOR-US: ESET
 CVE-2026-6423 (A local privilege escalation vulnerability in ESET Inspect 
Connector.  ...)
-       TODO: check
+       NOT-FOR-US: ESET
 CVE-2026-63397 (remorses/genql before version 6.3.4 allows an authenticated 
attacker w ...)
-       TODO: check
+       NOT-FOR-US: remorses/genql
 CVE-2026-63306 (stoatchat before 0.13.5 contains an unauthenticated 
server-side reques ...)
-       TODO: check
+       NOT-FOR-US: stoatchat
 CVE-2026-63305 (AVideo through 29.0 contains an OS command injection 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2026-63304 (AVideo through 29.0 contains an OS command injection 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2026-63089 (WireGuard Easy through 15.3.0, fixed in commit 66b292b, 
contains a cry ...)
-       TODO: check
+       NOT-FOR-US: WireGuard Easy
 CVE-2026-63088 (stoatchat before 0.14.0 contains a server-side request forgery 
(SSRF)  ...)
-       TODO: check
+       NOT-FOR-US: stoatchat
 CVE-2026-63087 (Grafana OnCall through 1.16.11 contains an unauthenticated 
access vuln ...)
-       TODO: check
+       NOT-FOR-US: Grafana OnCall
 CVE-2026-63086 (text-generation-inference through 3.3.7 contains a server-side 
request ...)
-       TODO: check
+       NOT-FOR-US: text-generation-inference
 CVE-2026-63085 (Axelor Open Platform versions 8.x prior to 8.2.2 contains an 
authoriza ...)
-       TODO: check
+       NOT-FOR-US: Axelor Open Platform
 CVE-2026-63082 (Perfect Support Ticketing & Document Management System through 
1.7 con ...)
-       TODO: check
+       NOT-FOR-US: Perfect Support Ticketing & Document Management System
 CVE-2026-63081 (Perfect Support Ticketing & Document Management System through 
1.7 con ...)
-       TODO: check
+       NOT-FOR-US: Perfect Support Ticketing & Document Management System
 CVE-2026-62994 (CoreDNS is a DNS server written in Go. From 1.9.4 until 
1.14.5, a netw ...)
        TODO: check
 CVE-2026-62963 (Centrifugo is an open-source scalable real-time messaging 
server. Prio ...)
-       TODO: check
+       NOT-FOR-US: Centrifugo
 CVE-2026-62826 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
 CVE-2026-62387 (The Grav API plugin (getgrav/grav-plugin-api) before 
1.0.0-rc.16 shipp ...)
-       TODO: check
+       NOT-FOR-US: Grav API plugin (getgrav/grav-plugin-api)
 CVE-2026-62386 (The Grav API plugin (getgrav/grav-plugin-api) before 
1.0.0-rc.16 accep ...)
-       TODO: check
+       NOT-FOR-US: Grav API plugin (getgrav/grav-plugin-api)
 CVE-2026-62309 (CoreDNS is a DNS server written in Go. Prior to 1.14.4, a 
single 28-by ...)
        TODO: check
 CVE-2026-62299 (CoreDNS is a DNS server written in Go. Prior to 1.14.5, the 
CoreDNS re ...)
        TODO: check
 CVE-2026-62290 (cert-manager adds certificates and certificate issuers as 
resource typ ...)
-       TODO: check
+       NOT-FOR-US: cert-manager
 CVE-2026-62241 (clawvet self-hosted API server (apps/api) before 0.7.5 
hard-codes a fa ...)
-       TODO: check
+       NOT-FOR-US: clawvet
 CVE-2026-62238 (OpenRemote before 1.26.0 contain an authenticated SQL 
injection vulner ...)
-       TODO: check
+       NOT-FOR-US: OpenRemote
 CVE-2026-62237 (Grav before 2.0.4 contains a regular expression denial of 
service (ReD ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-62236 (grav-plugin-login before 3.8.11 contains a cross-site request 
forgery  ...)
-       TODO: check
+       NOT-FOR-US: grav-plugin-login
 CVE-2026-62235 (Grav Flex-Objects before version 1.4.3 contains a broken 
access contro ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-62234 (Grav before 2.0.4 fails to restrict cURL protocols in webhook 
dispatch ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-62233 (grav-plugin-api before 1.0.6 fails to validate super-admin 
status in c ...)
-       TODO: check
+       NOT-FOR-US: grav-plugin-api
 CVE-2026-62232 (Grav before 2.0.4 contains a two-factor authentication bypass 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-62231 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.6 
contains an ...)
-       TODO: check
+       NOT-FOR-US: grav-plugin-api
 CVE-2026-62230 (Grav before 2.0.4 ships a default .htaccess (and reference 
webserver-c ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-62229 (OpenClaw before 2026.5.18 contain an authorization bypass 
vulnerabilit ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-62228 (OpenClaw before 2026.6.5 contain an authorization bypass 
vulnerability ...)
@@ -132,39 +132,39 @@ CVE-2026-62202 (OpenClaw versions 2026.6.1 before 
2026.6.9 contain a privilege e
 CVE-2026-62201 (OpenClaw versions before 2026.6.6 contain a network policy 
bypass vuln ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-61718 (bunkerweb is an Open-source and next-generation Web 
Application Firewa ...)
-       TODO: check
+       NOT-FOR-US: bunkerweb
 CVE-2026-61389 (An out-of-bounds write vulnerability in the Productivity Suite 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Productivity Suite
 CVE-2026-61378 (A divide-by-zero vulnerability in the Productivity Suite 
allows a loca ...)
-       TODO: check
+       NOT-FOR-US: Productivity Suite
 CVE-2026-60140 (An out-of-bounds read vulnerability in the Productivity Suite 
allows a ...)
-       TODO: check
+       NOT-FOR-US: Productivity Suite
 CVE-2026-60073 (An out-of-bounds read in the Productivity Suite allows a 
physical  att ...)
-       TODO: check
+       NOT-FOR-US: Productivity Suite
 CVE-2026-60063 (An out-of-bounds write vulnerability in the Productivity Suite 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Productivity Suite
 CVE-2026-60060 (Improper Handling of Length Parameter Inconsistency (CWE-130) 
vulnerab ...)
        TODO: check
 CVE-2026-5674 (A flaw was found in PipeWire, a multimedia server. This 
vulnerability  ...)
        TODO: check
 CVE-2026-59867 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59866 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59865 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59864 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59863 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59862 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.0, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59861 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.0, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59860 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.3, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59859 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.4, ...)
-       TODO: check
+       NOT-FOR-US: Kiota
 CVE-2026-59249 (Inconsistent interpretation of HTTP requests (HTTP response 
smuggling) ...)
        TODO: check
 CVE-2026-59237 (Authorization Bypass Through User-Controlled Key (CWE-639) in 
the Orde ...)
@@ -1022,7 +1022,7 @@ CVE-2026-59954 (Apollo is a reliable configuration 
management system suitable fo
 CVE-2026-59838 (A improper neutralization of script-related html tags in a web 
page (b ...)
        NOT-FOR-US: Fortinet
 CVE-2026-59762 (When an HTTP/2 profile is configured on a virtual server, 
undisclosed  ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-59259 (n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a 
permission ...)
        NOT-FOR-US: n8n
 CVE-2026-59258 (immich before 3.0.3 contains a broken access control 
vulnerability in  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27c2a1831b1a86e02cadc09b2ec0cd359e9fb633

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27c2a1831b1a86e02cadc09b2ec0cd359e9fb633
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to