Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27c2a183 by Salvatore Bonaccorso at 2026-07-17T09:39:11+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2026-59173
CVE-2026-9810 (The AI Copilot WordPress plugin before 1.5.4 does not bind
OAuth acce ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9494 (An information disclosure vulnerability exists in Canonical
ubuntu-pro ...)
- TODO: check
+ NOT-FOR-US: Canonical
CVE-2026-9046 (A potential insecure permissions vulnerability was reported in
Legion ...)
NOT-FOR-US: Lenovo
CVE-2026-8616 (The Fense Proxy & VPN Blocker plugin for WordPress is
vulnerable to un ...)
@@ -14,67 +14,67 @@ CVE-2026-7543 (The Breakdance plugin for WordPress is
vulnerable to Stored Cross
CVE-2026-6511 (During an internal security assessment, a potential improper
access co ...)
NOT-FOR-US: Lenovo
CVE-2026-6424 (Use-after-free vulnerability in ESET Linux productspotentially
allowed ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2026-6423 (A local privilege escalation vulnerability in ESET Inspect
Connector. ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2026-63397 (remorses/genql before version 6.3.4 allows an authenticated
attacker w ...)
- TODO: check
+ NOT-FOR-US: remorses/genql
CVE-2026-63306 (stoatchat before 0.13.5 contains an unauthenticated
server-side reques ...)
- TODO: check
+ NOT-FOR-US: stoatchat
CVE-2026-63305 (AVideo through 29.0 contains an OS command injection
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-63304 (AVideo through 29.0 contains an OS command injection
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-63089 (WireGuard Easy through 15.3.0, fixed in commit 66b292b,
contains a cry ...)
- TODO: check
+ NOT-FOR-US: WireGuard Easy
CVE-2026-63088 (stoatchat before 0.14.0 contains a server-side request forgery
(SSRF) ...)
- TODO: check
+ NOT-FOR-US: stoatchat
CVE-2026-63087 (Grafana OnCall through 1.16.11 contains an unauthenticated
access vuln ...)
- TODO: check
+ NOT-FOR-US: Grafana OnCall
CVE-2026-63086 (text-generation-inference through 3.3.7 contains a server-side
request ...)
- TODO: check
+ NOT-FOR-US: text-generation-inference
CVE-2026-63085 (Axelor Open Platform versions 8.x prior to 8.2.2 contains an
authoriza ...)
- TODO: check
+ NOT-FOR-US: Axelor Open Platform
CVE-2026-63082 (Perfect Support Ticketing & Document Management System through
1.7 con ...)
- TODO: check
+ NOT-FOR-US: Perfect Support Ticketing & Document Management System
CVE-2026-63081 (Perfect Support Ticketing & Document Management System through
1.7 con ...)
- TODO: check
+ NOT-FOR-US: Perfect Support Ticketing & Document Management System
CVE-2026-62994 (CoreDNS is a DNS server written in Go. From 1.9.4 until
1.14.5, a netw ...)
TODO: check
CVE-2026-62963 (Centrifugo is an open-source scalable real-time messaging
server. Prio ...)
- TODO: check
+ NOT-FOR-US: Centrifugo
CVE-2026-62826 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
CVE-2026-62387 (The Grav API plugin (getgrav/grav-plugin-api) before
1.0.0-rc.16 shipp ...)
- TODO: check
+ NOT-FOR-US: Grav API plugin (getgrav/grav-plugin-api)
CVE-2026-62386 (The Grav API plugin (getgrav/grav-plugin-api) before
1.0.0-rc.16 accep ...)
- TODO: check
+ NOT-FOR-US: Grav API plugin (getgrav/grav-plugin-api)
CVE-2026-62309 (CoreDNS is a DNS server written in Go. Prior to 1.14.4, a
single 28-by ...)
TODO: check
CVE-2026-62299 (CoreDNS is a DNS server written in Go. Prior to 1.14.5, the
CoreDNS re ...)
TODO: check
CVE-2026-62290 (cert-manager adds certificates and certificate issuers as
resource typ ...)
- TODO: check
+ NOT-FOR-US: cert-manager
CVE-2026-62241 (clawvet self-hosted API server (apps/api) before 0.7.5
hard-codes a fa ...)
- TODO: check
+ NOT-FOR-US: clawvet
CVE-2026-62238 (OpenRemote before 1.26.0 contain an authenticated SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: OpenRemote
CVE-2026-62237 (Grav before 2.0.4 contains a regular expression denial of
service (ReD ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-62236 (grav-plugin-login before 3.8.11 contains a cross-site request
forgery ...)
- TODO: check
+ NOT-FOR-US: grav-plugin-login
CVE-2026-62235 (Grav Flex-Objects before version 1.4.3 contains a broken
access contro ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-62234 (Grav before 2.0.4 fails to restrict cURL protocols in webhook
dispatch ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-62233 (grav-plugin-api before 1.0.6 fails to validate super-admin
status in c ...)
- TODO: check
+ NOT-FOR-US: grav-plugin-api
CVE-2026-62232 (Grav before 2.0.4 contains a two-factor authentication bypass
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-62231 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.6
contains an ...)
- TODO: check
+ NOT-FOR-US: grav-plugin-api
CVE-2026-62230 (Grav before 2.0.4 ships a default .htaccess (and reference
webserver-c ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-62229 (OpenClaw before 2026.5.18 contain an authorization bypass
vulnerabilit ...)
NOT-FOR-US: OpenClaw
CVE-2026-62228 (OpenClaw before 2026.6.5 contain an authorization bypass
vulnerability ...)
@@ -132,39 +132,39 @@ CVE-2026-62202 (OpenClaw versions 2026.6.1 before
2026.6.9 contain a privilege e
CVE-2026-62201 (OpenClaw versions before 2026.6.6 contain a network policy
bypass vuln ...)
NOT-FOR-US: OpenClaw
CVE-2026-61718 (bunkerweb is an Open-source and next-generation Web
Application Firewa ...)
- TODO: check
+ NOT-FOR-US: bunkerweb
CVE-2026-61389 (An out-of-bounds write vulnerability in the Productivity Suite
allows ...)
- TODO: check
+ NOT-FOR-US: Productivity Suite
CVE-2026-61378 (A divide-by-zero vulnerability in the Productivity Suite
allows a loca ...)
- TODO: check
+ NOT-FOR-US: Productivity Suite
CVE-2026-60140 (An out-of-bounds read vulnerability in the Productivity Suite
allows a ...)
- TODO: check
+ NOT-FOR-US: Productivity Suite
CVE-2026-60073 (An out-of-bounds read in the Productivity Suite allows a
physical att ...)
- TODO: check
+ NOT-FOR-US: Productivity Suite
CVE-2026-60063 (An out-of-bounds write vulnerability in the Productivity Suite
allows ...)
- TODO: check
+ NOT-FOR-US: Productivity Suite
CVE-2026-60060 (Improper Handling of Length Parameter Inconsistency (CWE-130)
vulnerab ...)
TODO: check
CVE-2026-5674 (A flaw was found in PipeWire, a multimedia server. This
vulnerability ...)
TODO: check
CVE-2026-59867 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59866 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59865 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59864 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59863 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59862 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.0, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59861 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.0, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59860 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.3, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59859 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.4, ...)
- TODO: check
+ NOT-FOR-US: Kiota
CVE-2026-59249 (Inconsistent interpretation of HTTP requests (HTTP response
smuggling) ...)
TODO: check
CVE-2026-59237 (Authorization Bypass Through User-Controlled Key (CWE-639) in
the Orde ...)
@@ -1022,7 +1022,7 @@ CVE-2026-59954 (Apollo is a reliable configuration
management system suitable fo
CVE-2026-59838 (A improper neutralization of script-related html tags in a web
page (b ...)
NOT-FOR-US: Fortinet
CVE-2026-59762 (When an HTTP/2 profile is configured on a virtual server,
undisclosed ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-59259 (n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a
permission ...)
NOT-FOR-US: n8n
CVE-2026-59258 (immich before 3.0.3 contains a broken access control
vulnerability in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27c2a1831b1a86e02cadc09b2ec0cd359e9fb633
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27c2a1831b1a86e02cadc09b2ec0cd359e9fb633
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits