Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f35cff90 by Salvatore Bonaccorso at 2026-07-17T14:57:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -144,7 +144,7 @@ CVE-2026-60073 (An out-of-bounds read in the Productivity 
Suite allows a physica
 CVE-2026-60063 (An out-of-bounds write vulnerability in the Productivity Suite 
allows  ...)
        NOT-FOR-US: Productivity Suite
 CVE-2026-60060 (Improper Handling of Length Parameter Inconsistency (CWE-130) 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Tera Term
 CVE-2026-5674 (A flaw was found in PipeWire, a multimedia server. This 
vulnerability  ...)
        TODO: check
 CVE-2026-59867 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
@@ -166,9 +166,9 @@ CVE-2026-59860 (Kiota is an OpenAPI based HTTP Client code 
generator. Prior to 1
 CVE-2026-59859 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.4, ...)
        NOT-FOR-US: Kiota
 CVE-2026-59249 (Inconsistent interpretation of HTTP requests (HTTP response 
smuggling) ...)
-       TODO: check
+       NOT-FOR-US: elixir-mint mint
 CVE-2026-59237 (Authorization Bypass Through User-Controlled Key (CWE-639) in 
the Orde ...)
-       TODO: check
+       NOT-FOR-US: Roskus Prospero Flow CRM
 CVE-2026-59117 (Integer overflow or wraparound in Windows Terminal allows an 
unauthori ...)
        NOT-FOR-US: Microsoft
 CVE-2026-58643 (Improper neutralization of input during web page generation 
('cross-si ...)
@@ -176,11 +176,11 @@ CVE-2026-58643 (Improper neutralization of input during 
web page generation ('cr
 CVE-2026-58598 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2026-58317 (Unsigned to Signed Conversion Error (CWE-196) vulnerability 
exists in  ...)
-       TODO: check
+       NOT-FOR-US: Tera Term
 CVE-2026-58078 (The Joomla extension Quix Page Builder Pro is vulnerable to an 
unauthe ...)
        NOT-FOR-US: Joomla
 CVE-2026-57896 (An out-of-bounds read vulnerability in the Productivity Suite 
allows a ...)
-       TODO: check
+       NOT-FOR-US: Productivity Suite
 CVE-2026-57206 (SimpleChat is a secure AI conversation application with 
personal and g ...)
        TODO: check
 CVE-2026-57205 (SimpleChat is a secure AI conversation application with 
personal and g ...)
@@ -1019,9 +1019,9 @@ CVE-2026-60087 (PraisonAI before 1.6.78 caches tool 
approval decisions by tool n
 CVE-2026-60085 (PraisonAI before 4.6.78 contains an unenforced security policy 
vulnera ...)
        NOT-FOR-US: PraisonAI
 CVE-2026-60065 (When NGINX Plus is configured to use the Message Queuing 
Telemetry Tra ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-60062 (The NGINX Agent config_dirsdirective allows a low-privileged 
attacker  ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2026-60005 (NGINX Plus and NGINX Open Source have a vulnerability in the 
ngx_http_ ...)
        TODO: check
 CVE-2026-59955 (Apollo is a reliable configuration management system suitable 
for micr ...)
@@ -5791,7 +5791,7 @@ CVE-2026-59805 (Gumroad before 2026.07.06.2 contains a 
broken access control vul
 CVE-2026-59804 (Midscene Bridge Server through 1.10.3, fixed in commit 
86f4118, contai ...)
        NOT-FOR-US: Midscene Bridge Server
 CVE-2026-59803 (rpcx through 1.9.3, fixed in commit 047aec1, contains a 
denial-of-serv ...)
-       TODO: check
+       NOT-FOR-US: rpcx
 CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI schemes in URL 
push paylo ...)
        NOT-FOR-US: PasswordPusher
 CVE-2026-59723 (Cline is an autonomous coding agent as an SDK, IDE extension, 
or CLI a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f35cff90d2bbe2fb12140eb82d89e57bb676325d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f35cff90d2bbe2fb12140eb82d89e57bb676325d
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to