Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f35cff90 by Salvatore Bonaccorso at 2026-07-17T14:57:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -144,7 +144,7 @@ CVE-2026-60073 (An out-of-bounds read in the Productivity
Suite allows a physica
CVE-2026-60063 (An out-of-bounds write vulnerability in the Productivity Suite
allows ...)
NOT-FOR-US: Productivity Suite
CVE-2026-60060 (Improper Handling of Length Parameter Inconsistency (CWE-130)
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Tera Term
CVE-2026-5674 (A flaw was found in PipeWire, a multimedia server. This
vulnerability ...)
TODO: check
CVE-2026-59867 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
@@ -166,9 +166,9 @@ CVE-2026-59860 (Kiota is an OpenAPI based HTTP Client code
generator. Prior to 1
CVE-2026-59859 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.4, ...)
NOT-FOR-US: Kiota
CVE-2026-59249 (Inconsistent interpretation of HTTP requests (HTTP response
smuggling) ...)
- TODO: check
+ NOT-FOR-US: elixir-mint mint
CVE-2026-59237 (Authorization Bypass Through User-Controlled Key (CWE-639) in
the Orde ...)
- TODO: check
+ NOT-FOR-US: Roskus Prospero Flow CRM
CVE-2026-59117 (Integer overflow or wraparound in Windows Terminal allows an
unauthori ...)
NOT-FOR-US: Microsoft
CVE-2026-58643 (Improper neutralization of input during web page generation
('cross-si ...)
@@ -176,11 +176,11 @@ CVE-2026-58643 (Improper neutralization of input during
web page generation ('cr
CVE-2026-58598 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-58317 (Unsigned to Signed Conversion Error (CWE-196) vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Tera Term
CVE-2026-58078 (The Joomla extension Quix Page Builder Pro is vulnerable to an
unauthe ...)
NOT-FOR-US: Joomla
CVE-2026-57896 (An out-of-bounds read vulnerability in the Productivity Suite
allows a ...)
- TODO: check
+ NOT-FOR-US: Productivity Suite
CVE-2026-57206 (SimpleChat is a secure AI conversation application with
personal and g ...)
TODO: check
CVE-2026-57205 (SimpleChat is a secure AI conversation application with
personal and g ...)
@@ -1019,9 +1019,9 @@ CVE-2026-60087 (PraisonAI before 1.6.78 caches tool
approval decisions by tool n
CVE-2026-60085 (PraisonAI before 4.6.78 contains an unenforced security policy
vulnera ...)
NOT-FOR-US: PraisonAI
CVE-2026-60065 (When NGINX Plus is configured to use the Message Queuing
Telemetry Tra ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-60062 (The NGINX Agent config_dirsdirective allows a low-privileged
attacker ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-60005 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
TODO: check
CVE-2026-59955 (Apollo is a reliable configuration management system suitable
for micr ...)
@@ -5791,7 +5791,7 @@ CVE-2026-59805 (Gumroad before 2026.07.06.2 contains a
broken access control vul
CVE-2026-59804 (Midscene Bridge Server through 1.10.3, fixed in commit
86f4118, contai ...)
NOT-FOR-US: Midscene Bridge Server
CVE-2026-59803 (rpcx through 1.9.3, fixed in commit 047aec1, contains a
denial-of-serv ...)
- TODO: check
+ NOT-FOR-US: rpcx
CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI schemes in URL
push paylo ...)
NOT-FOR-US: PasswordPusher
CVE-2026-59723 (Cline is an autonomous coding agent as an SDK, IDE extension,
or CLI a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f35cff90d2bbe2fb12140eb82d89e57bb676325d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f35cff90d2bbe2fb12140eb82d89e57bb676325d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits