Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54324d25 by security tracker role at 2026-07-17T19:14:35+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-9762 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9656 (The HubSpot All-In-One Marketing \u2013 Forms, Popups, Live
Chat plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9602 (Mattermost Desktop App versions <=6.2 6.0.2 5.6.13.0 fail to
validate ...)
TODO: check
CVE-2026-9592 (SEPPmail Secure Email Gateway & SEPPmail Cloud before version
15.0.4.2 ...)
@@ -17,15 +17,15 @@ CVE-2026-9585 (An unauthenticated reflected cross-site
scripting (XSS) vulnerabi
CVE-2026-9537 (Mojo::JWT versions before 1.02 for Perl verify HMAC signatures
with a ...)
TODO: check
CVE-2026-9202 (IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated
attackers ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9198 (IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated
attackers ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9171 (IBM PowerVM Novalink are vulnerable to a denial of service,
caused by ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9135 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to
1.9.2 (c ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9103 (IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8396 (Improper restriction of XML external entity reference
vulnerability in ...)
TODO: check
CVE-2026-8297 (Improper neutralization of special elements used in an SQL
command ('S ...)
@@ -63,9 +63,9 @@ CVE-2026-63093 (Cursor for Windows version 3.2.16 contains a
binary planting vul
CVE-2026-62764 (Improper Handling of Insufficient Privileges vulnerability in
Apache A ...)
TODO: check
CVE-2026-60025 (The Joomla extension Events Booking prior version 5.8.0 had an
fronten ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-60024 (The Joomla extension Events Booking prior version 5.8.0 did by
default ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-59695 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
TODO: check
CVE-2026-59694 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
@@ -75,9 +75,9 @@ CVE-2026-59252 (Improper Validation of Specified Quantity in
Input in ZenHive mp
CVE-2026-58195 (Agentic-Flow is an AI agent orchestration platform. Prior to
2.0.14, a ...)
TODO: check
CVE-2026-58149 (The Joomla extension Events Booking is vulnerable to an
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-58148 (The Joomla extension ChronoForms is vulnerable to an
unauthenticated s ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-57860 (ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI,
automati ...)
TODO: check
CVE-2026-54496 (ZEBRA is a Zcash node written entirely in Rust. Prior to
zebrad 5.0.0, ...)
@@ -145,13 +145,13 @@ CVE-2026-44722 (pyzipper is a replacement for Python's
zipfile that can read and
CVE-2026-22104 (Improper access control in Hashtopolis server web-interface
chunk acti ...)
TODO: check
CVE-2026-21764 (HCL DevOps Loop is affected by insufficient input validation
that allo ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21762 (HCL DevOps Loop is affected by missing HTTP security headers.
Missing ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21761 (HCL DevOps Loop is affected by a Cross-Origin Resource Sharing
(CORS) ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21760 (HCL DevOps Loop is affected by an Unauthorized Access to Admin
Functio ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-16108 (A flaw was found in the default-groups REST endpoint and realm
represe ...)
TODO: check
CVE-2026-16106 (A flaw was found in the admin REST API of Keycloak, a solution
for ide ...)
@@ -175,25 +175,25 @@ CVE-2026-16016 (A vulnerability was identified in poco-ai
poco-claw up to 0.5.4.
CVE-2026-16015 (A vulnerability was determined in poco-ai poco-claw up to
0.5.4. This ...)
TODO: check
CVE-2026-16014 (A vulnerability was found in code-projects Hospital Bed
Management Sys ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-16013 (A vulnerability has been found in liftoff-sr CIPster up to
632336d414e ...)
TODO: check
CVE-2026-16009 (A vulnerability was detected in itsourcecode Hospital
Management Syste ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-16008 (A security vulnerability has been detected in sagold
json-schema-libra ...)
TODO: check
CVE-2026-15943 (A flaw was found in the Keycloak keycloak-services component,
which ha ...)
TODO: check
CVE-2026-15783 (A missing authorization vulnerability was identified in GitHub
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-15380 (A non-administrator interactive user can obtain full SYSTEM
code execu ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2026-15379 (The Altiris WMI provider exposes a class (AltirisAgent_Stream)
that al ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2026-15343 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-15007 (A denial of service vulnerability was identified in GitHub
Enterprise ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-14871 (osTicket versions v1.18.3 and v1.17.7 contain a Broken Object
Level Au ...)
TODO: check
CVE-2026-13410 (Dancer::Plugin::Auth::Google versions through 0.07 for Perl
have TLS v ...)
@@ -203,7 +203,7 @@ CVE-2026-13082 (GD::SecurityImage versions through 1.75 for
Perl use rand to gen
CVE-2026-12715 (Missing Authorization in Google Cloud Firebase Studio versions
prior t ...)
TODO: check
CVE-2026-12705 (Missing support for integrity check vulnerability in ABB KNX
Update To ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2026-12694 (Missing Authorization vulnerability in Vimesoft Inc.
Enterprise Video ...)
TODO: check
CVE-2026-12693 (Authorization bypass through User-Controlled key vulnerability
in Vime ...)
@@ -217,37 +217,37 @@ CVE-2026-11763 (Authorization bypass through
User-Controlled key vulnerability i
CVE-2025-60357 (AhnLab EPP Management v1.0.14.32-6249 was discovered to
contain a NoSQ ...)
TODO: check
CVE-2025-59866 (The HCL DFMPro, DFXAnalytics and DFXServer installers are
affected by ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42214 (HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS
method ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23578 (HCL Aftermarket EPC is vulnerable to attack as the application
impleme ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23577 (HCL Aftermarket EPC is vulnerable since the application does
not have ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23575 (HCL Aftermarket EPC is vulnerable to attack since the
application retu ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23574 (HCL Aftermarket EPC is vulnerable to attack since It was found
that a ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23573 (HCL Aftermarket EPC is vulnerable to attack since the
Application is v ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23572 (HCL Aftermarket EPC is vulnerable to attack as cookie appears
to conta ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23571 (HCL Aftermarket EPC is vulnerable to attack since the
application does ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23570 (HCL Aftermarket EPC is affected by clickjacking vulnerability
Cross-Fr ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23569 (HCL Aftermarket EPC is vulnerable to attack since the server
is not co ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23568 (HCL Aftermarket EPC is vulnerable to attacks since the server
software ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23567 (HCL Aftermarket EPC is affected by Sensitive Information in
GET method ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23566 (HCL Aftermarket EPC is vulnerable to brute force attacks since
applica ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23565 (HCL Aftermarket EPC is vulnerable to email flooding as the
application ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23564 (HCL Aftermarket EPC is affected by Business Logic
Vulnerability using ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-14266
- 7zip 26.02+dfsg-1 (bug #1142293)
- p7zip 16.02+transitional.1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54324d2597780343f75a8856717e91310fba3023
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54324d2597780343f75a8856717e91310fba3023
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits