Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54324d25 by security tracker role at 2026-07-17T19:14:35+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-9762 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9656 (The HubSpot All-In-One Marketing \u2013 Forms, Popups, Live 
Chat plugi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9602 (Mattermost Desktop App versions <=6.2 6.0.2 5.6.13.0 fail to 
validate  ...)
        TODO: check
 CVE-2026-9592 (SEPPmail Secure Email Gateway & SEPPmail Cloud before version 
15.0.4.2 ...)
@@ -17,15 +17,15 @@ CVE-2026-9585 (An unauthenticated reflected cross-site 
scripting (XSS) vulnerabi
 CVE-2026-9537 (Mojo::JWT versions before 1.02 for Perl verify HMAC signatures 
with a  ...)
        TODO: check
 CVE-2026-9202 (IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated 
attackers ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9198 (IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated 
attackers ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9171 (IBM PowerVM Novalink are vulnerable to a denial of service, 
caused by  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9135 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 
1.9.2 (c ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9103 (IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8396 (Improper restriction of XML external entity reference 
vulnerability in ...)
        TODO: check
 CVE-2026-8297 (Improper neutralization of special elements used in an SQL 
command ('S ...)
@@ -63,9 +63,9 @@ CVE-2026-63093 (Cursor for Windows version 3.2.16 contains a 
binary planting vul
 CVE-2026-62764 (Improper Handling of Insufficient Privileges vulnerability in 
Apache A ...)
        TODO: check
 CVE-2026-60025 (The Joomla extension Events Booking prior version 5.8.0 had an 
fronten ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-60024 (The Joomla extension Events Booking prior version 5.8.0 did by 
default ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-59695 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
        TODO: check
 CVE-2026-59694 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
@@ -75,9 +75,9 @@ CVE-2026-59252 (Improper Validation of Specified Quantity in 
Input in ZenHive mp
 CVE-2026-58195 (Agentic-Flow is an AI agent orchestration platform. Prior to 
2.0.14, a ...)
        TODO: check
 CVE-2026-58149 (The Joomla extension Events Booking is vulnerable to an 
unauthenticate ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-58148 (The Joomla extension ChronoForms is vulnerable to an 
unauthenticated s ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-57860 (ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, 
automati ...)
        TODO: check
 CVE-2026-54496 (ZEBRA is a Zcash node written entirely in Rust. Prior to 
zebrad 5.0.0, ...)
@@ -145,13 +145,13 @@ CVE-2026-44722 (pyzipper is a replacement for Python's 
zipfile that can read and
 CVE-2026-22104 (Improper access control in Hashtopolis server web-interface 
chunk acti ...)
        TODO: check
 CVE-2026-21764 (HCL DevOps Loop is affected by insufficient input validation 
that allo ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-21762 (HCL DevOps Loop is affected by missing HTTP security headers. 
Missing  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-21761 (HCL DevOps Loop is affected by a Cross-Origin Resource Sharing 
(CORS)  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-21760 (HCL DevOps Loop is affected by an Unauthorized Access to Admin 
Functio ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-16108 (A flaw was found in the default-groups REST endpoint and realm 
represe ...)
        TODO: check
 CVE-2026-16106 (A flaw was found in the admin REST API of Keycloak, a solution 
for ide ...)
@@ -175,25 +175,25 @@ CVE-2026-16016 (A vulnerability was identified in poco-ai 
poco-claw up to 0.5.4.
 CVE-2026-16015 (A vulnerability was determined in poco-ai poco-claw up to 
0.5.4. This  ...)
        TODO: check
 CVE-2026-16014 (A vulnerability was found in code-projects Hospital Bed 
Management Sys ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-16013 (A vulnerability has been found in liftoff-sr CIPster up to 
632336d414e ...)
        TODO: check
 CVE-2026-16009 (A vulnerability was detected in itsourcecode Hospital 
Management Syste ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-16008 (A security vulnerability has been detected in sagold 
json-schema-libra ...)
        TODO: check
 CVE-2026-15943 (A flaw was found in the Keycloak keycloak-services component, 
which ha ...)
        TODO: check
 CVE-2026-15783 (A missing authorization vulnerability was identified in GitHub 
Enterpr ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2026-15380 (A non-administrator interactive user can obtain full SYSTEM 
code execu ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2026-15379 (The Altiris WMI provider exposes a class (AltirisAgent_Stream) 
that al ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2026-15343 (A path traversal vulnerability was identified in GitHub 
Enterprise Ser ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2026-15007 (A denial of service vulnerability was identified in GitHub 
Enterprise  ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2026-14871 (osTicket versions v1.18.3 and v1.17.7 contain a Broken Object 
Level Au ...)
        TODO: check
 CVE-2026-13410 (Dancer::Plugin::Auth::Google versions through 0.07 for Perl 
have TLS v ...)
@@ -203,7 +203,7 @@ CVE-2026-13082 (GD::SecurityImage versions through 1.75 for 
Perl use rand to gen
 CVE-2026-12715 (Missing Authorization in Google Cloud Firebase Studio versions 
prior t ...)
        TODO: check
 CVE-2026-12705 (Missing support for integrity check vulnerability in ABB KNX 
Update To ...)
-       TODO: check
+       NOT-FOR-US: ABB group
 CVE-2026-12694 (Missing Authorization vulnerability in Vimesoft Inc. 
Enterprise Video  ...)
        TODO: check
 CVE-2026-12693 (Authorization bypass through User-Controlled key vulnerability 
in Vime ...)
@@ -217,37 +217,37 @@ CVE-2026-11763 (Authorization bypass through 
User-Controlled key vulnerability i
 CVE-2025-60357 (AhnLab EPP Management v1.0.14.32-6249 was discovered to 
contain a NoSQ ...)
        TODO: check
 CVE-2025-59866 (The HCL DFMPro, DFXAnalytics and DFXServer installers are 
affected by  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-42214 (HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS 
method  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23578 (HCL Aftermarket EPC is vulnerable to attack as the application 
impleme ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23577 (HCL Aftermarket EPC is vulnerable since the application does 
not have  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23575 (HCL Aftermarket EPC is vulnerable to attack since the 
application retu ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23574 (HCL Aftermarket EPC is vulnerable to attack since It was found 
that a  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23573 (HCL Aftermarket EPC is vulnerable to attack since the 
Application is v ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23572 (HCL Aftermarket EPC is vulnerable to attack as cookie appears 
to conta ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23571 (HCL Aftermarket EPC is vulnerable to attack since the 
application does ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23570 (HCL Aftermarket EPC is affected by clickjacking vulnerability 
Cross-Fr ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23569 (HCL Aftermarket EPC is vulnerable to attack since the server 
is not co ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23568 (HCL Aftermarket EPC is vulnerable to attacks since the server 
software ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23567 (HCL Aftermarket EPC is affected by Sensitive Information in 
GET method ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23566 (HCL Aftermarket EPC is vulnerable to brute force attacks since 
applica ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23565 (HCL Aftermarket EPC is vulnerable to email flooding as the 
application ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-23564 (HCL Aftermarket EPC is affected by Business Logic 
Vulnerability using  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-14266
        - 7zip 26.02+dfsg-1 (bug #1142293)
        - p7zip 16.02+transitional.1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54324d2597780343f75a8856717e91310fba3023

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54324d2597780343f75a8856717e91310fba3023
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to