Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
691cfa92 by Salvatore Bonaccorso at 2026-07-18T08:04:07+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,11 +69,11 @@ CVE-2026-60025 (The Joomla extension Events Booking prior
version 5.8.0 had an f
CVE-2026-60024 (The Joomla extension Events Booking prior version 5.8.0 did by
default ...)
NOT-FOR-US: Joomla
CVE-2026-59695 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
- TODO: check
+ NOT-FOR-US: ZenHive mpp
CVE-2026-59694 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
- TODO: check
+ NOT-FOR-US: ZenHive mpp
CVE-2026-59252 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
- TODO: check
+ NOT-FOR-US: ZenHive mpp
CVE-2026-58195 (Agentic-Flow is an AI agent orchestration platform. Prior to
2.0.14, a ...)
NOT-FOR-US: Agentic-Flow
CVE-2026-58149 (The Joomla extension Events Booking is vulnerable to an
unauthenticate ...)
@@ -85,53 +85,53 @@ CVE-2026-57860 (ForgeCode (tailcallhq/forgecode), an AI
pair-programming CLI, au
CVE-2026-54496 (ZEBRA is a Zcash node written entirely in Rust. Prior to
zebrad 5.0.0, ...)
NOT-FOR-US: ZEBRA
CVE-2026-53712 (SCRAM (Salted Challenge Response Authentication Mechanism) is
part of ...)
- TODO: check
+ NOT-FOR-US: com.ongres.scram:scram-client and
com.ongres.scram:scram-common
CVE-2026-52746 (JSONata is a JSON query and transformation language. Prior to
2.2.0, m ...)
- TODO: check
+ NOT-FOR-US: jsonata-js
CVE-2026-51083 (Incorrect access control in Proxmox Virtual Environment (PVE)
9.x qemu ...)
- TODO: check
+ NOT-FOR-US: Proxmox
CVE-2026-51082 (A race condition between the vncproxy and vncwebsocket API
calls in Pr ...)
- TODO: check
+ NOT-FOR-US: Proxmox
CVE-2026-51081 (A cross-site scripting (XSS) vulnerability in Proxmox Virtual
Environm ...)
- TODO: check
+ NOT-FOR-US: Proxmox
CVE-2026-51080 (libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were
discover ...)
- TODO: check
+ NOT-FOR-US: Proxmox
CVE-2026-50273 (Datadog .NET Tracer is a client library for Datadog APM for
.NET appli ...)
- TODO: check
+ NOT-FOR-US: Datadog .NET Tracer
CVE-2026-50185 (RustCrypto CMOV provides conditional move CPU intrinsics which
are gua ...)
TODO: check
CVE-2026-49835 (Sigstore Timestamp Authority is a service for issuing RFC 3161
timesta ...)
TODO: check
CVE-2026-49216 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0
until 2.3 ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-49215 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.22.0
until 2. ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-49212 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0
until 2.3 ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-49211 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0
until 2.3 ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-49210 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0
until 2.3 ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-49209 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0
until 2.3 ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-49208 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0
until 2.3 ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-48487 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
TODO: check
CVE-2026-48045 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
TODO: check
CVE-2026-48016 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-48015 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-48014 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-48010 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-48009 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-48008 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-47184 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
TODO: check
CVE-2026-47183 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
@@ -483,11 +483,11 @@ CVE-2026-55629 (Whistle is an HTTP, HTTP2, HTTPS, and
WebSocket debugging proxy.
CVE-2026-55548 (Yamcs is a mission control framework. Prior to 5.12.8 and
5.13.2, the ...)
NOT-FOR-US: Yamcs
CVE-2026-55440 (Microsoft UFO open-source framework for intelligent automation
across ...)
- TODO: check
+ NOT-FOR-US: Microsoft UFO
CVE-2026-55407 (Buffa is a pure-Rust Protocol Buffers implementation with
first-class ...)
- TODO: check
+ NOT-FOR-US: Buffa
CVE-2026-55406 (Buffa is a pure-Rust Protocol Buffers implementation with
first-class ...)
- TODO: check
+ NOT-FOR-US: Buffa
CVE-2026-55173 (WWBN AVideo is an open source video platform. Versions 29.0
and below ...)
NOT-FOR-US: WWBN AVideo
CVE-2026-54733 (The Microsoft 365 and Microsoft Entra ID Plugins for Moodle
provide Of ...)
@@ -495,19 +495,19 @@ CVE-2026-54733 (The Microsoft 365 and Microsoft Entra ID
Plugins for Moodle prov
CVE-2026-54728 (bunkerweb is an Open-source and next-generation Web
Application Firewa ...)
NOT-FOR-US: bunkerweb
CVE-2026-54568 (Microsoft UFO open-source framework for intelligent automation
across ...)
- TODO: check
+ NOT-FOR-US: Microsoft UFO
CVE-2026-54526 (Argo Workflows is an open source container-native workflow
engine for ...)
NOT-FOR-US: Argo
CVE-2026-54340 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Pr ...)
TODO: check
CVE-2026-53598 (Prompty is a markdown file format (.prompty) for LLM prompts.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Prompty
CVE-2026-53597 (Prompty is a markdown file format (.prompty) for LLM prompts.
From 2.0 ...)
- TODO: check
+ NOT-FOR-US: Prompty
CVE-2026-53536 (Activepieces is an open source AI workflow automation
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Activepieces
CVE-2026-53535 (Activepieces is an open source AI workflow automation
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Activepieces
CVE-2026-53412 (Improper Input Validation in Zoom Desktop Client for Windows,
Zoom VDI ...)
NOT-FOR-US: Zoom
CVE-2026-53411 (A time-of-check to time-of-use (TOCTOU) race condition in the
installa ...)
@@ -517,9 +517,9 @@ CVE-2026-53410 (A time-of-check to time-of-use (TOCTOU)
race condition in the in
CVE-2026-53409 (Improper Privilege Management in Zoom Rooms for Windows before
version ...)
NOT-FOR-US: Zoom
CVE-2026-49998 (Centrifugo is an open-source scalable real-time messaging
server. Prio ...)
- TODO: check
+ NOT-FOR-US: Centrifugo
CVE-2026-47751 (Claude Code Action is a general-purpose GitHub action that
runs Claude ...)
- TODO: check
+ NOT-FOR-US: Claude
CVE-2026-47089 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. L ...)
- cyrus-imapd 3.12.3-1
NOTE:
https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html
@@ -6722,9 +6722,9 @@ CVE-2026-59868 (js-yaml is a JavaScript YAML parser and
dumper. From 5.0.0 befor
CVE-2026-59731 (Astro is a web framework for content-driven websites. Version
6.4.7 pe ...)
NOT-FOR-US: Astro
CVE-2026-59725 (Socket.IO enables bidirectional and low-latency communication
for ever ...)
- TODO: check
+ NOT-FOR-US: Node socket.io engine.io module
CVE-2026-59724 (Socket.IO enables bidirectional and low-latency communication
for ever ...)
- TODO: check
+ NOT-FOR-US: Node socket.io engine.io module
CVE-2026-59703 (repomix contains a local file inclusion vulnerability in the
git clone ...)
NOT-FOR-US: repomix
CVE-2026-59702 (repomix contains a server-side request forgery vulnerability
in the PO ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/691cfa92db984cdf883b347e50f99f77e1b3b1c6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/691cfa92db984cdf883b347e50f99f77e1b3b1c6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits