Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
691cfa92 by Salvatore Bonaccorso at 2026-07-18T08:04:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,11 +69,11 @@ CVE-2026-60025 (The Joomla extension Events Booking prior 
version 5.8.0 had an f
 CVE-2026-60024 (The Joomla extension Events Booking prior version 5.8.0 did by 
default ...)
        NOT-FOR-US: Joomla
 CVE-2026-59695 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
-       TODO: check
+       NOT-FOR-US: ZenHive mpp
 CVE-2026-59694 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
-       TODO: check
+       NOT-FOR-US: ZenHive mpp
 CVE-2026-59252 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
-       TODO: check
+       NOT-FOR-US: ZenHive mpp
 CVE-2026-58195 (Agentic-Flow is an AI agent orchestration platform. Prior to 
2.0.14, a ...)
        NOT-FOR-US: Agentic-Flow
 CVE-2026-58149 (The Joomla extension Events Booking is vulnerable to an 
unauthenticate ...)
@@ -85,53 +85,53 @@ CVE-2026-57860 (ForgeCode (tailcallhq/forgecode), an AI 
pair-programming CLI, au
 CVE-2026-54496 (ZEBRA is a Zcash node written entirely in Rust. Prior to 
zebrad 5.0.0, ...)
        NOT-FOR-US: ZEBRA
 CVE-2026-53712 (SCRAM (Salted Challenge Response Authentication Mechanism) is 
part of  ...)
-       TODO: check
+       NOT-FOR-US: com.ongres.scram:scram-client and 
com.ongres.scram:scram-common
 CVE-2026-52746 (JSONata is a JSON query and transformation language. Prior to 
2.2.0, m ...)
-       TODO: check
+       NOT-FOR-US: jsonata-js
 CVE-2026-51083 (Incorrect access control in Proxmox Virtual Environment (PVE) 
9.x qemu ...)
-       TODO: check
+       NOT-FOR-US: Proxmox
 CVE-2026-51082 (A race condition between the vncproxy and vncwebsocket API 
calls in Pr ...)
-       TODO: check
+       NOT-FOR-US: Proxmox
 CVE-2026-51081 (A cross-site scripting (XSS) vulnerability in Proxmox Virtual 
Environm ...)
-       TODO: check
+       NOT-FOR-US: Proxmox
 CVE-2026-51080 (libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were 
discover ...)
-       TODO: check
+       NOT-FOR-US: Proxmox
 CVE-2026-50273 (Datadog .NET Tracer is a client library for Datadog APM for 
.NET appli ...)
-       TODO: check
+       NOT-FOR-US: Datadog .NET Tracer
 CVE-2026-50185 (RustCrypto CMOV provides conditional move CPU intrinsics which 
are gua ...)
        TODO: check
 CVE-2026-49835 (Sigstore Timestamp Authority is a service for issuing RFC 3161 
timesta ...)
        TODO: check
 CVE-2026-49216 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 
until 2.3 ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-49215 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.22.0 
until 2. ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-49212 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 
until 2.3 ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-49211 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 
until 2.3 ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-49210 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 
until 2.3 ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-49209 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 
until 2.3 ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-49208 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 
until 2.3 ...)
-       TODO: check
+       NOT-FOR-US: Symfony UX
 CVE-2026-48487 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
        TODO: check
 CVE-2026-48045 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
        TODO: check
 CVE-2026-48016 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-48015 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-48014 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-48010 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-48009 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-48008 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-47184 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
        TODO: check
 CVE-2026-47183 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
@@ -483,11 +483,11 @@ CVE-2026-55629 (Whistle is an HTTP, HTTP2, HTTPS, and 
WebSocket debugging proxy.
 CVE-2026-55548 (Yamcs is a mission control framework. Prior to 5.12.8 and 
5.13.2, the  ...)
        NOT-FOR-US: Yamcs
 CVE-2026-55440 (Microsoft UFO open-source framework for intelligent automation 
across  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft UFO
 CVE-2026-55407 (Buffa is a pure-Rust Protocol Buffers implementation with 
first-class  ...)
-       TODO: check
+       NOT-FOR-US: Buffa
 CVE-2026-55406 (Buffa is a pure-Rust Protocol Buffers implementation with 
first-class  ...)
-       TODO: check
+       NOT-FOR-US: Buffa
 CVE-2026-55173 (WWBN AVideo is an open source video platform. Versions 29.0 
and below  ...)
        NOT-FOR-US: WWBN AVideo
 CVE-2026-54733 (The Microsoft 365 and Microsoft Entra ID Plugins for Moodle 
provide Of ...)
@@ -495,19 +495,19 @@ CVE-2026-54733 (The Microsoft 365 and Microsoft Entra ID 
Plugins for Moodle prov
 CVE-2026-54728 (bunkerweb is an Open-source and next-generation Web 
Application Firewa ...)
        NOT-FOR-US: bunkerweb
 CVE-2026-54568 (Microsoft UFO open-source framework for intelligent automation 
across  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft UFO
 CVE-2026-54526 (Argo Workflows is an open source container-native workflow 
engine for  ...)
        NOT-FOR-US: Argo
 CVE-2026-54340 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and 
HTTP/3. Pr ...)
        TODO: check
 CVE-2026-53598 (Prompty is a markdown file format (.prompty) for LLM prompts. 
Prior to ...)
-       TODO: check
+       NOT-FOR-US: Prompty
 CVE-2026-53597 (Prompty is a markdown file format (.prompty) for LLM prompts. 
From 2.0 ...)
-       TODO: check
+       NOT-FOR-US: Prompty
 CVE-2026-53536 (Activepieces is an open source AI workflow automation 
platform. Prior  ...)
-       TODO: check
+       NOT-FOR-US: Activepieces
 CVE-2026-53535 (Activepieces is an open source AI workflow automation 
platform. Prior  ...)
-       TODO: check
+       NOT-FOR-US: Activepieces
 CVE-2026-53412 (Improper Input Validation in Zoom Desktop Client for Windows, 
Zoom VDI ...)
        NOT-FOR-US: Zoom
 CVE-2026-53411 (A time-of-check to time-of-use (TOCTOU) race condition in the 
installa ...)
@@ -517,9 +517,9 @@ CVE-2026-53410 (A time-of-check to time-of-use (TOCTOU) 
race condition in the in
 CVE-2026-53409 (Improper Privilege Management in Zoom Rooms for Windows before 
version ...)
        NOT-FOR-US: Zoom
 CVE-2026-49998 (Centrifugo is an open-source scalable real-time messaging 
server. Prio ...)
-       TODO: check
+       NOT-FOR-US: Centrifugo
 CVE-2026-47751 (Claude Code Action is a general-purpose GitHub action that 
runs Claude ...)
-       TODO: check
+       NOT-FOR-US: Claude
 CVE-2026-47089 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. L ...)
        - cyrus-imapd 3.12.3-1
        NOTE: 
https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html
@@ -6722,9 +6722,9 @@ CVE-2026-59868 (js-yaml is a JavaScript YAML parser and 
dumper. From 5.0.0 befor
 CVE-2026-59731 (Astro is a web framework for content-driven websites. Version 
6.4.7 pe ...)
        NOT-FOR-US: Astro
 CVE-2026-59725 (Socket.IO enables bidirectional and low-latency communication 
for ever ...)
-       TODO: check
+       NOT-FOR-US: Node socket.io engine.io module
 CVE-2026-59724 (Socket.IO enables bidirectional and low-latency communication 
for ever ...)
-       TODO: check
+       NOT-FOR-US: Node socket.io engine.io module
 CVE-2026-59703 (repomix contains a local file inclusion vulnerability in the 
git clone ...)
        NOT-FOR-US: repomix
 CVE-2026-59702 (repomix contains a server-side request forgery vulnerability 
in the PO ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/691cfa92db984cdf883b347e50f99f77e1b3b1c6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/691cfa92db984cdf883b347e50f99f77e1b3b1c6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to