Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9886c00c by security tracker role at 2026-07-18T07:14:16+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,43 +1,43 @@
 CVE-2026-9734 (The W3SC Elementor to Zoho CRM plugin for WordPress is 
vulnerable to C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8861 (IBM Security Verify could allow a remote attacker to obtain 
sensitive  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8859 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an 
attacker ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8635 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated 
users to es ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8505 (IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in 
Langflow' ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8481 (IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote 
code e ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8476 (IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote 
code e ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8056 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated 
users to ov ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7872 (IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated 
attacker ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7771 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7755 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow 
remote code ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7754 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could 
allow serve ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7667 (IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated 
attacker ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7364 (IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security 
Verify ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-63030 (WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is 
affected by a R ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-60137 (WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x 
before 7.0 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-57980 (Authentication bypass using an alternate path or channel in 
Microsoft  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-56741 (JLine is a Java library for handling console input. Prior to 
3.30.14,  ...)
        TODO: check
 CVE-2026-56740 (JLine is a Java library for handling console input. Prior to 
3.30.14,  ...)
        TODO: check
 CVE-2026-56171 (Exposure of private personal information to an unauthorized 
actor in W ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-55518 (Avo is a framework to create admin panels for Ruby on Rails 
apps. Prio ...)
        TODO: check
 CVE-2026-55254 (NCalc is a fast, lightweight expression evaluator for .NET. 
Prior to 6 ...)
@@ -99,9 +99,9 @@ CVE-2026-50162 (oras-go is a Go library for managing OCI 
artifacts. Prior to 2.6
 CVE-2026-50151 (oras-go is a Go library for managing OCI artifacts. Prior to 
2.6.1, re ...)
        TODO: check
 CVE-2026-4942 (IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to 
send a s ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-4938 (IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security 
Verify ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-49977 (tarteaucitron.js is a compliant and accessible cookie banner. 
Prior to ...)
        TODO: check
 CVE-2026-49852 (joserfc is a Python library that provides an implementation of 
several ...)
@@ -119,7 +119,7 @@ CVE-2026-48819 (Hey API is an ecosystem for turning API 
specifications into prod
 CVE-2026-48504 (OpenTelemetry Rust is the Rust OpenTelemetry implementation. 
In 0.32.0 ...)
        TODO: check
 CVE-2026-48373 (Acrobat Reader is affected by a Heap-based Buffer Overflow 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48062 (CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, 
the ext ...)
        TODO: check
 CVE-2026-48049 (@hapi/inert provides static file and directory handlers for 
hapi.js. F ...)
@@ -161,35 +161,35 @@ CVE-2026-16075 (A flaw has been found in AstrBotDevs 
AstrBot up to 4.25.5. This
 CVE-2026-16074 (A vulnerability was detected in AstrBotDevs AstrBot up to 
4.25.2. This ...)
        TODO: check
 CVE-2026-15995 (IBM Cognos Analytics 12.1.3 GA Version with build number 
through 12.1. ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-15415 (AWS HealthOmics is a HIPAA-eligible service that fully manages 
the com ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-15322 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a 
remote at ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-15093 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a 
remote at ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-15091 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a 
remote at ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-15069 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a 
remote at ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-14979 (IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 
through ) ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-14971 (IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 
2.3.02.3.0.12.3.12.3.2 IBM ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-14501 (IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 
could allow  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-14499 (IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an 
authenti ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-13473 (IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, 
and 8.2 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-13448 (IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an 
unauthen ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-13446 (IBM Langflow OSS 1.0.0 through 1.10.1 containshard-coded 
credentials,  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-13445 (IBM Langflow OSS 1.0.0 through 1.10.1 can allow an 
authenticated attac ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-12283 (Amazon Athena is a serverless, interactive query service that 
lets you ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2025-51678 (An issue was discovered in RISC-V PicoRV32 commit 87c89a. A 
mismatch i ...)
        TODO: check
 CVE-2025-51677 (An issue was discovered in openRISC OR1200 commit 83ac6b. An 
output mi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9886c00ce497755767757c95dae80e41dadd6c67

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9886c00ce497755767757c95dae80e41dadd6c67
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to