Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43f4ebd8 by security tracker role at 2026-06-22T19:14:24+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator
9.1.7, 9 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere
Applic ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9162 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x
<= 11.5 ...)
TODO: check
CVE-2026-9072 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server,
and IB ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9071 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere
Applic ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9029 (The geomap panel's XYZ tile layer has a
sanitize-then-interpolate orde ...)
TODO: check
CVE-2026-9006 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to
server- ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8934 (A Missing Authorization vulnerability in a GraphQL private API
operati ...)
TODO: check
CVE-2026-8858 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server
and IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8823 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail
to vali ...)
TODO: check
CVE-2026-8646 (IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere
Applica ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8636 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator
9.1.7, 9 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8074 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail
to enfo ...)
TODO: check
CVE-2026-8059 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator
9.1.7, 9 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7664 (IBM Langflow OSS 1.0.0 through 1.8.4 could allow
unauthenticated attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7253 (IBM Watson Speech Services Cartridge is vulnerable to
Server-Side Requ ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7167 (The vulnerability arises when the system fails to properly
validate th ...)
TODO: check
CVE-2026-7166 (Vulnerability involving the exposure of sensitive data provided
withou ...)
@@ -69,7 +69,7 @@ CVE-2026-55443 (LangChain is a framework for building agents
and LLM-powered app
CVE-2026-55388 (piscina is a node.js worker pool implementation. Prior to
6.0.0-rc.2, ...)
TODO: check
CVE-2026-54665 (Apache NiFi 0.0.1 through 2.9.0 support building qualified
URLs from o ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-54300 (@astrojs/netlify is an adapter that allows Astro to deploy
your hybrid ...)
TODO: check
CVE-2026-54299 (Astro is a web framework. Prior to 6.4.6, Astro SSR apps with
prerende ...)
@@ -185,11 +185,11 @@ CVE-2026-48712 (protobufjs compiles protobuf definitions
into JavaScript (JS) fu
CVE-2026-46417 (Angular is a development platform for building mobile and
desktop web ...)
TODO: check
CVE-2026-44914 (Apache NiFi 1.12.0 through 2.9.0 are missing authorization
when replac ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44913 (Improper escaping of database table names in the
CaptureChangeMySQL Pr ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44911 (Authorization handling for component configuration
verification reques ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42129 (The Loki datasource plugin's callResource handler contains a
path trav ...)
TODO: check
CVE-2026-42127 (The public dashboard query endpoint does not limit request
body size b ...)
@@ -209,13 +209,13 @@ CVE-2026-28381 (The Snowflake datasource allows for
GET/PUT commands, which can
CVE-2026-12888 (An HTML injection vulnerability exists in the Google Chat
webhook noti ...)
TODO: check
CVE-2026-12863 (An unvalidated redirect was contained in Venueless' social
login funct ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-12862 (Untrusted user data was passed verbatim to Excel exports for
administr ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC
validat ...)
TODO: check
CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM
Storage Pro ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions
prior t ...)
TODO: check
CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation
vulnerabilit ...)
@@ -235,41 +235,41 @@ CVE-2026-11943 (Akaunting 3.1.21 contains an
authenticated stored cross-site scr
CVE-2026-11942 (Akaunting 3.1.21 contains an authenticated stored cross-site
scripting ...)
TODO: check
CVE-2026-11834 (A command injection vulnerability has been identified in the
DHCP opti ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-11825
REJECTED
CVE-2026-11372 (IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10845 (IBM WebSphere Application Server 8.5 and 9.0could allow a
remote attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10789 (A maliciously crafted webpage, when visited by a user with
Autodesk Fu ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-10601 (The Tempo and Loki datasource plugins construct backend HTTP
requests ...)
TODO: check
CVE-2026-10561 (IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due
to an im ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-66389 (GitHub Copilot 1.372.0 allows filesystem access outside of a
workspace ...)
TODO: check
CVE-2025-66336 (Apache Doris MCP Server contains a SQL injection vulnerability
in a me ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-62198 (An authenticated user can perform XSS. This issue affects
Apache Atla ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-4994 (The SafeLine SL6 and SL6+ devices integrated into elevator
emergency i ...)
TODO: check
CVE-2025-33128 (IBM Engineering Workflow Management 7.0.3 through 7.0.3
Interim Fix 02 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-2669 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak
for Data ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-54178 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak
for Data ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-51454 (IBM Engineering Workflow Management 7.0.2 through 7.0.2
Interim Fix 03 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-45796 (A stored cross-site scripting vulnerability in the Runtime
component o ...)
TODO: check
CVE-2023-45795 (A cross-site scripting vulnerability in the Builder Component
of Pilz ...)
TODO: check
CVE-2023-33854 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak
for Data ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11373 (Net::Statsite::Client versions through 1.1.0 for Perl allow
metric inj ...)
NOT-FOR-US: Net::Statsite::Client Perl module
CVE-2026-6653 (Use After Free in libxml2's xmlParseInternalSubset from GNOME
libxml2 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f4ebd83cb52f0c6be41fad26b691c23efd086b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f4ebd83cb52f0c6be41fad26b691c23efd086b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits