Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a22e9302 by Salvatore Bonaccorso at 2026-07-01T09:19:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,19 +15,19 @@ CVE-2026-7873 (IBM Langflow OSS 1.0.0 through 1.10.0 allows
authenticated attack
CVE-2026-7871 (IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis
access t ...)
NOT-FOR-US: IBM
CVE-2026-7840 (UltraVNC repeater through 1.8.2.2 contains a global buffer
overflow in ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-7839 (UltraVNC repeater through 1.8.2.2 initializes the HTTP
administration ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-7838 (UltraVNC viewer through 1.8.2.2 contains an integer overflow
leading t ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-7831 (UltraVNC viewer through 1.8.2.2 contains an off-by-one stack
buffer ov ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-7830 (UltraVNC through 1.8.2.2 uses inadequate cryptography in the
MS-Logon ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-7829 (UltraVNC repeater through 1.8.2.2 contains a
post-authentication out-o ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-7828 (UltraVNC repeater through 1.8.2.2 contains an integer overflow
in the ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-7803 (IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary
code execu ...)
NOT-FOR-US: IBM
CVE-2026-7663 (IBM Langflow OSS 1.0.0 through 1.9.6 could allow
unauthenticated attac ...)
@@ -87,23 +87,23 @@ CVE-2026-56356 (n8n contains a stored cross-site scripting
vulnerability in the
CVE-2026-56350 (n8n before 2.8.0 contains an authentication bypass
vulnerability allow ...)
TODO: check
CVE-2026-56334 (Capgo before 12.128.2 lacks an UPDATE row-level security
policy for th ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56333 (Capgo before 12.128.2 contains a server-side validation bypass
vulnera ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56331 (Capgo before 12.128.2 contains improper error handling in the
/private ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56328 (Capgo before 12.128.2 allows multiple public channels for the
same app ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56327 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56320 (Capgo before 12.128.2 contains an authorization flaw in POST
/private/ ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56318 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56300 (Capgo before 12.128.2 contains unauthenticated security
definer RPC fu ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56286 (Capgo before 12.128.2 contains an authentication bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56278 (Flowise before 3.1.0 (affected versions 3.0.13 and earlier)
uses a wea ...)
NOT-FOR-US: Flowise
CVE-2026-56277 (Flowise before 3.1.2 sets Access-Control-Allow-Origin to a
hardcoded w ...)
@@ -111,17 +111,17 @@ CVE-2026-56277 (Flowise before 3.1.2 sets
Access-Control-Allow-Origin to a hardc
CVE-2026-56264 (Crawl4AI before 0.8.7 contains an arbitrary JavaScript
execution vulne ...)
TODO: check
CVE-2026-56249 (Capgo before 12.128.2 contains an authorization bypass
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56247 (Capgo before 12.128.2 allows org admins to assign org-scoped
RBAC role ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56233 (Capgo before 12.128.2 contains a path traversal vulnerability
in the b ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56230 (Capgo before 12.128.2 contains a broken object level
authorization vul ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56224 (Capgo console.capgo.app/login before 12.128.2 accepts
access_token and ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56219 (Capgo before 12.128.2 contains a NULL-auth bypass
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-55721 (Storage Concentrator (SC & SCVM) is vulnerable to SQL
injection throug ...)
TODO: check
CVE-2026-55223 (c3p0 is a JDBC Connection pooling library. In versions prior
to 0.14.0 ...)
@@ -177,11 +177,11 @@ CVE-2026-50003 (A malicious or compromised server can
make a DCMTK client using
CVE-2026-44628 (An unauthenticated attacker can crash the worklist server with
a singl ...)
TODO: check
CVE-2026-44042 (UltraVNC repeater through 1.8.2.2 contains an off-by-one error
in the ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-44041 (UltraVNC through 1.8.2.2 contains an out-of-bounds read in the
wide-st ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-44040 (UltraVNC through 1.8.2.2 uses a cryptographically weak
pseudo-random n ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-3602 (IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and
12.0.1.0 thr ...)
NOT-FOR-US: IBM
CVE-2026-37106 (An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a
remote atta ...)
@@ -321,21 +321,21 @@ CVE-2026-10109 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0
through 12.1.4 is vuln
CVE-2025-71381 (Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its
CORS middl ...)
TODO: check
CVE-2025-71374 (picklescan before 0.0.29 fails to detect the built-in python
profile.P ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71371 (picklescan before 0.0.29 fails to detect malicious pickle
files using ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71368 (picklescan before 0.0.30 fails to detect the
doctest.debug_script func ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71363 (picklescan before 0.0.30 fails to detect cProfile.run function
calls i ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71355 (Picklescan before 0.0.25 fails to detect unsafe global
functions in th ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71352 (picklescan before 0.0.29 fails to detect the built-in Python
trace.Tra ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71350 (picklescan before 0.0.28 fails to detect malicious pickle
files using ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71349 (picklescan before 0.0.29 fails to detect the built-in
trace.Trace.run ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-36372 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for
Linux, UN ...)
NOT-FOR-US: IBM
CVE-2025-36359 (IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not
invalid ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a22e9302f11eaf11aebba18bbd2a82c5c7959486
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a22e9302f11eaf11aebba18bbd2a82c5c7959486
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits