Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2176721c by Salvatore Bonaccorso at 2026-07-03T10:02:32+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,35 +15,35 @@ CVE-2026-8247 (An Out-of-bounds Write vulnerability in
WatchGuard Fireware OS ma
CVE-2026-59102 (Forgejo before 15.0.3 contains a stored cross-site scripting
vulnerabi ...)
- forgejo <itp> (bug #1058932)
CVE-2026-59101 (AutoBangumi before 3.2.8 contains a server-side request
forgery (SSRF) ...)
- TODO: check
+ NOT-FOR-US: AutoBangumi
CVE-2026-59100 (LobeChat through 2.2.9 contains a broken object level
authorization vu ...)
- TODO: check
+ NOT-FOR-US: LobeChat
CVE-2026-59099 (Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2026-59098 (LobeChat through 2.2.9 contains a broken access control
vulnerability ...)
- TODO: check
+ NOT-FOR-US: LobeChat
CVE-2026-59097 (Taiga before 6.10.2 contains a missing authorization
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Taiga
CVE-2026-59096 (Dapr Sentry's OIDC discovery endpoint derives the issuer and
jwks_uri ...)
- TODO: check
+ NOT-FOR-US: Dapr Sentry's OIDC discovery endpoint
CVE-2026-59095 (LobeChat before 2.2.10-canary.18 contains a server-side
request forger ...)
- TODO: check
+ NOT-FOR-US: LobeChat
CVE-2026-59094 (Pathway through 0.31.1, fixed in commit d09722e, document
store applie ...)
- TODO: check
+ NOT-FOR-US: Pathway
CVE-2026-59093 (Weaviate before 1.38.0 does not verify that a principal
performing an ...)
- TODO: check
+ NOT-FOR-US: Weaviate
CVE-2026-59092 (JuiceFS through 1.3.1, fixed in commit a46979c, contains an
authentica ...)
- TODO: check
+ NOT-FOR-US: JuiceFS
CVE-2026-58580 (LobeChat through 2.2.9 server-database deployments are
vulnerable to b ...)
- TODO: check
+ NOT-FOR-US: LobeChat
CVE-2026-58579 (RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name
without ...)
- TODO: check
+ NOT-FOR-US: RAGFlow
CVE-2026-58578 (LobeChat before version 2.2.10-canary.15 contains a regular
expression ...)
- TODO: check
+ NOT-FOR-US: LobeChat
CVE-2026-58467 (Cockpit CMS before release 364 contains a path traversal and
local fil ...)
- TODO: check
+ NOT-FOR-US: Cockpit CMS
CVE-2026-58466 (AutoBangumi before 3.2.8 contains a hard-coded default
credentials vul ...)
- TODO: check
+ NOT-FOR-US: AutoBangumi
CVE-2026-58460 (react-native-receive-sharing-intent contains a path traversal
vulnerab ...)
TODO: check
CVE-2026-57100 (Server-side request forgery (ssrf) in Microsoft Entra
Provisioning Ser ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2176721cdde09d24160ebd8795f5c87b725b6995
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2176721cdde09d24160ebd8795f5c87b725b6995
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits