Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2176721c by Salvatore Bonaccorso at 2026-07-03T10:02:32+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,35 +15,35 @@ CVE-2026-8247 (An Out-of-bounds Write vulnerability in 
WatchGuard Fireware OS ma
 CVE-2026-59102 (Forgejo before 15.0.3 contains a stored cross-site scripting 
vulnerabi ...)
        - forgejo <itp> (bug #1058932)
 CVE-2026-59101 (AutoBangumi before 3.2.8 contains a server-side request 
forgery (SSRF) ...)
-       TODO: check
+       NOT-FOR-US: AutoBangumi
 CVE-2026-59100 (LobeChat through 2.2.9 contains a broken object level 
authorization vu ...)
-       TODO: check
+       NOT-FOR-US: LobeChat
 CVE-2026-59099 (Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Apereo CAS
 CVE-2026-59098 (LobeChat through 2.2.9 contains a broken access control 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: LobeChat
 CVE-2026-59097 (Taiga before 6.10.2 contains a missing authorization 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: Taiga
 CVE-2026-59096 (Dapr Sentry's OIDC discovery endpoint derives the issuer and 
jwks_uri  ...)
-       TODO: check
+       NOT-FOR-US: Dapr Sentry's OIDC discovery endpoint
 CVE-2026-59095 (LobeChat before 2.2.10-canary.18 contains a server-side 
request forger ...)
-       TODO: check
+       NOT-FOR-US: LobeChat
 CVE-2026-59094 (Pathway through 0.31.1, fixed in commit d09722e, document 
store applie ...)
-       TODO: check
+       NOT-FOR-US: Pathway
 CVE-2026-59093 (Weaviate before 1.38.0 does not verify that a principal 
performing an  ...)
-       TODO: check
+       NOT-FOR-US: Weaviate
 CVE-2026-59092 (JuiceFS through 1.3.1, fixed in commit a46979c, contains an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: JuiceFS
 CVE-2026-58580 (LobeChat through 2.2.9 server-database deployments are 
vulnerable to b ...)
-       TODO: check
+       NOT-FOR-US: LobeChat
 CVE-2026-58579 (RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name 
without ...)
-       TODO: check
+       NOT-FOR-US: RAGFlow
 CVE-2026-58578 (LobeChat before version 2.2.10-canary.15 contains a regular 
expression ...)
-       TODO: check
+       NOT-FOR-US: LobeChat
 CVE-2026-58467 (Cockpit CMS before release 364 contains a path traversal and 
local fil ...)
-       TODO: check
+       NOT-FOR-US: Cockpit CMS
 CVE-2026-58466 (AutoBangumi before 3.2.8 contains a hard-coded default 
credentials vul ...)
-       TODO: check
+       NOT-FOR-US: AutoBangumi
 CVE-2026-58460 (react-native-receive-sharing-intent contains a path traversal 
vulnerab ...)
        TODO: check
 CVE-2026-57100 (Server-side request forgery (ssrf) in Microsoft Entra 
Provisioning Ser ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2176721cdde09d24160ebd8795f5c87b725b6995

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2176721cdde09d24160ebd8795f5c87b725b6995
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to