Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8d88d13 by Salvatore Bonaccorso at 2026-07-08T09:41:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,13 +9,13 @@ CVE-2026-9700 (The Eventer plugin for WordPress is vulnerable
to time-based SQL
CVE-2026-9695 (An Improper Authentication vulnerability affecting DELMIA
Apriso from ...)
NOT-FOR-US: Dassault Systemes
CVE-2026-8377 (Missing Authorization vulnerability in Armiya Information
Technologies ...)
- TODO: check
+ NOT-FOR-US: Access Control System (GKS)
CVE-2026-8309 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Access Control System (GKS)
CVE-2026-8306 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Access Control System (GKS)
CVE-2026-7380 (Improper neutralization of Script-Related HTML tags in a web
page (bas ...)
- TODO: check
+ NOT-FOR-US: Access Control System (GKS)
CVE-2026-6101 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2026-60002 (ssh in OpenSSH before 10.4 can have a use-after-free when a
server cha ...)
@@ -47,19 +47,19 @@ CVE-2026-59995 (sftp in OpenSSH before 10.4 does not
properly constrain the loca
- openssh 1:10.4p1-1
NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-59800 (9Router before 0.4.44 contains an OS command injection
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-59709 (Ghostfolio's PUT
/api/v1/portfolio/holding/:dataSource/:symbol/tags en ...)
- TODO: check
+ NOT-FOR-US: Ghostfolio
CVE-2026-59708 (The GET /api/v1/public/:accessId/portfolio endpoint in
ghostfolio acce ...)
- TODO: check
+ NOT-FOR-US: Ghostfolio
CVE-2026-59707 (LocalAI contains an unauthenticated server-side request
forgery vulner ...)
- TODO: check
+ NOT-FOR-US: LocalAI
CVE-2026-59706 (mem0 contains unauthenticated config API endpoints that expose
LLM API ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-59705 (mem0's openmemory/api component contains an unauthenticated
access vul ...)
- TODO: check
+ NOT-FOR-US: mem0
CVE-2026-59704 (Cap's GET /api/video/ai endpoint fails to validate user
ownership or m ...)
- TODO: check
+ NOT-FOR-US: CapSoftware Cap
CVE-2026-59153 (Anki is a program for creating and reviewing flashcards. Prior
to 25.0 ...)
TODO: check
CVE-2026-58583 (FluxInk (formerly Sunia SPB Peripheral) Color Management
Driver (TcnPe ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d88d133aa45fc5601df43942a1d25976663250
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d88d133aa45fc5601df43942a1d25976663250
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits