[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 22 20:14:32 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
43f4ebd8 by security tracker role at 2026-06-22T19:14:24+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Applic ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9162 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
TODO: check
CVE-2026-9072 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IB ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9071 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Applic ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9029 (The geomap panel's XYZ tile layer has a sanitize-then-interpolate orde ...)
TODO: check
CVE-2026-9006 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server- ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8934 (A Missing Authorization vulnerability in a GraphQL private API operati ...)
TODO: check
CVE-2026-8858 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8823 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to vali ...)
TODO: check
CVE-2026-8646 (IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Applica ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8636 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8074 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enfo ...)
TODO: check
CVE-2026-8059 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7664 (IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7253 (IBM Watson Speech Services Cartridge is vulnerable to Server-Side Requ ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7167 (The vulnerability arises when the system fails to properly validate th ...)
TODO: check
CVE-2026-7166 (Vulnerability involving the exposure of sensitive data provided withou ...)
@@ -69,7 +69,7 @@ CVE-2026-55443 (LangChain is a framework for building agents and LLM-powered app
CVE-2026-55388 (piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, ...)
TODO: check
CVE-2026-54665 (Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from o ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-54300 (@astrojs/netlify is an adapter that allows Astro to deploy your hybrid ...)
TODO: check
CVE-2026-54299 (Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerende ...)
@@ -185,11 +185,11 @@ CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS) fu
CVE-2026-46417 (Angular is a development platform for building mobile and desktop web ...)
TODO: check
CVE-2026-44914 (Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replac ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44913 (Improper escaping of database table names in the CaptureChangeMySQL Pr ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44911 (Authorization handling for component configuration verification reques ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42129 (The Loki datasource plugin's callResource handler contains a path trav ...)
TODO: check
CVE-2026-42127 (The public dashboard query endpoint does not limit request body size b ...)
@@ -209,13 +209,13 @@ CVE-2026-28381 (The Snowflake datasource allows for GET/PUT commands, which can
CVE-2026-12888 (An HTML injection vulnerability exists in the Google Chat webhook noti ...)
TODO: check
CVE-2026-12863 (An unvalidated redirect was contained in Venueless' social login funct ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-12862 (Untrusted user data was passed verbatim to Excel exports for administr ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC validat ...)
TODO: check
CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Pro ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions prior t ...)
TODO: check
CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation vulnerabilit ...)
@@ -235,41 +235,41 @@ CVE-2026-11943 (Akaunting 3.1.21 contains an authenticated stored cross-site scr
CVE-2026-11942 (Akaunting 3.1.21 contains an authenticated stored cross-site scripting ...)
TODO: check
CVE-2026-11834 (A command injection vulnerability has been identified in the DHCP opti ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-11825
REJECTED
CVE-2026-11372 (IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10845 (IBM WebSphere Application Server 8.5 and 9.0could allow a remote attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10789 (A maliciously crafted webpage, when visited by a user with Autodesk Fu ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-10601 (The Tempo and Loki datasource plugins construct backend HTTP requests ...)
TODO: check
CVE-2026-10561 (IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an im ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-66389 (GitHub Copilot 1.372.0 allows filesystem access outside of a workspace ...)
TODO: check
CVE-2025-66336 (Apache Doris MCP Server contains a SQL injection vulnerability in a me ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-62198 (An authenticated user can perform XSS. This issue affects Apache Atla ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-4994 (The SafeLine SL6 and SL6+ devices integrated into elevator emergency i ...)
TODO: check
CVE-2025-33128 (IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 02 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-2669 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-54178 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-51454 (IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 03 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-45796 (A stored cross-site scripting vulnerability in the Runtime component o ...)
TODO: check
CVE-2023-45795 (A cross-site scripting vulnerability in the Builder Component of Pilz ...)
TODO: check
CVE-2023-33854 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11373 (Net::Statsite::Client versions through 1.1.0 for Perl allow metric inj ...)
NOT-FOR-US: Net::Statsite::Client Perl module
CVE-2026-6653 (Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f4ebd83cb52f0c6be41fad26b691c23efd086b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f4ebd83cb52f0c6be41fad26b691c23efd086b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/148130e0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list