[Git][security-tracker-team/security-tracker][master] Process some mattermost-server issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 22 20:35:06 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e571fb4e by Salvatore Bonaccorso at 2026-06-22T21:34:35+02:00
Process some mattermost-server issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1
CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Applic ...)
NOT-FOR-US: IBM
CVE-2026-9162 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2026-9072 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IB ...)
NOT-FOR-US: IBM
CVE-2026-9071 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Applic ...)
@@ -17,13 +17,13 @@ CVE-2026-8934 (A Missing Authorization vulnerability in a GraphQL private API op
CVE-2026-8858 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM ...)
NOT-FOR-US: IBM
CVE-2026-8823 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to vali ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2026-8646 (IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Applica ...)
NOT-FOR-US: IBM
CVE-2026-8636 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9 ...)
NOT-FOR-US: IBM
CVE-2026-8074 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enfo ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2026-8059 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9 ...)
NOT-FOR-US: IBM
CVE-2026-7664 (IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attac ...)
@@ -37,9 +37,9 @@ CVE-2026-7166 (Vulnerability involving the exposure of sensitive data provided w
CVE-2026-7165 (The vulnerability is present in the \u2018/addJugador\u2019 endpoint: ...)
TODO: check
CVE-2026-6673 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2026-6062 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2026-5139 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
TODO: check
CVE-2026-56450 (AIL did not restrict repeated failed attempts to verify a two-factor a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e571fb4e9ac52035b7ba400efec2a670427a1714
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e571fb4e9ac52035b7ba400efec2a670427a1714
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/054fb480/attachment.htm>
More information about the debian-security-tracker-commits
mailing list