Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b51d8c0e by security tracker role at 2026-07-04T07:13:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2026-58597 (Insufficient ui warning of dangerous operations in Microsoft
Edge (Chr ...)
+ TODO: check
+CVE-2026-58524 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-58523 (Improper access control in Microsoft Edge for Android allows
an unauth ...)
+ TODO: check
+CVE-2026-58522 (Relative path traversal in Microsoft Edge for Android allows
an unauth ...)
+ TODO: check
+CVE-2026-58426 (Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows
cross-repo ...)
+ TODO: check
+CVE-2026-58424 (Permanent Fork PR Workflow Approval Gate Bypass)
+ TODO: check
+CVE-2026-58423 (LFS authentication bypass via malformed SSH sub-verb allows
unauthoriz ...)
+ TODO: check
+CVE-2026-58422 (Improper authorization on OAuth sign-in callback silently
re-enables a ...)
+ TODO: check
+CVE-2026-58421 (Unauthenticated ReDoS via CODEOWNERS pattern matching allows
denial of ...)
+ TODO: check
+CVE-2026-58419 (Notification API leaks private issue metadata after access
revocation)
+ TODO: check
+CVE-2026-58418 (SSRF via HTTP Redirect in Repository Migration)
+ TODO: check
+CVE-2026-58300 (Absolute path traversal in Microsoft Edge for Android allows
an unauth ...)
+ TODO: check
+CVE-2026-58299 (Time-of-check time-of-use (toctou) race condition in Microsoft
Edge fo ...)
+ TODO: check
+CVE-2026-58298 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-58297 (Exposure of private personal information to an unauthorized
actor in M ...)
+ TODO: check
+CVE-2026-58296 (Exposure of private personal information to an unauthorized
actor in M ...)
+ TODO: check
+CVE-2026-58295 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-58294 (Use after free in Microsoft Edge (Chromium-based) allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-58293 (External control of file name or path in Microsoft Edge
(Chromium-base ...)
+ TODO: check
+CVE-2026-58292 (Improper input validation in Microsoft Edge (Chromium-based)
allows an ...)
+ TODO: check
+CVE-2026-58291 (Operation on a resource after expiration or release in
Microsoft Edge ...)
+ TODO: check
+CVE-2026-58290 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-58289 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-58288 (Use after free in Microsoft Edge (Chromium-based) allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-58287 (Use after free in Microsoft Edge (Chromium-based) allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-58286 (Improper access control in Microsoft Edge (Chromium-based)
allows an u ...)
+ TODO: check
+CVE-2026-58285 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-58284 (Improper authorization in Microsoft Edge (Chromium-based)
allows an un ...)
+ TODO: check
+CVE-2026-58283 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-58282 (Improper access control in Microsoft Edge (Chromium-based)
allows an u ...)
+ TODO: check
+CVE-2026-58278 (Server-side request forgery (ssrf) in Microsoft Edge
(Chromium-based) ...)
+ TODO: check
+CVE-2026-58276 (Use after free in Microsoft Edge (Chromium-based) allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-57993 (Server-side request forgery (ssrf) in Microsoft Edge
(Chromium-based) ...)
+ TODO: check
+CVE-2026-57992 (Use after free in Microsoft Edge (Chromium-based) allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-57991 (Improper link resolution before file access ('link following')
in Micr ...)
+ TODO: check
+CVE-2026-57988 (Relative path traversal in Microsoft Edge (Chromium-based)
allows an u ...)
+ TODO: check
+CVE-2026-57987 (Server-side request forgery (ssrf) in Microsoft Edge
(Chromium-based) ...)
+ TODO: check
+CVE-2026-57986 (Use after free in Microsoft Edge (Chromium-based) allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-57985 (Improper input validation in Microsoft Edge (Chromium-based)
allows an ...)
+ TODO: check
+CVE-2026-57984 (Use after free in Microsoft Edge (Chromium-based) allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-57983 (Improper authorization in Microsoft Edge (Chromium-based)
allows an un ...)
+ TODO: check
+CVE-2026-57981 (Use after free in Microsoft Edge (Chromium-based) allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-57977 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-57975 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-57974 (Integer overflow or wraparound in Microsoft Edge
(Chromium-based) allo ...)
+ TODO: check
+CVE-2026-56646 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
+ TODO: check
+CVE-2026-56645 (Heap-based buffer overflow in Microsoft Edge (Chromium-based)
allows a ...)
+ TODO: check
+CVE-2026-55945 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-54424 (An Incorrect Use of Privileged APIs vulnerability in Unity
Parsec on W ...)
+ TODO: check
+CVE-2026-45489 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2026-45488 (User interface (ui) misrepresentation of critical information
in Micro ...)
+ TODO: check
+CVE-2026-28744 (Gitea versions up to and including 1.26.1 allow Git smart HTTP
request ...)
+ TODO: check
+CVE-2026-28740 (Gitea versions up to and including 1.26.2 allow Git LFS object
reuse t ...)
+ TODO: check
+CVE-2026-28737 (Gitea versions from 1.25.0 before 1.26.0 allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-28705 (Gitea versions before 1.25.5 use release tag names and asset
names as ...)
+ TODO: check
+CVE-2026-28699 (Gitea versions up to and including 1.26.1 allow OAuth2 access
token sc ...)
+ TODO: check
+CVE-2026-27783 (Gitea versions up to and including 1.26.1 do not enforce
repository-un ...)
+ TODO: check
+CVE-2026-27780 (Gitea versions before 1.26.0 do not fail closed on
bufio.Scanner error ...)
+ TODO: check
+CVE-2026-27779 (Gitea versions before 1.25.5 accept malformed or injected
forwarded-pr ...)
+ TODO: check
+CVE-2026-27775 (Gitea 1.25.5 caches a branch-specific write-permission result
across m ...)
+ TODO: check
+CVE-2026-27771 (Gitea versions up to and including 1.26.1 have insufficient
permission ...)
+ TODO: check
+CVE-2026-27761 (Gitea versions up to and including 1.26.2 allow repository RSS
and Ato ...)
+ TODO: check
+CVE-2026-27660 (Gitea versions before 1.25.5 allow draft release data or
attachments t ...)
+ TODO: check
+CVE-2026-27657 (Gitea versions before 1.25.5 allow a user to change another
user's pri ...)
+ TODO: check
+CVE-2026-26307 (Gitea versions before 1.25.5 do not enforce a timeout on git
grep sear ...)
+ TODO: check
+CVE-2026-26292 (Gitea versions before 1.25.5 do not use the migration HTTP
transport f ...)
+ TODO: check
+CVE-2026-26247 (Gitea versions before 1.25.5 do not persist the OAuth2 PKCE
S256 chall ...)
+ TODO: check
+CVE-2026-26232 (Gitea versions before 1.25.5 do not consistently enforce
OAuth2 author ...)
+ TODO: check
+CVE-2026-26231 (Gitea versions up to and including 1.26.1 allow the Allow
edits from m ...)
+ TODO: check
+CVE-2026-25782 (Gitea versions before 1.25.5 look up tracked-time entries by
time ID w ...)
+ TODO: check
+CVE-2026-25779 (Gitea versions up to and including 1.25.4 allow redirect
bypasses thro ...)
+ TODO: check
+CVE-2026-25718 (Gitea versions before 1.25.5 mishandle path resolution during
template ...)
+ TODO: check
+CVE-2026-25714 (Gitea versions up to and including 1.26.1 do not apply
public-only tok ...)
+ TODO: check
+CVE-2026-25712 (Gitea versions before 1.25.5 have insufficient visibility
checks in or ...)
+ TODO: check
+CVE-2026-25038 (Gitea 1.26.2 allows unauthorized users to access labels of
private org ...)
+ TODO: check
+CVE-2026-24690 (Gitea versions before 1.25.5 have insufficient permission
checks for u ...)
+ TODO: check
+CVE-2026-24451 (Gitea 1.26.2 allows fork synchronization to continue after a
parent re ...)
+ TODO: check
+CVE-2026-22874 (Gitea versions up to and including 1.26.2 have incomplete SSRF
protect ...)
+ TODO: check
+CVE-2026-22555 (Gitea versions before 1.26.0 allow API users to fork a
repository into ...)
+ TODO: check
+CVE-2026-22547 (Gitea versions before 1.25.5 lack validation constraints for
repositor ...)
+ TODO: check
+CVE-2026-20909 (Gitea versions before 1.25.5 have insufficient permission
checks when ...)
+ TODO: check
+CVE-2026-20896 (Gitea Docker image versions up to and including 1.26.2 use
REVERSE_PRO ...)
+ TODO: check
+CVE-2026-20779 (Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use
enforce ...)
+ TODO: check
+CVE-2026-20706 (Gitea versions up to and including 1.26.1 allow repository
archive dow ...)
+ TODO: check
+CVE-2026-14618 (A vulnerability was detected in Open5GS up to 2.7.7. Affected
by this ...)
+ TODO: check
+CVE-2026-14617 (A security vulnerability has been detected in NousResearch
hermes-agen ...)
+ TODO: check
+CVE-2026-14611 (A vulnerability has been found in DeepMyst Mysti up to 0.4.0.
The affe ...)
+ TODO: check
+CVE-2026-14610 (A flaw has been found in Open Asset Import Library Assimp up
to 6.0.5. ...)
+ TODO: check
+CVE-2026-14609 (A vulnerability was detected in SourceCodester CET Automated
Grading S ...)
+ TODO: check
+CVE-2026-14608 (A security vulnerability has been detected in SourceCodester
CET Autom ...)
+ TODO: check
+CVE-2026-14607 (A weakness has been identified in RT-Thread up to 5.0.2. This
affects ...)
+ TODO: check
+CVE-2026-14606 (A security flaw has been discovered in RT-Thread up to 5.0.2.
Affected ...)
+ TODO: check
+CVE-2026-14605 (A vulnerability was identified in RT-Thread up to 5.0.2.
Affected by t ...)
+ TODO: check
+CVE-2026-12481 (A vulnerability in keras-team/keras version 3.14.0 allows for
arbitrar ...)
+ TODO: check
+CVE-2026-12252 (In nltk/nltk versions 3.9.3 and earlier, five Stanford
interface class ...)
+ TODO: check
+CVE-2025-71380 (The Execute Command node in n8n allows authenticated users to
execute ...)
+ TODO: check
+CVE-2025-71375 (picklescan before 0.0.34 fails to detect the
_operator.methodcaller bu ...)
+ TODO: check
+CVE-2025-71373 (picklescan before 0.0.33 fails to detect operator.methodcaller
functio ...)
+ TODO: check
+CVE-2025-71372 (Picklescan before 0.0.33 fails to detect the
numpy.f2py.crackfortran.g ...)
+ TODO: check
+CVE-2025-71369 (picklescan before 0.0.28 fails to detect malicious pickle
files that u ...)
+ TODO: check
+CVE-2025-71367 (picklescan before 0.0.34 fails to detect _operator.attrgetter
function ...)
+ TODO: check
+CVE-2025-71366 (picklescan before 0.0.28 fails to detect malicious
torch.utils.bottlen ...)
+ TODO: check
+CVE-2025-71364 (picklescan before 0.0.30 fails to detect the
asyncio.unix_events._Unix ...)
+ TODO: check
+CVE-2025-71362 (picklescan before 0.0.33 fails to detect unsafe
deserialization when n ...)
+ TODO: check
+CVE-2025-71360 (picklescan before 0.0.29 fails to detect malicious pickle
files using ...)
+ TODO: check
+CVE-2025-71359 (picklescan before 0.0.29 fails to detect malicious pickle
payloads tha ...)
+ TODO: check
+CVE-2025-71356 (picklescan before 0.0.28 fails to detect malicious
torch.fx.experiment ...)
+ TODO: check
+CVE-2025-71353 (picklescan before 0.0.28 fails to detect malicious pickle
files that e ...)
+ TODO: check
+CVE-2025-71347 (picklescan before 0.0.33 fails to detect malicious pickle
files using ...)
+ TODO: check
+CVE-2025-71345 (picklescan before 0.0.30 fails to detect malicious pickle
files that i ...)
+ TODO: check
+CVE-2025-71343 (picklescan before 0.0.30 fails to detect malicious pickle
files that e ...)
+ TODO: check
+CVE-2025-71342 (picklescan before 0.0.30 fails to detect malicious pickle
files using ...)
+ TODO: check
CVE-2024-0234
NOT-FOR-US: Podman Desktop
CVE-2026-58207
@@ -154,7 +378,7 @@ CVE-2026-10055 (In Eclipse Theia since version 1.26.0, the
backend /services/req
NOT-FOR-US: Eclipse
CVE-2026-10054 (In affected versions of Eclipse Theia (1.8.1 and later), the
browser b ...)
NOT-FOR-US: Eclipse
-CVE-2026-14355 [PHP: ext/openssl: Memory corruption (zend_mm_heap corrupted)
in openssl_encrypt with AES-WRAP-PAD]
+CVE-2026-14355 (In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32,
8.4.* before ...)
- php8.4 8.4.23-1
- php8.2 <removed>
- php7.4 <removed>
@@ -336,21 +560,27 @@ CVE-2026-58381 (A flaw was found in GIMP's PSP file
format parser. A double-free
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/work_items/16207
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/b22e147b9dac6a57c50f3162262aa18fa1b1e210
(GIMP_3_2_4)
CVE-2026-13698
+ {DSA-6376-1 DLA-4666-1}
- openvpn 2.7.5-1
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/b005e4709ce1afbee7c571788cffd915280d646e
(v2.7.5)
CVE-2026-11771
+ {DSA-6376-1 DLA-4666-1}
- openvpn 2.7.5-1
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/04309bfe0313c09edd02c29945893b9d7e2ca920
(v2.7.5)
CVE-2026-12932
+ {DSA-6376-1 DLA-4666-1}
- openvpn 2.7.5-1
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/19c9ad5bb75942f66608d2ae28c0614a0a5c6073
(v2.7.5)
CVE-2026-13122
+ {DSA-6376-1 DLA-4666-1}
- openvpn 2.7.5-1
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/010b6c833b7fdbe889c0c7f8fc33f588a658b81f
(v2.7.5)
CVE-2026-13117
+ {DSA-6376-1 DLA-4666-1}
- openvpn 2.7.5-1
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/3ce0242e68527fd1e8d378aecb57c466e8058b44
(v2.7.5)
CVE-2026-12996
+ {DSA-6376-1 DLA-4666-1}
- openvpn 2.7.5-1
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/5ee1f9b90fe03ecf7cef5431147ecaabbe96db9e
(v2.7.5)
CVE-2026-49838
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b51d8c0ee67a2691310e2407771193b1a6da8359
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b51d8c0ee67a2691310e2407771193b1a6da8359
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits