Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2bd55729 by security tracker role at 2026-07-08T07:13:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,307 @@
+CVE-2026-9842 (The Backstage - Customizer Demo Access plugin for WordPress is 
vulnera ...)
+       TODO: check
+CVE-2026-9731 (The Wp Js Detect plugin for WordPress is vulnerable to 
Cross-Site Requ ...)
+       TODO: check
+CVE-2026-9701 (The Eventer plugin for WordPress is vulnerable to an insecure 
password ...)
+       TODO: check
+CVE-2026-9700 (The Eventer plugin for WordPress is vulnerable to time-based 
SQL Injec ...)
+       TODO: check
+CVE-2026-9695 (An Improper Authentication vulnerability affecting DELMIA 
Apriso from  ...)
+       TODO: check
+CVE-2026-8377 (Missing Authorization vulnerability in Armiya Information 
Technologies ...)
+       TODO: check
+CVE-2026-8309 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-8306 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-7380 (Improper neutralization of Script-Related HTML tags in a web 
page (bas ...)
+       TODO: check
+CVE-2026-6101 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for 
WordPress is ...)
+       TODO: check
+CVE-2026-60002 (ssh in OpenSSH before 10.4 can have a use-after-free when a 
server cha ...)
+       TODO: check
+CVE-2026-60001 (sshd in OpenSSH before 10.4 does not always honor the minimum 
authenti ...)
+       TODO: check
+CVE-2026-60000 (sshd in OpenSSH before 10.4 allows remote attackers to cause a 
denial  ...)
+       TODO: check
+CVE-2026-5799 (Authorization bypass through User-Controlled key vulnerability 
in Idvl ...)
+       TODO: check
+CVE-2026-5730 (Authorization bypass through User-Controlled key vulnerability 
in Idvl ...)
+       TODO: check
+CVE-2026-59999 (In sshd in OpenSSH before 10.4, DisableForwarding=yes was 
supposed to  ...)
+       TODO: check
+CVE-2026-59998 (sshd in OpenSSH before 10.4 has an undocumented 
security-relevant beha ...)
+       TODO: check
+CVE-2026-59997 (internal-sftp in sshd in OpenSSH before 10.4 recognizes only 
the first ...)
+       TODO: check
+CVE-2026-59996 (scp in OpenSSH before 10.4 may place a file in the parent 
directory of ...)
+       TODO: check
+CVE-2026-59995 (sftp in OpenSSH before 10.4 does not properly constrain the 
location o ...)
+       TODO: check
+CVE-2026-59800 (9Router before 0.4.44 contains an OS command injection 
vulnerability i ...)
+       TODO: check
+CVE-2026-59709 (Ghostfolio's PUT 
/api/v1/portfolio/holding/:dataSource/:symbol/tags en ...)
+       TODO: check
+CVE-2026-59708 (The GET /api/v1/public/:accessId/portfolio endpoint in 
ghostfolio acce ...)
+       TODO: check
+CVE-2026-59707 (LocalAI contains an unauthenticated server-side request 
forgery vulner ...)
+       TODO: check
+CVE-2026-59706 (mem0 contains unauthenticated config API endpoints that expose 
LLM API ...)
+       TODO: check
+CVE-2026-59705 (mem0's openmemory/api component contains an unauthenticated 
access vul ...)
+       TODO: check
+CVE-2026-59704 (Cap's GET /api/video/ai endpoint fails to validate user 
ownership or m ...)
+       TODO: check
+CVE-2026-59153 (Anki is a program for creating and reviewing flashcards. Prior 
to 25.0 ...)
+       TODO: check
+CVE-2026-58583 (FluxInk (formerly Sunia SPB Peripheral) Color Management 
Driver (TcnPe ...)
+       TODO: check
+CVE-2026-58473 (Cognee before 1.2.0 contains an improper access control 
vulnerability  ...)
+       TODO: check
+CVE-2026-58472 (GNU Wget through 1.25.0, fixed in commit dd692d9, contains a 
heap buff ...)
+       TODO: check
+CVE-2026-58471 (GNU Wget through 1.25.0, fixed in commit c2640fe, contains a 
heap buff ...)
+       TODO: check
+CVE-2026-58470 (GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an 
integer  ...)
+       TODO: check
+CVE-2026-58469 (GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a 
heap buff ...)
+       TODO: check
+CVE-2026-58468 (NocoBase through 2.1.20 contains a server-side request forgery 
vulnera ...)
+       TODO: check
+CVE-2026-58384 (A flaw was found in GIMP's PSD parser. An integer overflow in 
read_RLE ...)
+       TODO: check
+CVE-2026-58266 (Anki is a program for creating and reviewing flashcards. Prior 
to 25.0 ...)
+       TODO: check
+CVE-2026-57895 (Incorrect default permissions issue exists in Pupsman versions 
prior t ...)
+       TODO: check
+CVE-2026-57851 (MSI Feature Manager contains a local privilege escalation 
vulnerabilit ...)
+       TODO: check
+CVE-2026-57172 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-56843 (Incorrect authorization in the XML-RPC API of WebPros Plesk 
before 18. ...)
+       TODO: check
+CVE-2026-56812 (Improper Check for Unusual or Exceptional Conditions 
vulnerability in  ...)
+       TODO: check
+CVE-2026-56811 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
+       TODO: check
+CVE-2026-56437 (Uncontrolled search path element issue exists in Pupsman 
versions prio ...)
+       TODO: check
+CVE-2026-55647 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-55635 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-55633 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-55631 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-55592 (Dashy is a self-hostable personal dashboard. Prior to 4.3.7, 
Dashy's w ...)
+       TODO: check
+CVE-2026-55490 (OpenWrt is a Linux operating system targeting embedded 
devices. Before ...)
+       TODO: check
+CVE-2026-55438 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55437 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55436 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55435 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55434 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55433 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55432 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55431 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55430 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55429 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55428 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55427 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55418 (FastGPT is an open source AI knowledge base platform. Prior to 
v4.15.0 ...)
+       TODO: check
+CVE-2026-55417 (Chevereto is a self-hosted media-sharing platform. Starting in 
version ...)
+       TODO: check
+CVE-2026-55408 (Koodo Reader is an ebook reader. In version 2.3.0 and earlier, 
Koodo R ...)
+       TODO: check
+CVE-2026-55079 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55078 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55077 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55076 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-55075 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-54698 (Hasura is an open-source product that provides users GraphQL 
or REST A ...)
+       TODO: check
+CVE-2026-54607 (FastGPT is a knowledge-based AI application platform. Prior to 
4.15.0- ...)
+       TODO: check
+CVE-2026-54602 (FastGPT is a knowledge-based AI application platform. Prior to 
4.15.0, ...)
+       TODO: check
+CVE-2026-54601 (FastGPT is an open source AI knowledge base platform. From 
4.14.17 to  ...)
+       TODO: check
+CVE-2026-53935 (Cilium is a networking, observability, and security solution. 
Prior to ...)
+       TODO: check
+CVE-2026-53751 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-53730 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-53729 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-53511 (calibre is an e-book manager. Prior to 9.10.0, a malicious 
EPUB, OPF,  ...)
+       TODO: check
+CVE-2026-53483 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
+       TODO: check
+CVE-2026-53481 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
+       TODO: check
+CVE-2026-53479 (DellPowerProtectData Domain, versions 7.7.1.0 through 8.7, 
LTS2026 rel ...)
+       TODO: check
+CVE-2026-51937 (An issue in Oneblog V2.3.9 allows a remote attacker to obtain 
sensitiv ...)
+       TODO: check
+CVE-2026-50811 (An out-of-bounds read vulnerability exists in FreeType 2.14.3 
and vers ...)
+       TODO: check
+CVE-2026-50810 (A NULL pointer dereference in smooth_parse_stream_index() in 
src/media ...)
+       TODO: check
+CVE-2026-50530 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-50529 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-50179 (Actual is a local-first personal finance tool. Prior to 
26.6.0, export ...)
+       TODO: check
+CVE-2026-50007 (Actual is an open-source personal finance application. Prior 
to 26.7.0 ...)
+       TODO: check
+CVE-2026-49471 (Serena is a powerful MCP toolkit for coding that provides 
semantic ret ...)
+       TODO: check
+CVE-2026-49229 (Actual is a local-first personal finance app. Prior to 26.6.0, 
in Open ...)
+       TODO: check
+CVE-2026-49033 (The application contains a stack-based buffer overflow 
vulnerability t ...)
+       TODO: check
+CVE-2026-48958 (An improper access check allows unauthorized users to create 
custom fi ...)
+       TODO: check
+CVE-2026-48957 (An improper access check allows unauthorized users to access 
com_priva ...)
+       TODO: check
+CVE-2026-48956 (An improper access check allows users to display a list of 
modules in  ...)
+       TODO: check
+CVE-2026-48955 (An improper access check allows unauthorized users to access 
workflow  ...)
+       TODO: check
+CVE-2026-48954 (Improper validation leads to a generic XSS vector in the 
language over ...)
+       TODO: check
+CVE-2026-48953 (Lack of escaping leads to an XSS vulnerability in the generic 
image ou ...)
+       TODO: check
+CVE-2026-48952 (Lack of escaping leads to an XSS vulnerability in the update 
list view ...)
+       TODO: check
+CVE-2026-48951 (Lack of escaping leads to XSS vulnerabilities in modalreturn 
layouts o ...)
+       TODO: check
+CVE-2026-48950 (Lack of escaping leads to an XSS vulnerability in the file 
management  ...)
+       TODO: check
+CVE-2026-48949 (Lack of validation leads to an XSS vulnerability in the MFA 
management ...)
+       TODO: check
+CVE-2026-48948 (An improper access check allows user to download vcard exports 
of com_ ...)
+       TODO: check
+CVE-2026-48947 (An improper access check allows privileged users to overwrite 
media fi ...)
+       TODO: check
+CVE-2026-46700 (Actual is a local-first personal finance tool. Prior to 
26.6.0, the GE ...)
+       TODO: check
+CVE-2026-46672 (Actual is a local-first personal finance app. Prior to 26.6.0, 
@actual ...)
+       TODO: check
+CVE-2026-46354 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-45796 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-44938 (A vulnerability has been identified in Fleet's agent-side 
deployer, wh ...)
+       TODO: check
+CVE-2026-44877 (An unauthenticated remote disclosure vulnerability has been 
identified ...)
+       TODO: check
+CVE-2026-44454 (Coder allows organizations to provision remote development 
environment ...)
+       TODO: check
+CVE-2026-42958 (The application contains a use-after-free vulnerability that 
can be ex ...)
+       TODO: check
+CVE-2026-42953 (The application contains an out-of-bounds write vulnerability 
that can ...)
+       TODO: check
+CVE-2026-37271 (Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is 
vulnerable ...)
+       TODO: check
+CVE-2026-37270 (Trueview Security camera T18161- AF v4.9.60.0 contains an 
authenticati ...)
+       TODO: check
+CVE-2026-36163 (An HTML injection vulnerability in the file view endpoint of 
LiquidFil ...)
+       TODO: check
+CVE-2026-36162 (An authenticated stored cross-site scripting (XSS) 
vulnerability in th ...)
+       TODO: check
+CVE-2026-28378 (The public dashboard deletion endpoint does not enforce 
organization i ...)
+       TODO: check
+CVE-2026-23698 (Vtiger CRM through 8.4.0 contains an authenticated remote code 
executi ...)
+       TODO: check
+CVE-2026-23697 (Vtiger CRM before 8.4.0 contains an authenticated file upload 
vulnerab ...)
+       TODO: check
+CVE-2026-14969 (A flaw was found in 389-ds-base where the LDBM backend 
attribute encry ...)
+       TODO: check
+CVE-2026-14940 (A heap-buffer-overflow flaw was found in 389 Directory Server 
(389-ds- ...)
+       TODO: check
+CVE-2026-14935 (A logic vulnerability was found in GStreamer's webrtcbin 
component. Th ...)
+       TODO: check
+CVE-2026-14904 (AWS Research and Engineering Studio (RES) is an open-source 
solution t ...)
+       TODO: check
+CVE-2026-14868 (The encryption algorithm used to protect the configuration of 
user acc ...)
+       TODO: check
+CVE-2026-14867 (Credentials of built-in users are insecurely stored in the 
User direct ...)
+       TODO: check
+CVE-2026-14500 (The Bulk Order Update for WooCommerce plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2026-14495 (The DoLogin Security plugin for WordPress is vulnerable to 
Authenticat ...)
+       TODO: check
+CVE-2026-14489 (The WHMCS Bridge plugin for WordPress is vulnerable to 
arbitrary file  ...)
+       TODO: check
+CVE-2026-14487 (The Simple Coherent Form plugin for WordPress is vulnerable to 
arbitra ...)
+       TODO: check
+CVE-2026-14482 (The \u591a\u8bf4\u793e\u4f1a\u5316\u8bc4\u8bba\u6846 plugin 
for WordPr ...)
+       TODO: check
+CVE-2026-14476 (A path traversal flaw was found in SSSD's AD GPO provider. The 
ad_gpo_ ...)
+       TODO: check
+CVE-2026-14474 (A flaw was found in SSSD's LDAP sudo provider. When the 
ldap_sudo_sear ...)
+       TODO: check
+CVE-2026-14244 (The Jssor Slider by jssor.com plugin for WordPress is 
vulnerable to Di ...)
+       TODO: check
+CVE-2026-14158 (The Widget Logic Visual plugin for WordPress is vulnerable to 
Remote C ...)
+       TODO: check
+CVE-2026-13696 (Improper neutralization of special elements used in an LDAP 
query ('LD ...)
+       TODO: check
+CVE-2026-13199 (EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices 
produce ...)
+       TODO: check
+CVE-2026-13020 (A Weak Password Recovery Mechanism for Forgotten Password 
exists in Es ...)
+       TODO: check
+CVE-2026-13019 (Esri Portal for ArcGIS versions 12.1 and earlier on Windows, 
Linux and ...)
+       TODO: check
+CVE-2026-12948 (A stored cross-site scripting (XSS) vulnerability in the web 
managemen ...)
+       TODO: check
+CVE-2026-12378 (The Appointment Booking Calendar Plugin and Scheduling Plugin  
WordPre ...)
+       TODO: check
+CVE-2026-12352 (This vulnerability allows an unauthenticated actor to bypass 
authentic ...)
+       TODO: check
+CVE-2026-12153 (The WP Learn Manager plugin for WordPress is vulnerable to 
authorizati ...)
+       TODO: check
+CVE-2026-12097 (The User Management plugin for WordPress is vulnerable to 
authorizatio ...)
+       TODO: check
+CVE-2026-12041 (The Chatra Live Chat + ChatBot + Cart Saver plugin for 
WordPress is vu ...)
+       TODO: check
+CVE-2026-11798 (The Social Share, Social Login and Social Comments Plugin 
\u2013 Super ...)
+       TODO: check
+CVE-2026-11610 (A heap buffer overflow flaw was found in the SASL I/O layer of 
389 Dir ...)
+       TODO: check
+CVE-2026-11348 (Improper verification of cryptographic signature vulnerability 
in HAVE ...)
+       TODO: check
+CVE-2026-11340 (Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS 
allows  ...)
+       TODO: check
+CVE-2026-10659 (The Dhara flash translation layer disk driver 
(drivers/disk/ftl_dhara. ...)
+       TODO: check
+CVE-2026-10570 (The Sympl Repeater for ACF and Elementor plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site 
Scripti ...)
+       TODO: check
 CVE-2026-56003 [computeProps Property Buffer Heap Buffer Overflow]
        - libxfont <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
@@ -24,21 +328,21 @@ CVE-2026-55999 [glamor Font Atlas Heap Buffer Overflow]
        [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/2
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/fbf7bac22e2c6bd627fb042742a23318263edae1
-CVE-2026-14895
+CVE-2026-14895 (String::Util versions before 1.36 for Perl are susceptible to 
a regula ...)
        - libstring-util-perl <unfixed>
        [trixie] - libstring-util-perl <no-dsa> (Minor issue; will be fixed via 
point release)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625636/
        NOTE: Fixed by: 
https://github.com/scottchiefbaker/String-Util/commit/f8150867aaeb8f57c59601aefb2193f2caed8745
 (v1.36)
-CVE-2026-14380
+CVE-2026-14380 (DBI versions before 1.650 for Perl are vulnerable to code 
injection vi ...)
        - libdbi-perl <unfixed>
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625527/
        NOTE: 
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ch8w-hxc2-v557
        NOTE: Fixed by: 
https://github.com/perl5-dbi/dbi/commit/b73d5d9901767fc1d16b6661ef08fbed4532e259
 (1.650)
-CVE-2026-14739
+CVE-2026-14739 (DBI versions before 1.650 for Perl have a heap overflow when 
preparsin ...)
        - libdbi-perl <unfixed>
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625530/
        NOTE: Fixed by: 
https://github.com/perl5-dbi/dbi/commit/2b77c88b655e9539a592c71a61fb965fc0075395
 (1.650)
-CVE-2026-14740
+CVE-2026-14740 (DBI versions before 1.650 for Perl read one byte out-of-bounds 
in prep ...)
        - libdbi-perl <unfixed>
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625532/
        NOTE: 
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg
@@ -147,10 +451,10 @@ CVE-2026-55191
        - freerdp3 3.27.0+dfsg-1
        - freerdp2 <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vx73-w5q6-7jqr
-CVE-2011-10043
+CVE-2011-10043 (Module::Load versions before 0.22 for Perl allow arbitrary 
modules out ...)
        - perl 5.18.1-2
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41608305/
-CVE-2026-7017
+CVE-2026-7017 (HTTP::Tiny versions before 0.095 for Perl forward credential 
headers t ...)
        - libhttp-tiny-perl <unfixed> (bug #1141638)
        - perl <unfixed> (bug #1141639)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41618211/
@@ -158,15 +462,15 @@ CVE-2026-7017
        NOTE: Fixed by: 
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/84984ef3930ddd4afcf5eb83b40d3cee200739c3
 (release-0.095)
        NOTE: Fixed by: 
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/e7a03aedf2395158f2b0d3bad2df943349227bb3
 (release-0.095)
        NOTE: Fixed by: 
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/8f32ca89e21c3ad0422adc698fa6ad17a193f55f
 (release-0.095)
-CVE-2026-53878 [Header injection possibility since DomainNameValidator 
accepted newlines in input]
+CVE-2026-53878 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2 
before 5.2. ...)
        - python-django 3:5.2.16-1 (bug #1141629)
        NOTE: 
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
        NOTE: Fixed by: 
https://github.com/django/django/commit/d5d60ed0323cddaa0ce0237a26a3d49ac21ee05e
 (5.2.16)
-CVE-2026-53877 [Heap buffer over-read in GDALRaster]
+CVE-2026-53877 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2 
before 5.2. ...)
        - python-django 3:5.2.16-1 (bug #1141629)
        NOTE: 
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
        NOTE: Fixed by: 
https://github.com/django/django/commit/6c66eb8cec52b303af85c2c6e4dd00aa37654dbc
 (5.2.16)
-CVE-2026-48588 [Potential exposure of private data via cached Set-Cookie 
response]
+CVE-2026-48588 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2 
before 5.2. ...)
        - python-django 3:5.2.16-1 (bug #1141629)
        NOTE: 
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
        NOTE: Fixed by: 
https://github.com/django/django/commit/721685aa7799cc9327bd202cd1f70bd012ca95a7
 (5.2.16)
@@ -175,17 +479,17 @@ CVE-2026-XXXX [InspIRCd Security Advisory 2026-01]
        NOTE: https://docs.inspircd.org/security/2026-01/
        NOTE: 
https://github.com/inspircd/inspircd/commit/b7e5357b144c2e20c72431e22f0f2b13e5be82ce
 (v4.11.0)
        NOTE: 
https://github.com/inspircd/inspircd/commit/6319ae4fb8c10dabc9464ad49faec532096fbcb5
 (v4.11.0)
-CVE-2026-33264
+CVE-2026-33264 (A bug in `BaseSerialization.deserialize()` allowed 
unrestricted `impor ...)
        - airflow <itp> (bug #819700)
-CVE-2026-49487
+CVE-2026-49487 (In Apache Airflow before 3.3.0, the REST API task-instance 
detail and  ...)
        - airflow <itp> (bug #819700)
-CVE-2026-48828
+CVE-2026-48828 (The Bulk Variables API in Apache Airflow called the redactor 
without p ...)
        - airflow <itp> (bug #819700)
-CVE-2026-49296
+CVE-2026-49296 (Before apache-airflow 3.3.0, a user authorized to read one Dag 
could d ...)
        - airflow <itp> (bug #819700)
-CVE-2026-48891
+CVE-2026-48891 (A bug in Apache Airflow's `/ui/dependencies` scheduling graph 
endpoint ...)
        - airflow <itp> (bug #819700)
-CVE-2026-48892
+CVE-2026-48892 (The Config API in Apache Airflow surfaced per-key 
secrets-backend over ...)
        - airflow <itp> (bug #819700)
 CVE-2026-59713 (Leantime contains an OIDC login CSRF vulnerability in the 
verifyState( ...)
        NOT-FOR-US: Leantime
@@ -2686,10 +2990,12 @@ CVE-2026-56149 (Allocation of Resources Without Limits 
or Throttling (CWE-770) i
 CVE-2026-56148 (Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to 
a denial ...)
        - elasticsearch <removed>
 CVE-2026-55628 (In versions prior to 7.1.2-26he, the `-concatenate` operation 
is missi ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.26+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/dcba7ee9ffb0c5a22a458bf0c613bc818fcb4cc6
 (7.1.2-26)
 CVE-2026-55597 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.26+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/277541927c2de8317d4167ee16d57375f24971d3
 (7.1.2-26)
@@ -2700,11 +3006,13 @@ CVE-2026-55595 (ImageMagick is free and open-source 
software used for editing an
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/549fdf2195bbac1c93e736c04f416d4d9a5d05a8
 (7.1.2-26)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/f102ddccceb30b38dd01f9d77025f51c9a5cc272
 (6.9.13-51)
 CVE-2026-55594 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.26+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/c8868afaf0fe901cddb52177971de25c33f8aa02
 (7.1.2-26)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/46d1c3a7d0d91bf8323deb0b29246e7e52db6778
 (6.9.13-51)
 CVE-2026-55577 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.26+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/01ce608dd41fa358e212ebb66035b7257cd9d915
 (7.1.2-26)
@@ -2750,11 +3058,13 @@ CVE-2026-53903 (MCO is vulnerable to an Insecure Direct 
Object Reference (IDOR)
 CVE-2026-53902 (MCO does not properly enforce authorization checks in the 
/customer/se ...)
        NOT-FOR-US: MyComplianceOffice MCO
 CVE-2026-53467 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.26+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/9d1764c43a15b78e18a7f66649989d59079a9e15
 (7.1.2-26)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/ad68aca5cd33e199f6cd3048da2ae62e76f05b74
 (6.9.13-51)
 CVE-2026-53466 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.26+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/47ca7210515f3c9ea033b86fe4323a70caa74468
 (7.1.2-26)
@@ -3243,6 +3553,7 @@ CVE-2026-56413 (Storage Concentrator (SC & SCVM) contains 
a command injection vu
 CVE-2026-56399 (Open WebUI before 0.6.27 contains a server-side request 
forgery vulner ...)
        NOT-FOR-US: Open WebUI
 CVE-2026-56377 (ImageMagick before 7.1.2-24 contains an incorrect policy check 
that al ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.24+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/3705205e1424d379c2fc46c026c8560ccea0509e
 (7.1.2-24)
@@ -3252,21 +3563,25 @@ CVE-2026-56369 (ImageMagick before 7.1.2-22 contains an 
information disclosure v
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch5
        NOTE: Fixed by documentation upgrade 
https://github.com/ImageMagick/ImageMagick/issues/8837#event-27569522488
 CVE-2026-56365 (ImageMagick before 7.1.2-19 contains a memory leak 
vulnerability in th ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.19+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/ca761f220bbf0470e2e7967639bcfb5be305ad28
 (7.1.2-19)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/28ed1c9993fe437a44c00bee2ee20d58f7e0204c
 (6.9.13-44)
 CVE-2026-56364 (ImageMagick before 7.1.2-13 contains a memory leak 
vulnerability in Lo ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.13+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
        NOTE: Fixed by [1/2]: 
https://github.com/ImageMagick/ImageMagick/commit/951f6b0940224afc469f6a72503d6e011c688d02
 (7.1.2-13)
        NOTE: Fixed by [2/2]: 
https://github.com/ImageMagick/ImageMagick/commit/5fd4e5ad05a986b00e1519fa308ca3c5cf3d09d8
 (7.1.2-14)
 CVE-2026-56363 (ImageMagick before 7.1.2-22 contains a division by zero 
vulnerability  ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.23+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vf33-6r7x-66xx
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/d67eef71764cfeca07b4edf8a8ae922180f5f2e4
 (7.1.2-22)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/7a48e0b3107608c7d87a172473cfd5294bc9e81f
 (6.9.13-47)
 CVE-2026-56361 (ImageMagick before 7.1.2-19 contains an off-by-one error in 
morphology ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.19+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/a6bfb1bb7b4017ec52f5a957641d83ce29b63286
 (7.1.2-19)
@@ -9411,11 +9726,13 @@ CVE-2026-57280 (Jenkins Script Security Plugin 
1402.v94c9ce464861 and earlier do
 CVE-2026-56761 (hono before 4.12.14 contains an html injection vulnerability 
in jsx se ...)
        NOT-FOR-US: Hono
 CVE-2026-56370 (ImageMagick before 7.1.2-19 contains an out-of-bounds access 
vulnerabi ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.19+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/2ab24d74865ab92faeeefe0fec890abf1e88e57c
 (7.1.2-19)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/60b4e60841b429d719c59144e2505c8b0135367d
 (6.9.13-44)
 CVE-2026-56368 (ImageMagick before 7.1.2-15 contains a memory leak 
vulnerability in mu ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.15+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/fe0a49a58ac5b7a18ff2618b6207dcad71123e43
 (7.1.2-14)
@@ -11236,11 +11553,13 @@ CVE-2026-56379 (ImageMagick before 7.1.2-15 and 
6.9.13-40 contains a command inj
        NOTE: bookworm/bullseye fixed by backporting svg/msl coder from 
6.9.13-41
        NOTE: trixie fixed by backporting svg/msl to 7.1.2-16
 CVE-2026-56376 (ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap 
use-after-fr ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.15+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/f5049954f12c6fcf090a776767526d2a4708d58b
 (7.1.2-14)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/94062bdf70dacc9714f2ff46a5920ceac63836cf
 (6.9.13-39)
 CVE-2026-56371 (ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory 
leak in co ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.15+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3
 (7.1.2-14)
@@ -12398,11 +12717,13 @@ CVE-2025-71351 (picklescan before 0.0.25 fails to 
detect malicious pickle files
 CVE-2025-71348 (picklescan before 0.0.28 fails to detect malicious pickle 
files that i ...)
        NOT-FOR-US: picklescan
 CVE-2026-56367 (ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 
contains an int ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.15+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c
 (7.1.2-14)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/f4976eb8efe87009eec7cb12f62a3abd1cef4881
 (6.9.13-39)
 CVE-2026-56378 (ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) 
contains a heap ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.15+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/436e5d2589e3c0adc10d9aa189e81d5d088d8207
 (7.1.2-14)
@@ -61959,7 +62280,7 @@ CVE-2026-5532 (A vulnerability was found in 
ScrapeGraphAI scrapegraph-ai up to 1
        NOT-FOR-US: ScrapeGraphAI scrapegraph-ai
 CVE-2026-5531 (A vulnerability has been found in SourceCodester Student Result 
Manage ...)
        NOT-FOR-US: SourceCodester
-CVE-2026-5530 (A flaw has been found in Ollama up to 18.1. This issue affects 
some un ...)
+CVE-2026-5530 (A flaw has been found in Ollama up to 0.18.1. This issue 
affects some  ...)
        - ollama <itp> (bug #1094806)
 CVE-2026-5529 (A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. 
This v ...)
        NOT-FOR-US: Dromara lamp-cloud
@@ -69546,7 +69867,8 @@ CVE-2026-3533 (The Jupiter X Core plugin for WordPress 
is vulnerable to limited
        NOT-FOR-US: WordPress plugin
 CVE-2026-3509 (An unauthenticated remote attacker may be able to control the 
format s ...)
        NOT-FOR-US: CODESYS
-CVE-2026-3260 (A flaw was found in Undertow. A remote attacker could exploit 
this vul ...)
+CVE-2026-3260
+       REJECTED
        - undertow <unfixed> (bug #1134949)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443010
 CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress 
is vul ...)
@@ -170377,6 +170699,7 @@ CVE-2025-32462 (Sudo before 1.9.17p1, when used with 
a sudoers file that specifi
        - sudo 1.9.16p2-3
        NOTE: https://www.sudo.ws/security/advisories/host_any/
 CVE-2025-6297 (It was discovered that dpkg-deb does not properly sanitize 
directory p ...)
+       {DLA-4673-1}
        - dpkg 1.22.21
        [bookworm] - dpkg 1.21.23
        NOTE: Fixed by: 
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82
 (main)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd55729eb517937a5390920dc01ece2f3326fa9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd55729eb517937a5390920dc01ece2f3326fa9
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to