Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2bd55729 by security tracker role at 2026-07-08T07:13:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,307 @@
+CVE-2026-9842 (The Backstage - Customizer Demo Access plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2026-9731 (The Wp Js Detect plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2026-9701 (The Eventer plugin for WordPress is vulnerable to an insecure
password ...)
+ TODO: check
+CVE-2026-9700 (The Eventer plugin for WordPress is vulnerable to time-based
SQL Injec ...)
+ TODO: check
+CVE-2026-9695 (An Improper Authentication vulnerability affecting DELMIA
Apriso from ...)
+ TODO: check
+CVE-2026-8377 (Missing Authorization vulnerability in Armiya Information
Technologies ...)
+ TODO: check
+CVE-2026-8309 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-8306 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-7380 (Improper neutralization of Script-Related HTML tags in a web
page (bas ...)
+ TODO: check
+CVE-2026-6101 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-60002 (ssh in OpenSSH before 10.4 can have a use-after-free when a
server cha ...)
+ TODO: check
+CVE-2026-60001 (sshd in OpenSSH before 10.4 does not always honor the minimum
authenti ...)
+ TODO: check
+CVE-2026-60000 (sshd in OpenSSH before 10.4 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2026-5799 (Authorization bypass through User-Controlled key vulnerability
in Idvl ...)
+ TODO: check
+CVE-2026-5730 (Authorization bypass through User-Controlled key vulnerability
in Idvl ...)
+ TODO: check
+CVE-2026-59999 (In sshd in OpenSSH before 10.4, DisableForwarding=yes was
supposed to ...)
+ TODO: check
+CVE-2026-59998 (sshd in OpenSSH before 10.4 has an undocumented
security-relevant beha ...)
+ TODO: check
+CVE-2026-59997 (internal-sftp in sshd in OpenSSH before 10.4 recognizes only
the first ...)
+ TODO: check
+CVE-2026-59996 (scp in OpenSSH before 10.4 may place a file in the parent
directory of ...)
+ TODO: check
+CVE-2026-59995 (sftp in OpenSSH before 10.4 does not properly constrain the
location o ...)
+ TODO: check
+CVE-2026-59800 (9Router before 0.4.44 contains an OS command injection
vulnerability i ...)
+ TODO: check
+CVE-2026-59709 (Ghostfolio's PUT
/api/v1/portfolio/holding/:dataSource/:symbol/tags en ...)
+ TODO: check
+CVE-2026-59708 (The GET /api/v1/public/:accessId/portfolio endpoint in
ghostfolio acce ...)
+ TODO: check
+CVE-2026-59707 (LocalAI contains an unauthenticated server-side request
forgery vulner ...)
+ TODO: check
+CVE-2026-59706 (mem0 contains unauthenticated config API endpoints that expose
LLM API ...)
+ TODO: check
+CVE-2026-59705 (mem0's openmemory/api component contains an unauthenticated
access vul ...)
+ TODO: check
+CVE-2026-59704 (Cap's GET /api/video/ai endpoint fails to validate user
ownership or m ...)
+ TODO: check
+CVE-2026-59153 (Anki is a program for creating and reviewing flashcards. Prior
to 25.0 ...)
+ TODO: check
+CVE-2026-58583 (FluxInk (formerly Sunia SPB Peripheral) Color Management
Driver (TcnPe ...)
+ TODO: check
+CVE-2026-58473 (Cognee before 1.2.0 contains an improper access control
vulnerability ...)
+ TODO: check
+CVE-2026-58472 (GNU Wget through 1.25.0, fixed in commit dd692d9, contains a
heap buff ...)
+ TODO: check
+CVE-2026-58471 (GNU Wget through 1.25.0, fixed in commit c2640fe, contains a
heap buff ...)
+ TODO: check
+CVE-2026-58470 (GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an
integer ...)
+ TODO: check
+CVE-2026-58469 (GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a
heap buff ...)
+ TODO: check
+CVE-2026-58468 (NocoBase through 2.1.20 contains a server-side request forgery
vulnera ...)
+ TODO: check
+CVE-2026-58384 (A flaw was found in GIMP's PSD parser. An integer overflow in
read_RLE ...)
+ TODO: check
+CVE-2026-58266 (Anki is a program for creating and reviewing flashcards. Prior
to 25.0 ...)
+ TODO: check
+CVE-2026-57895 (Incorrect default permissions issue exists in Pupsman versions
prior t ...)
+ TODO: check
+CVE-2026-57851 (MSI Feature Manager contains a local privilege escalation
vulnerabilit ...)
+ TODO: check
+CVE-2026-57172 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-56843 (Incorrect authorization in the XML-RPC API of WebPros Plesk
before 18. ...)
+ TODO: check
+CVE-2026-56812 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
+ TODO: check
+CVE-2026-56811 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-56437 (Uncontrolled search path element issue exists in Pupsman
versions prio ...)
+ TODO: check
+CVE-2026-55647 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-55635 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-55633 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-55631 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-55592 (Dashy is a self-hostable personal dashboard. Prior to 4.3.7,
Dashy's w ...)
+ TODO: check
+CVE-2026-55490 (OpenWrt is a Linux operating system targeting embedded
devices. Before ...)
+ TODO: check
+CVE-2026-55438 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55437 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55436 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55435 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55434 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55433 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55432 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55431 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55430 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55429 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55428 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55427 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55418 (FastGPT is an open source AI knowledge base platform. Prior to
v4.15.0 ...)
+ TODO: check
+CVE-2026-55417 (Chevereto is a self-hosted media-sharing platform. Starting in
version ...)
+ TODO: check
+CVE-2026-55408 (Koodo Reader is an ebook reader. In version 2.3.0 and earlier,
Koodo R ...)
+ TODO: check
+CVE-2026-55079 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55078 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55077 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55076 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-55075 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-54698 (Hasura is an open-source product that provides users GraphQL
or REST A ...)
+ TODO: check
+CVE-2026-54607 (FastGPT is a knowledge-based AI application platform. Prior to
4.15.0- ...)
+ TODO: check
+CVE-2026-54602 (FastGPT is a knowledge-based AI application platform. Prior to
4.15.0, ...)
+ TODO: check
+CVE-2026-54601 (FastGPT is an open source AI knowledge base platform. From
4.14.17 to ...)
+ TODO: check
+CVE-2026-53935 (Cilium is a networking, observability, and security solution.
Prior to ...)
+ TODO: check
+CVE-2026-53751 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-53730 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-53729 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-53511 (calibre is an e-book manager. Prior to 9.10.0, a malicious
EPUB, OPF, ...)
+ TODO: check
+CVE-2026-53483 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
+ TODO: check
+CVE-2026-53481 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
+ TODO: check
+CVE-2026-53479 (DellPowerProtectData Domain, versions 7.7.1.0 through 8.7,
LTS2026 rel ...)
+ TODO: check
+CVE-2026-51937 (An issue in Oneblog V2.3.9 allows a remote attacker to obtain
sensitiv ...)
+ TODO: check
+CVE-2026-50811 (An out-of-bounds read vulnerability exists in FreeType 2.14.3
and vers ...)
+ TODO: check
+CVE-2026-50810 (A NULL pointer dereference in smooth_parse_stream_index() in
src/media ...)
+ TODO: check
+CVE-2026-50530 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-50529 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-50179 (Actual is a local-first personal finance tool. Prior to
26.6.0, export ...)
+ TODO: check
+CVE-2026-50007 (Actual is an open-source personal finance application. Prior
to 26.7.0 ...)
+ TODO: check
+CVE-2026-49471 (Serena is a powerful MCP toolkit for coding that provides
semantic ret ...)
+ TODO: check
+CVE-2026-49229 (Actual is a local-first personal finance app. Prior to 26.6.0,
in Open ...)
+ TODO: check
+CVE-2026-49033 (The application contains a stack-based buffer overflow
vulnerability t ...)
+ TODO: check
+CVE-2026-48958 (An improper access check allows unauthorized users to create
custom fi ...)
+ TODO: check
+CVE-2026-48957 (An improper access check allows unauthorized users to access
com_priva ...)
+ TODO: check
+CVE-2026-48956 (An improper access check allows users to display a list of
modules in ...)
+ TODO: check
+CVE-2026-48955 (An improper access check allows unauthorized users to access
workflow ...)
+ TODO: check
+CVE-2026-48954 (Improper validation leads to a generic XSS vector in the
language over ...)
+ TODO: check
+CVE-2026-48953 (Lack of escaping leads to an XSS vulnerability in the generic
image ou ...)
+ TODO: check
+CVE-2026-48952 (Lack of escaping leads to an XSS vulnerability in the update
list view ...)
+ TODO: check
+CVE-2026-48951 (Lack of escaping leads to XSS vulnerabilities in modalreturn
layouts o ...)
+ TODO: check
+CVE-2026-48950 (Lack of escaping leads to an XSS vulnerability in the file
management ...)
+ TODO: check
+CVE-2026-48949 (Lack of validation leads to an XSS vulnerability in the MFA
management ...)
+ TODO: check
+CVE-2026-48948 (An improper access check allows user to download vcard exports
of com_ ...)
+ TODO: check
+CVE-2026-48947 (An improper access check allows privileged users to overwrite
media fi ...)
+ TODO: check
+CVE-2026-46700 (Actual is a local-first personal finance tool. Prior to
26.6.0, the GE ...)
+ TODO: check
+CVE-2026-46672 (Actual is a local-first personal finance app. Prior to 26.6.0,
@actual ...)
+ TODO: check
+CVE-2026-46354 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-45796 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-44938 (A vulnerability has been identified in Fleet's agent-side
deployer, wh ...)
+ TODO: check
+CVE-2026-44877 (An unauthenticated remote disclosure vulnerability has been
identified ...)
+ TODO: check
+CVE-2026-44454 (Coder allows organizations to provision remote development
environment ...)
+ TODO: check
+CVE-2026-42958 (The application contains a use-after-free vulnerability that
can be ex ...)
+ TODO: check
+CVE-2026-42953 (The application contains an out-of-bounds write vulnerability
that can ...)
+ TODO: check
+CVE-2026-37271 (Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is
vulnerable ...)
+ TODO: check
+CVE-2026-37270 (Trueview Security camera T18161- AF v4.9.60.0 contains an
authenticati ...)
+ TODO: check
+CVE-2026-36163 (An HTML injection vulnerability in the file view endpoint of
LiquidFil ...)
+ TODO: check
+CVE-2026-36162 (An authenticated stored cross-site scripting (XSS)
vulnerability in th ...)
+ TODO: check
+CVE-2026-28378 (The public dashboard deletion endpoint does not enforce
organization i ...)
+ TODO: check
+CVE-2026-23698 (Vtiger CRM through 8.4.0 contains an authenticated remote code
executi ...)
+ TODO: check
+CVE-2026-23697 (Vtiger CRM before 8.4.0 contains an authenticated file upload
vulnerab ...)
+ TODO: check
+CVE-2026-14969 (A flaw was found in 389-ds-base where the LDBM backend
attribute encry ...)
+ TODO: check
+CVE-2026-14940 (A heap-buffer-overflow flaw was found in 389 Directory Server
(389-ds- ...)
+ TODO: check
+CVE-2026-14935 (A logic vulnerability was found in GStreamer's webrtcbin
component. Th ...)
+ TODO: check
+CVE-2026-14904 (AWS Research and Engineering Studio (RES) is an open-source
solution t ...)
+ TODO: check
+CVE-2026-14868 (The encryption algorithm used to protect the configuration of
user acc ...)
+ TODO: check
+CVE-2026-14867 (Credentials of built-in users are insecurely stored in the
User direct ...)
+ TODO: check
+CVE-2026-14500 (The Bulk Order Update for WooCommerce plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2026-14495 (The DoLogin Security plugin for WordPress is vulnerable to
Authenticat ...)
+ TODO: check
+CVE-2026-14489 (The WHMCS Bridge plugin for WordPress is vulnerable to
arbitrary file ...)
+ TODO: check
+CVE-2026-14487 (The Simple Coherent Form plugin for WordPress is vulnerable to
arbitra ...)
+ TODO: check
+CVE-2026-14482 (The \u591a\u8bf4\u793e\u4f1a\u5316\u8bc4\u8bba\u6846 plugin
for WordPr ...)
+ TODO: check
+CVE-2026-14476 (A path traversal flaw was found in SSSD's AD GPO provider. The
ad_gpo_ ...)
+ TODO: check
+CVE-2026-14474 (A flaw was found in SSSD's LDAP sudo provider. When the
ldap_sudo_sear ...)
+ TODO: check
+CVE-2026-14244 (The Jssor Slider by jssor.com plugin for WordPress is
vulnerable to Di ...)
+ TODO: check
+CVE-2026-14158 (The Widget Logic Visual plugin for WordPress is vulnerable to
Remote C ...)
+ TODO: check
+CVE-2026-13696 (Improper neutralization of special elements used in an LDAP
query ('LD ...)
+ TODO: check
+CVE-2026-13199 (EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices
produce ...)
+ TODO: check
+CVE-2026-13020 (A Weak Password Recovery Mechanism for Forgotten Password
exists in Es ...)
+ TODO: check
+CVE-2026-13019 (Esri Portal for ArcGIS versions 12.1 and earlier on Windows,
Linux and ...)
+ TODO: check
+CVE-2026-12948 (A stored cross-site scripting (XSS) vulnerability in the web
managemen ...)
+ TODO: check
+CVE-2026-12378 (The Appointment Booking Calendar Plugin and Scheduling Plugin
WordPre ...)
+ TODO: check
+CVE-2026-12352 (This vulnerability allows an unauthenticated actor to bypass
authentic ...)
+ TODO: check
+CVE-2026-12153 (The WP Learn Manager plugin for WordPress is vulnerable to
authorizati ...)
+ TODO: check
+CVE-2026-12097 (The User Management plugin for WordPress is vulnerable to
authorizatio ...)
+ TODO: check
+CVE-2026-12041 (The Chatra Live Chat + ChatBot + Cart Saver plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2026-11798 (The Social Share, Social Login and Social Comments Plugin
\u2013 Super ...)
+ TODO: check
+CVE-2026-11610 (A heap buffer overflow flaw was found in the SASL I/O layer of
389 Dir ...)
+ TODO: check
+CVE-2026-11348 (Improper verification of cryptographic signature vulnerability
in HAVE ...)
+ TODO: check
+CVE-2026-11340 (Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS
allows ...)
+ TODO: check
+CVE-2026-10659 (The Dhara flash translation layer disk driver
(drivers/disk/ftl_dhara. ...)
+ TODO: check
+CVE-2026-10570 (The Sympl Repeater for ACF and Elementor plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site
Scripti ...)
+ TODO: check
CVE-2026-56003 [computeProps Property Buffer Heap Buffer Overflow]
- libxfont <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
@@ -24,21 +328,21 @@ CVE-2026-55999 [glamor Font Atlas Heap Buffer Overflow]
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/2
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/fbf7bac22e2c6bd627fb042742a23318263edae1
-CVE-2026-14895
+CVE-2026-14895 (String::Util versions before 1.36 for Perl are susceptible to
a regula ...)
- libstring-util-perl <unfixed>
[trixie] - libstring-util-perl <no-dsa> (Minor issue; will be fixed via
point release)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625636/
NOTE: Fixed by:
https://github.com/scottchiefbaker/String-Util/commit/f8150867aaeb8f57c59601aefb2193f2caed8745
(v1.36)
-CVE-2026-14380
+CVE-2026-14380 (DBI versions before 1.650 for Perl are vulnerable to code
injection vi ...)
- libdbi-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625527/
NOTE:
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ch8w-hxc2-v557
NOTE: Fixed by:
https://github.com/perl5-dbi/dbi/commit/b73d5d9901767fc1d16b6661ef08fbed4532e259
(1.650)
-CVE-2026-14739
+CVE-2026-14739 (DBI versions before 1.650 for Perl have a heap overflow when
preparsin ...)
- libdbi-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625530/
NOTE: Fixed by:
https://github.com/perl5-dbi/dbi/commit/2b77c88b655e9539a592c71a61fb965fc0075395
(1.650)
-CVE-2026-14740
+CVE-2026-14740 (DBI versions before 1.650 for Perl read one byte out-of-bounds
in prep ...)
- libdbi-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625532/
NOTE:
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg
@@ -147,10 +451,10 @@ CVE-2026-55191
- freerdp3 3.27.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vx73-w5q6-7jqr
-CVE-2011-10043
+CVE-2011-10043 (Module::Load versions before 0.22 for Perl allow arbitrary
modules out ...)
- perl 5.18.1-2
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41608305/
-CVE-2026-7017
+CVE-2026-7017 (HTTP::Tiny versions before 0.095 for Perl forward credential
headers t ...)
- libhttp-tiny-perl <unfixed> (bug #1141638)
- perl <unfixed> (bug #1141639)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41618211/
@@ -158,15 +462,15 @@ CVE-2026-7017
NOTE: Fixed by:
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/84984ef3930ddd4afcf5eb83b40d3cee200739c3
(release-0.095)
NOTE: Fixed by:
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/e7a03aedf2395158f2b0d3bad2df943349227bb3
(release-0.095)
NOTE: Fixed by:
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/8f32ca89e21c3ad0422adc698fa6ad17a193f55f
(release-0.095)
-CVE-2026-53878 [Header injection possibility since DomainNameValidator
accepted newlines in input]
+CVE-2026-53878 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2
before 5.2. ...)
- python-django 3:5.2.16-1 (bug #1141629)
NOTE:
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/d5d60ed0323cddaa0ce0237a26a3d49ac21ee05e
(5.2.16)
-CVE-2026-53877 [Heap buffer over-read in GDALRaster]
+CVE-2026-53877 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2
before 5.2. ...)
- python-django 3:5.2.16-1 (bug #1141629)
NOTE:
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/6c66eb8cec52b303af85c2c6e4dd00aa37654dbc
(5.2.16)
-CVE-2026-48588 [Potential exposure of private data via cached Set-Cookie
response]
+CVE-2026-48588 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2
before 5.2. ...)
- python-django 3:5.2.16-1 (bug #1141629)
NOTE:
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/721685aa7799cc9327bd202cd1f70bd012ca95a7
(5.2.16)
@@ -175,17 +479,17 @@ CVE-2026-XXXX [InspIRCd Security Advisory 2026-01]
NOTE: https://docs.inspircd.org/security/2026-01/
NOTE:
https://github.com/inspircd/inspircd/commit/b7e5357b144c2e20c72431e22f0f2b13e5be82ce
(v4.11.0)
NOTE:
https://github.com/inspircd/inspircd/commit/6319ae4fb8c10dabc9464ad49faec532096fbcb5
(v4.11.0)
-CVE-2026-33264
+CVE-2026-33264 (A bug in `BaseSerialization.deserialize()` allowed
unrestricted `impor ...)
- airflow <itp> (bug #819700)
-CVE-2026-49487
+CVE-2026-49487 (In Apache Airflow before 3.3.0, the REST API task-instance
detail and ...)
- airflow <itp> (bug #819700)
-CVE-2026-48828
+CVE-2026-48828 (The Bulk Variables API in Apache Airflow called the redactor
without p ...)
- airflow <itp> (bug #819700)
-CVE-2026-49296
+CVE-2026-49296 (Before apache-airflow 3.3.0, a user authorized to read one Dag
could d ...)
- airflow <itp> (bug #819700)
-CVE-2026-48891
+CVE-2026-48891 (A bug in Apache Airflow's `/ui/dependencies` scheduling graph
endpoint ...)
- airflow <itp> (bug #819700)
-CVE-2026-48892
+CVE-2026-48892 (The Config API in Apache Airflow surfaced per-key
secrets-backend over ...)
- airflow <itp> (bug #819700)
CVE-2026-59713 (Leantime contains an OIDC login CSRF vulnerability in the
verifyState( ...)
NOT-FOR-US: Leantime
@@ -2686,10 +2990,12 @@ CVE-2026-56149 (Allocation of Resources Without Limits
or Throttling (CWE-770) i
CVE-2026-56148 (Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to
a denial ...)
- elasticsearch <removed>
CVE-2026-55628 (In versions prior to 7.1.2-26he, the `-concatenate` operation
is missi ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.26+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/dcba7ee9ffb0c5a22a458bf0c613bc818fcb4cc6
(7.1.2-26)
CVE-2026-55597 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.26+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/277541927c2de8317d4167ee16d57375f24971d3
(7.1.2-26)
@@ -2700,11 +3006,13 @@ CVE-2026-55595 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/549fdf2195bbac1c93e736c04f416d4d9a5d05a8
(7.1.2-26)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/f102ddccceb30b38dd01f9d77025f51c9a5cc272
(6.9.13-51)
CVE-2026-55594 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.26+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/c8868afaf0fe901cddb52177971de25c33f8aa02
(7.1.2-26)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/46d1c3a7d0d91bf8323deb0b29246e7e52db6778
(6.9.13-51)
CVE-2026-55577 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.26+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/01ce608dd41fa358e212ebb66035b7257cd9d915
(7.1.2-26)
@@ -2750,11 +3058,13 @@ CVE-2026-53903 (MCO is vulnerable to an Insecure Direct
Object Reference (IDOR)
CVE-2026-53902 (MCO does not properly enforce authorization checks in the
/customer/se ...)
NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53467 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.26+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/9d1764c43a15b78e18a7f66649989d59079a9e15
(7.1.2-26)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/ad68aca5cd33e199f6cd3048da2ae62e76f05b74
(6.9.13-51)
CVE-2026-53466 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.26+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/47ca7210515f3c9ea033b86fe4323a70caa74468
(7.1.2-26)
@@ -3243,6 +3553,7 @@ CVE-2026-56413 (Storage Concentrator (SC & SCVM) contains
a command injection vu
CVE-2026-56399 (Open WebUI before 0.6.27 contains a server-side request
forgery vulner ...)
NOT-FOR-US: Open WebUI
CVE-2026-56377 (ImageMagick before 7.1.2-24 contains an incorrect policy check
that al ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.24+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/3705205e1424d379c2fc46c026c8560ccea0509e
(7.1.2-24)
@@ -3252,21 +3563,25 @@ CVE-2026-56369 (ImageMagick before 7.1.2-22 contains an
information disclosure v
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch5
NOTE: Fixed by documentation upgrade
https://github.com/ImageMagick/ImageMagick/issues/8837#event-27569522488
CVE-2026-56365 (ImageMagick before 7.1.2-19 contains a memory leak
vulnerability in th ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/ca761f220bbf0470e2e7967639bcfb5be305ad28
(7.1.2-19)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/28ed1c9993fe437a44c00bee2ee20d58f7e0204c
(6.9.13-44)
CVE-2026-56364 (ImageMagick before 7.1.2-13 contains a memory leak
vulnerability in Lo ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.13+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
NOTE: Fixed by [1/2]:
https://github.com/ImageMagick/ImageMagick/commit/951f6b0940224afc469f6a72503d6e011c688d02
(7.1.2-13)
NOTE: Fixed by [2/2]:
https://github.com/ImageMagick/ImageMagick/commit/5fd4e5ad05a986b00e1519fa308ca3c5cf3d09d8
(7.1.2-14)
CVE-2026-56363 (ImageMagick before 7.1.2-22 contains a division by zero
vulnerability ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vf33-6r7x-66xx
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/d67eef71764cfeca07b4edf8a8ae922180f5f2e4
(7.1.2-22)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7a48e0b3107608c7d87a172473cfd5294bc9e81f
(6.9.13-47)
CVE-2026-56361 (ImageMagick before 7.1.2-19 contains an off-by-one error in
morphology ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a6bfb1bb7b4017ec52f5a957641d83ce29b63286
(7.1.2-19)
@@ -9411,11 +9726,13 @@ CVE-2026-57280 (Jenkins Script Security Plugin
1402.v94c9ce464861 and earlier do
CVE-2026-56761 (hono before 4.12.14 contains an html injection vulnerability
in jsx se ...)
NOT-FOR-US: Hono
CVE-2026-56370 (ImageMagick before 7.1.2-19 contains an out-of-bounds access
vulnerabi ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/2ab24d74865ab92faeeefe0fec890abf1e88e57c
(7.1.2-19)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/60b4e60841b429d719c59144e2505c8b0135367d
(6.9.13-44)
CVE-2026-56368 (ImageMagick before 7.1.2-15 contains a memory leak
vulnerability in mu ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/fe0a49a58ac5b7a18ff2618b6207dcad71123e43
(7.1.2-14)
@@ -11236,11 +11553,13 @@ CVE-2026-56379 (ImageMagick before 7.1.2-15 and
6.9.13-40 contains a command inj
NOTE: bookworm/bullseye fixed by backporting svg/msl coder from
6.9.13-41
NOTE: trixie fixed by backporting svg/msl to 7.1.2-16
CVE-2026-56376 (ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap
use-after-fr ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/f5049954f12c6fcf090a776767526d2a4708d58b
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/94062bdf70dacc9714f2ff46a5920ceac63836cf
(6.9.13-39)
CVE-2026-56371 (ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory
leak in co ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3
(7.1.2-14)
@@ -12398,11 +12717,13 @@ CVE-2025-71351 (picklescan before 0.0.25 fails to
detect malicious pickle files
CVE-2025-71348 (picklescan before 0.0.28 fails to detect malicious pickle
files that i ...)
NOT-FOR-US: picklescan
CVE-2026-56367 (ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40
contains an int ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/f4976eb8efe87009eec7cb12f62a3abd1cef4881
(6.9.13-39)
CVE-2026-56378 (ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40)
contains a heap ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/436e5d2589e3c0adc10d9aa189e81d5d088d8207
(7.1.2-14)
@@ -61959,7 +62280,7 @@ CVE-2026-5532 (A vulnerability was found in
ScrapeGraphAI scrapegraph-ai up to 1
NOT-FOR-US: ScrapeGraphAI scrapegraph-ai
CVE-2026-5531 (A vulnerability has been found in SourceCodester Student Result
Manage ...)
NOT-FOR-US: SourceCodester
-CVE-2026-5530 (A flaw has been found in Ollama up to 18.1. This issue affects
some un ...)
+CVE-2026-5530 (A flaw has been found in Ollama up to 0.18.1. This issue
affects some ...)
- ollama <itp> (bug #1094806)
CVE-2026-5529 (A vulnerability was detected in Dromara lamp-cloud up to 5.8.1.
This v ...)
NOT-FOR-US: Dromara lamp-cloud
@@ -69546,7 +69867,8 @@ CVE-2026-3533 (The Jupiter X Core plugin for WordPress
is vulnerable to limited
NOT-FOR-US: WordPress plugin
CVE-2026-3509 (An unauthenticated remote attacker may be able to control the
format s ...)
NOT-FOR-US: CODESYS
-CVE-2026-3260 (A flaw was found in Undertow. A remote attacker could exploit
this vul ...)
+CVE-2026-3260
+ REJECTED
- undertow <unfixed> (bug #1134949)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443010
CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
@@ -170377,6 +170699,7 @@ CVE-2025-32462 (Sudo before 1.9.17p1, when used with
a sudoers file that specifi
- sudo 1.9.16p2-3
NOTE: https://www.sudo.ws/security/advisories/host_any/
CVE-2025-6297 (It was discovered that dpkg-deb does not properly sanitize
directory p ...)
+ {DLA-4673-1}
- dpkg 1.22.21
[bookworm] - dpkg 1.21.23
NOTE: Fixed by:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82
(main)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd55729eb517937a5390920dc01ece2f3326fa9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd55729eb517937a5390920dc01ece2f3326fa9
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits