Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97c6fb84 by security tracker role at 2026-07-08T19:15:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,333 @@
+CVE-2026-9074 (IBM API Connect 10.0.8.0 through 10.0.8.9 and12.1.0.0 through
12.1.0.3 ...)
+ TODO: check
+CVE-2026-8315 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-8310 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-8307 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-6854 (The My Calendar \u2013 Accessible Event Manager plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-6820 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-6818 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-6742 (The Advanced iFrame plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2026-6740 (The Nexter Blocks \u2013 Gutenberg Blocks, Page Builder & AI
Website B ...)
+ TODO: check
+CVE-2026-6459 (The Essential Addons for Elementor \u2013 Popular Elementor
Templates ...)
+ TODO: check
+CVE-2026-6371 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-6280 (Exposure of sensitive information due to incompatible policies
vulnera ...)
+ TODO: check
+CVE-2026-6230 (The Tainacan plugin for WordPress is vulnerable to time-based
blind SQ ...)
+ TODO: check
+CVE-2026-60125 (MISP\u2019s importModule() path used getEnabledModule() to
resolve a s ...)
+ TODO: check
+CVE-2026-60124 (An authorization bypass in MISP\u2019s
EventsController::importModule( ...)
+ TODO: check
+CVE-2026-60102 (Horde Virtual File System (VFS) API before 3.0.1 contains an
OS comman ...)
+ TODO: check
+CVE-2026-60092 (AVideo (Meet plugin) through commit
e8d6119f3cb1b849149906efeb0a41fc02 ...)
+ TODO: check
+CVE-2026-5459 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
+ TODO: check
+CVE-2026-5356 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
+ TODO: check
+CVE-2026-59938 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.14 ...)
+ TODO: check
+CVE-2026-59937 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.14 ...)
+ TODO: check
+CVE-2026-59930 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59929 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59928 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59927 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59926 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59925 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59924 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59923 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59922 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-59897 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-59896 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-59895 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-59892 (OpenTelemetry JavaScript is the OpenTelemetry JavaScript
client. Prior ...)
+ TODO: check
+CVE-2026-59890 (setuptools is a package that allows users to download, build,
install, ...)
+ TODO: check
+CVE-2026-59887 (linkify-it is a links recognition library with full Unicode
support. P ...)
+ TODO: check
+CVE-2026-59883 (Guzzle is an extensible PHP HTTP client. Prior to 7.12.3,
CookieJar di ...)
+ TODO: check
+CVE-2026-59882 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation
in PHP. ...)
+ TODO: check
+CVE-2026-59880 (Immutable.js provides many Persistent Immutable data
structures. Prior ...)
+ TODO: check
+CVE-2026-59879 (Immutable.js provides many Persistent Immutable data
structures. Prior ...)
+ TODO: check
+CVE-2026-59877 (protobufjs compiles protobuf definitions into JavaScript (JS)
function ...)
+ TODO: check
+CVE-2026-59876 (protobufjs compiles protobuf definitions into JavaScript (JS)
function ...)
+ TODO: check
+CVE-2026-59875 (node-tar is a tar archive manipulation library for Node.js.
Prior to 7 ...)
+ TODO: check
+CVE-2026-59874 (node-tar is a tar archive manipulation library for Node.js.
Prior to 7 ...)
+ TODO: check
+CVE-2026-59873 (node-tar is a tar archive manipulation library for Node.js.
Prior to 7 ...)
+ TODO: check
+CVE-2026-59871 (node-tar is a tar archive manipulation library for Node.js.
Prior to 7 ...)
+ TODO: check
+CVE-2026-59870 (js-yaml is a JavaScript YAML parser and dumper. From 5.0.0
before 5.2. ...)
+ TODO: check
+CVE-2026-59869 (js-yaml is a JavaScript YAML parser and dumper. From 3.0.0
before 3.15 ...)
+ TODO: check
+CVE-2026-59868 (js-yaml is a JavaScript YAML parser and dumper. From 5.0.0
before 5.2. ...)
+ TODO: check
+CVE-2026-59731 (Astro is a web framework for content-driven websites. Version
6.4.7 pe ...)
+ TODO: check
+CVE-2026-59725 (Socket.IO enables bidirectional and low-latency communication
for ever ...)
+ TODO: check
+CVE-2026-59724 (Socket.IO enables bidirectional and low-latency communication
for ever ...)
+ TODO: check
+CVE-2026-59703 (repomix contains a local file inclusion vulnerability in the
git clone ...)
+ TODO: check
+CVE-2026-59702 (repomix contains a server-side request forgery vulnerability
in the PO ...)
+ TODO: check
+CVE-2026-59262 (AFFiNE's histories GraphQL field fails to validate Doc.Read
permission ...)
+ TODO: check
+CVE-2026-59261 (OpenClaw before 2026.5.28 contains a credential exposure
vulnerability ...)
+ TODO: check
+CVE-2026-59257 (n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before
2.28.1 conta ...)
+ TODO: check
+CVE-2026-59253 (n8n before 2.28.0 contains an improper authorization
vulnerability all ...)
+ TODO: check
+CVE-2026-58657 (Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0
branch) con ...)
+ TODO: check
+CVE-2026-58656 (Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the
?token= ...)
+ TODO: check
+CVE-2026-58654 (The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains
an unrest ...)
+ TODO: check
+CVE-2026-58480 (Blocksy Companion Pro plugin for WordPress before 2.1.47
contains an u ...)
+ TODO: check
+CVE-2026-57439 (CyberChef is a web app for encryption, encoding, compression,
and data ...)
+ TODO: check
+CVE-2026-57260 (The application opened a PDF file containing an abnormal Unity
3D obje ...)
+ TODO: check
+CVE-2026-57259 (The input file does not need to be strictly in a structurally
valid PD ...)
+ TODO: check
+CVE-2026-57258 (The PRC file header parsing logic trusts the constructed file
structur ...)
+ TODO: check
+CVE-2026-57257 (During the PRC parsing stage, there is a lack of boundary
verification ...)
+ TODO: check
+CVE-2026-57256 (When the application opens a PDF and executes JavaScript, it
performs ...)
+ TODO: check
+CVE-2026-57255 (The application opens a PDF containing an abnormal color space
whose a ...)
+ TODO: check
+CVE-2026-57254 (There is an abnormal annotation within the PDF that is
referenced by o ...)
+ TODO: check
+CVE-2026-57253 (An abnormal image object causes the renderer to enter the
wrong proces ...)
+ TODO: check
+CVE-2026-57252 (When the application opens a PDF file, during the process of
JavaScrip ...)
+ TODO: check
+CVE-2026-57251 (The application opens a PDF, but the cloud-like appearance of
the cons ...)
+ TODO: check
+CVE-2026-57250 (When the application opens a PDF and JavaScript resets the
form fields ...)
+ TODO: check
+CVE-2026-57249 (After the application opened the PDF file, the script first
reset the ...)
+ TODO: check
+CVE-2026-57248 (When the application opens a PDF file and JavaScript writes
annotation ...)
+ TODO: check
+CVE-2026-57247 (The application re-enters the document structure via field
processing ...)
+ TODO: check
+CVE-2026-57246 (When dealing with abnormally constructed objects, there is a
lack of a ...)
+ TODO: check
+CVE-2026-57245 (When the application opens a PDF, traverses and builds the
annotation ...)
+ TODO: check
+CVE-2026-57244 (After JavaScript resetting the form, the synchronization
process lacks ...)
+ TODO: check
+CVE-2026-57243 (During the process of page opening and form formatting, a
JavaScript r ...)
+ TODO: check
+CVE-2026-57242 (The application opens the PDF, and JavaScript modifies the
form. Howev ...)
+ TODO: check
+CVE-2026-57241 (The application opens the PDF, and JavaScript performs
operations on t ...)
+ TODO: check
+CVE-2026-57240 (When the application opens a PDF file and JavaScript deletes
the PDF f ...)
+ TODO: check
+CVE-2026-57239 (The user-controllable executable files will be directly
executed by hi ...)
+ TODO: check
+CVE-2026-57238 (After the application opened the PDF, JavaScript deleted the
form fiel ...)
+ TODO: check
+CVE-2026-57237 (When the application opens a PDF and JavaScript modifies the
propertie ...)
+ TODO: check
+CVE-2026-56778 (n8n before 2.25.7 and 2.26.x before 2.26.2 contains an
authorization b ...)
+ TODO: check
+CVE-2026-56776 (n8n before 1.123.55, 2.25.7, and 2.26.2 contains an
authorization bypa ...)
+ TODO: check
+CVE-2026-56775 (n8n before 1.123.55, 2.25.7, and 2.26.2 contains an
authorization vuln ...)
+ TODO: check
+CVE-2026-56401 (Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null
pointer derefe ...)
+ TODO: check
+CVE-2026-56374 (ImageMagick before 7.1.2-19 contains a heap buffer overflow
vulnerabil ...)
+ TODO: check
+CVE-2026-56362 (ImageMagick before 7.1.2-15 contains a heap-buffer-overflow
read vulne ...)
+ TODO: check
+CVE-2026-56360 (n8n before versions 1.123.18 and 2.6.2 fails to verify
HMAC-SHA256 sig ...)
+ TODO: check
+CVE-2026-56359 (n8n before 2.8.0 contains a cross-site scripting vulnerability
in the ...)
+ TODO: check
+CVE-2026-56298 (Capgo before 12.128.2 fails to strip EXIF metadata from images
uploade ...)
+ TODO: check
+CVE-2026-56297 (FreeRDP before 3.22.0 contains a use-after-free vulnerability
in dvcma ...)
+ TODO: check
+CVE-2026-56293 (Capgo before 12.128.2 contains an authorization flaw in
transfer_app() ...)
+ TODO: check
+CVE-2026-56284 (Capgo (Cap-go/capgo) before 12.128.2 contains an information
disclosur ...)
+ TODO: check
+CVE-2026-56283 (Capgo before 12.128.2 contains an html injection vulnerability
in the ...)
+ TODO: check
+CVE-2026-56273 (Flowise before 3.1.0 contains a path traversal vulnerability
in Faiss ...)
+ TODO: check
+CVE-2026-56250 (Capgo before 12.128.2 allows upload-scoped API keys to modify
the muta ...)
+ TODO: check
+CVE-2026-56246 (Capgo before 12.128.2 contains a broken access control
vulnerability i ...)
+ TODO: check
+CVE-2026-56226 (Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase
PostgREST RP ...)
+ TODO: check
+CVE-2026-56220 (Capgo before 12.128.2 contains an authorization bypass
vulnerability i ...)
+ TODO: check
+CVE-2026-56217 (Capgo before 12.128.2 contains a policy bypass vulnerability
in app_ve ...)
+ TODO: check
+CVE-2026-56086 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6,
LTS2026 r ...)
+ TODO: check
+CVE-2026-55874 (SeaweedFS is a distributed storage system. Prior to 4.34, the
S3 API g ...)
+ TODO: check
+CVE-2026-55873 (SeaweedFS is a distributed storage system. In versions 4.08
through 4. ...)
+ TODO: check
+CVE-2026-55761 (Portainer Community Edition is a lightweight service delivery
platform ...)
+ TODO: check
+CVE-2026-55668 (File Browser provides a web file managing interface. Prior to
2.63.16, ...)
+ TODO: check
+CVE-2026-54652 (Frigate is an open source network video recorder. In version
0.17.1, t ...)
+ TODO: check
+CVE-2026-54344 (ToolJet is an open-source low-code platform for building
internal tool ...)
+ TODO: check
+CVE-2026-54061 (Dgraph is an open source distributed GraphQL database. Prior
to versio ...)
+ TODO: check
+CVE-2026-53951 (Copier is a library and CLI app for rendering project
templates. In ve ...)
+ TODO: check
+CVE-2026-53482 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
+ TODO: check
+CVE-2026-53480 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
+ TODO: check
+CVE-2026-50813 (An issue in SQLite before Fossil check-in 869a51ae84df allows
a local ...)
+ TODO: check
+CVE-2026-50812 (A NULL pointer dereference in the SQLite Session Extension in
SQLite 3 ...)
+ TODO: check
+CVE-2026-49946
+ REJECTED
+CVE-2026-49945
+ REJECTED
+CVE-2026-49944
+ REJECTED
+CVE-2026-49147 (App::Ack versions through 3.10.0 for Perl print unsanitised
terminal e ...)
+ TODO: check
+CVE-2026-49146 (App::Ack versions before 3.10.0 for Perl allow memory
exhaustion via a ...)
+ TODO: check
+CVE-2026-49145 (App::Ack versions through 3.10.0 for Perl read arbitrary files
via --f ...)
+ TODO: check
+CVE-2026-44840 (Dgraph is an open source distributed GraphQL database. Prior
to versio ...)
+ TODO: check
+CVE-2026-41122 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
+ TODO: check
+CVE-2026-41042 (Unauthenticated callers can supply a malicious H2 JDBC URL
through the ...)
+ TODO: check
+CVE-2026-3688 (The WCFM Membership \u2013 WooCommerce Memberships for
Multivendor Mar ...)
+ TODO: check
+CVE-2026-3144 (IBM API Connect 12.1.0.0 through 12.1.0.3 uses default
credentials whi ...)
+ TODO: check
+CVE-2026-29009 (U-Boot through 2026.04-rc3 contains a buffer overflow
vulnerability in ...)
+ TODO: check
+CVE-2026-29008 (U-Boot through 2026.04-rc3 contains an integer underflow
vulnerability ...)
+ TODO: check
+CVE-2026-29007 (U-Boot through 2026.04-rc3 contains an out-of-bounds read
vulnerabilit ...)
+ TODO: check
+CVE-2026-24700 (An OS command injection vulnerability exists in the
start_lltd() funct ...)
+ TODO: check
+CVE-2026-24699 (An OS command injection vulnerability exists in the
sub_34984() functi ...)
+ TODO: check
+CVE-2026-24698 (An OS command injection vulnerability exists in the
save_syslog_to_fil ...)
+ TODO: check
+CVE-2026-24697 (An OS command injection vulnerability exists in the
start_bonjour() fu ...)
+ TODO: check
+CVE-2026-22927 (Omnissa Workspace ONE\xae Tunnel for Windows addresses a
Local Privi ...)
+ TODO: check
+CVE-2026-15067 (Snowflake Terraform Provider versions prior to 2.18.0 contain
several ...)
+ TODO: check
+CVE-2026-15063 (A flaw was found in the gorch service template, which is part
of the t ...)
+ TODO: check
+CVE-2026-15062 (SQL injection vulnerabilities in the Snowflake Snowpark Python
SDK (sn ...)
+ TODO: check
+CVE-2026-15053 (Tanium addressed a denial of service vulnerability in Tanium
Server.)
+ TODO: check
+CVE-2026-15044 (A flaw was found in the TrustyAI Service Operator. When
deploying serv ...)
+ TODO: check
+CVE-2026-15041 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256
password v ...)
+ TODO: check
+CVE-2026-15036 (A vulnerability was determined in Harness up to 2.28.2. This
vulnerabi ...)
+ TODO: check
+CVE-2026-15035 (A vulnerability was found in bentoml OpenLLM 0.6.30. This
affects the ...)
+ TODO: check
+CVE-2026-15034 (A vulnerability has been found in flask-dashboard
Flask-MonitoringDash ...)
+ TODO: check
+CVE-2026-15033 (A flaw has been found in christopherthielen
check-peer-dependencies up ...)
+ TODO: check
+CVE-2026-14967 (BBOT's `github_workflows` module could be induced to write a
downloade ...)
+ TODO: check
+CVE-2026-14966 (BBOT's unarchive module rejects archives containing symlink
entries be ...)
+ TODO: check
+CVE-2026-14362 (HashiCorp memberlist before version 0.6.0 is vulnerable to a
denial-of ...)
+ TODO: check
+CVE-2026-14250 (The Themehunk Login Registration plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-13129 (When the application opens a PDF file, JavaScript uses the
damaged fie ...)
+ TODO: check
+CVE-2026-13128 (Embedding JavaScript within a PDF file will cause the page to
be delet ...)
+ TODO: check
+CVE-2026-13127 (The application opens the PDF file. JavaScript then rewrites
the docum ...)
+ TODO: check
+CVE-2026-13126 (The embedded JavaScript in the PDF deleted the pages, making
the objec ...)
+ TODO: check
+CVE-2026-12936 (The Recurio \u2013 Ultimate Subscription for WooCommerce
plugin for Wo ...)
+ TODO: check
+CVE-2026-12002 (The Smash Balloon Social Photo Feed \u2013 Easy Social Feeds
Plugin pl ...)
+ TODO: check
+CVE-2026-11903 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-10708 (This vulnerability enables large\u2011scale data harvesting
without re ...)
+ TODO: check
+CVE-2026-10706 (In Adalo\u2019s no-code app builder, (Versions 1 and 2) the
attackers ...)
+ TODO: check
+CVE-2026-10699 (Missing release of memory after effective lifetime
vulnerability in Pr ...)
+ TODO: check
+CVE-2026-10698 (Improper Neutralization of Special Elements in Data Query
Logic vulner ...)
+ TODO: check
+CVE-2025-3110 (OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare
line-feed seque ...)
+ TODO: check
+CVE-2025-14785 (The Website Builder by SeedProd - Theme Builder, Landing Page
Builder, ...)
+ TODO: check
CVE-2026-58382
- gimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2497384
@@ -28,7 +358,7 @@ CVE-2026-58388
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2497435
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/c1263f39
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/work_items/16231
-CVE-2026-14454
+CVE-2026-14454 (Imager versions before 1.033 for Perl treat unsigned EXIF IFD
entry co ...)
- libimager-perl <unfixed>
[trixie] - libimager-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41637674/
@@ -367,26 +697,26 @@ CVE-2026-10570 (The Sympl Repeater for ACF and Elementor
plugin for WordPress is
NOT-FOR-US: WordPress plugin
CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site
Scripti ...)
NOT-FOR-US: Jastow
-CVE-2026-56003 [computeProps Property Buffer Heap Buffer Overflow]
+CVE-2026-56003 (A heap buffer overflow due to missing size checking in the
property bu ...)
- libxfont <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939
(libXfont2-2.0.8)
-CVE-2026-56002 [PCF Font Parsing Heap Buffer Overflow]
+CVE-2026-56002 (A heap bufferflow in pcfReadFont() due to missing glyph bounds
checkin ...)
- libxfont <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674
(libXfont2-2.0.8)
-CVE-2026-56001 [BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow]
+CVE-2026-56001 (A heap buffer overflow in BitmapScaleBitmaps in libXfont2
before 2.0.8 ...)
- libxfont <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
(libXfont2-2.0.8)
-CVE-2026-56000 [GLX contextTags Use-After-Free in CommonMakeCurrent()]
+CVE-2026-56000 (Local attackers with a X connection able to provide GLX commit
to the ...)
- xorg-server <unfixed>
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/2
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043
-CVE-2026-55999 [glamor Font Atlas Heap Buffer Overflow]
+CVE-2026-55999 (Local attackers with a X connection able to provide PCX fonts
to the X ...)
- xorg-server <unfixed>
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -412,7 +742,7 @@ CVE-2026-14740 (DBI versions before 1.650 for Perl read one
byte out-of-bounds i
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625532/
NOTE:
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg
NOTE: Fixed by:
https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01
(1.650)
-CVE-2026-39822
+CVE-2026-39822 (On Unix systems, opening a file in an os.Root improperly
follows symli ...)
- golang-1.27 1.27~rc2-1
- golang-1.26 1.26.5-1
- golang-1.25 1.25.12-1
@@ -424,7 +754,7 @@ CVE-2026-39822
NOTE: https://github.com/golang/go/issues/79005
NOTE: Fixed by:
https://github.com/golang/go/commit/f9ef7f55988f03afeb3b8354367d0fa8d053683d
(go1.26.5)
NOTE: Fixed by:
https://github.com/golang/go/commit/c94048f5638bbcaa22102bade5e9774e0d485315
(go1.25.12)
-CVE-2026-42505
+CVE-2026-42505 (Handshakes which used Encrypted Client Hello could be
de-anonymized by ...)
- golang-1.27 1.27~rc2-1
- golang-1.26 1.26.5-1
- golang-1.25 1.25.12-1
@@ -888,9 +1218,9 @@ CVE-2026-33630
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-6wfj-rwm7-3542
NOTE: Fixed by:
https://github.com/c-ares/c-ares/commit/1fa3b86a0b8d18fe7b60f3228a01d770feb026bc
(main)
NOTE: Fixed by:
https://github.com/c-ares/c-ares/commit/d823199b688052dcdc1646f2ab4cb8c16b1c644a
(v1.34.7)
-CVE-2026-9182 (ArcGIS Server contains an unrestricted file upload
vulnerability. An u ...)
+CVE-2026-9182 (Esri ArcGIS Server contains an unrestricted file upload
vulnerability. ...)
NOT-FOR-US: Esri
-CVE-2026-9181 (ArcGIS Server contains a directory traversal vulnerability. An
unauth ...)
+CVE-2026-9181 (Esri ArcGIS Server contains a directory traversal
vulnerability. ArcGI ...)
NOT-FOR-US: Esri
CVE-2026-9165 (A flaw was found in Red Hat Advanced Cluster Security for
Kubernetes ( ...)
NOT-FOR-US: Red Hat Advanced Cluster Security for Kubernetes (RHACS)
@@ -2015,7 +2345,7 @@ CVE-2026-58579 (RAGFlow before 0.26.3 stores an agent
pipeline (DSL) node name w
NOT-FOR-US: RAGFlow
CVE-2026-58578 (LobeChat before version 2.2.10-canary.15 contains a regular
expression ...)
NOT-FOR-US: LobeChat
-CVE-2026-58467 (Cockpit CMS before release 364 contains a path traversal and
local fil ...)
+CVE-2026-58467 (Cockpit CMS through 2.14.0 contains a path traversal and local
file in ...)
NOT-FOR-US: Cockpit CMS
CVE-2026-58466 (AutoBangumi before 3.2.8 contains a hard-coded default
credentials vul ...)
NOT-FOR-US: AutoBangumi
@@ -3096,6 +3426,7 @@ CVE-2026-55597 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/277541927c2de8317d4167ee16d57375f24971d3
(7.1.2-26)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/d241c85d93e4684f84201bd08f4aad80eac44f4a
(6.9.13-51)
CVE-2026-55595 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6383-1}
- imagemagick 8:7.1.2.26+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/549fdf2195bbac1c93e736c04f416d4d9a5d05a8
(7.1.2-26)
@@ -224719,7 +225050,7 @@ CVE-2024-50563 (A weak authentication in Fortinet
FortiManager Cloud, FortiAnaly
NOT-FOR-US: FortiGuard
CVE-2024-48885 (A improper limitation of a pathname to a restricted directory
('path t ...)
NOT-FOR-US: FortiGuard
-CVE-2024-45331 (A incorrect privilege assignment in Fortinet FortiAnalyzer
versions 7. ...)
+CVE-2024-45331 (A incorrect privilege assignment vulnerability in Fortinet
FortiAnalyz ...)
NOT-FOR-US: FortiGuard
CVE-2024-41746 (IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is
vulnerable to st ...)
NOT-FOR-US: IBM
@@ -226054,7 +226385,7 @@ CVE-2024-35278 (A improper neutralization of special
elements used in an sql com
NOT-FOR-US: Wavlink
CVE-2024-35277 (A missing authentication for critical function in Fortinet
FortiPortal ...)
NOT-FOR-US: Fortinet
-CVE-2024-35276 (A stack-based buffer overflow in Fortinet FortiAnalyzer
versions 7.4.0 ...)
+CVE-2024-35276 (A stack-based buffer overflow vulnerability in Fortinet
FortiAnalyzer ...)
NOT-FOR-US: Fortinet
CVE-2024-35275 (A improper neutralization of special elements used in an sql
command ( ...)
NOT-FOR-US: Fortinet
@@ -226064,7 +226395,7 @@ CVE-2024-34544 (A command injection vulnerability
exists in the wireless.cgi Add
NOT-FOR-US: Wavlink
CVE-2024-34166 (An os command injection vulnerability exists in the
touchlist_sync.cgi ...)
NOT-FOR-US: Wavlink
-CVE-2024-33503 (A improper privilege management in Fortinet FortiManager
version 7.4.0 ...)
+CVE-2024-33503 (A improper privilege management vulnerability in Fortinet
FortiManager ...)
NOT-FOR-US: Fortinet
CVE-2024-33502 (An improper limitation of a pathname to a restricted directory
('path ...)
NOT-FOR-US: Fortinet
@@ -285712,7 +286043,7 @@ CVE-2024-28103 (Action Pack is a framework for
handling and responding to web re
NOTE:
https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
NOTE:
https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
(main)
NOTE:
https://github.com/rails/rails/commit/b329b261dd32a61316f2831788d6078ca0563ab6
(v6.1.7.8)
-CVE-2024-23669 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
+CVE-2024-23669 (An improper authorization in Fortinet FortiWebManager 7.2.0,
FortiWebM ...)
NOT-FOR-US: Fortinet
CVE-2024-23326 (Envoy is a cloud-native, open source edge and service proxy. A
theoret ...)
- envoyproxy <itp> (bug #987544)
@@ -286161,11 +286492,11 @@ CVE-2024-31684 (Incorrect access control in the
fingerprint authentication mecha
NOT-FOR-US: Bitdefender Mobile Security
CVE-2024-31682 (Incorrect access control in the fingerprint authentication
mechanism o ...)
NOT-FOR-US: phone-cleaner
-CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
+CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager 7.2.0,
FortiWebM ...)
NOT-FOR-US: FortiGuard
-CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
+CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager 7.2.0,
FortiWebM ...)
NOT-FOR-US: FortiGuard
-CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
+CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager 7.2.0,
FortiWebM ...)
NOT-FOR-US: FortiGuard
CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in
FortiWeb ...)
NOT-FOR-US: FortiGuard
@@ -315696,9 +316027,9 @@ CVE-2023-46717 (An improper authentication
vulnerability [CWE-287] in FortiOS ve
NOT-FOR-US: FortiGuard
CVE-2023-45793 (A vulnerability has been identified in Siveillance Control
(All versio ...)
NOT-FOR-US: Siemens
-CVE-2023-42790 (A stack-based buffer overflow in Fortinet FortiOS 7.4.0
through 7.4.1, ...)
+CVE-2023-42790 (A stack-based buffer overflow vulnerability in Fortinet
FortiOS 7.4.0 ...)
NOT-FOR-US: FortiGuard
-CVE-2023-42789 (A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1,
7.2.0 t ...)
+CVE-2023-42789 (A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0
through ...)
NOT-FOR-US: FortiGuard
CVE-2023-41842 (A use of externally-controlled format string vulnerability
[CWE-134] v ...)
NOT-FOR-US: FortiGuard
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c6fb84cd8ce5ba75c01fc7a7c68e230811e696
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c6fb84cd8ce5ba75c01fc7a7c68e230811e696
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits