Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
97c6fb84 by security tracker role at 2026-07-08T19:15:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,333 @@
+CVE-2026-9074 (IBM API Connect 10.0.8.0 through 10.0.8.9 and12.1.0.0 through 
12.1.0.3 ...)
+       TODO: check
+CVE-2026-8315 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-8310 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-8307 (Improper neutralization of special elements used in an SQL 
command ('S ...)
+       TODO: check
+CVE-2026-6854 (The My Calendar \u2013 Accessible Event Manager plugin for 
WordPress i ...)
+       TODO: check
+CVE-2026-6820 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-6818 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-6742 (The Advanced iFrame plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2026-6740 (The Nexter Blocks \u2013 Gutenberg Blocks, Page Builder & AI 
Website B ...)
+       TODO: check
+CVE-2026-6459 (The Essential Addons for Elementor \u2013 Popular Elementor 
Templates  ...)
+       TODO: check
+CVE-2026-6371 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-6280 (Exposure of sensitive information due to incompatible policies 
vulnera ...)
+       TODO: check
+CVE-2026-6230 (The Tainacan plugin for WordPress is vulnerable to time-based 
blind SQ ...)
+       TODO: check
+CVE-2026-60125 (MISP\u2019s importModule() path used getEnabledModule() to 
resolve a s ...)
+       TODO: check
+CVE-2026-60124 (An authorization bypass in MISP\u2019s 
EventsController::importModule( ...)
+       TODO: check
+CVE-2026-60102 (Horde Virtual File System (VFS) API before 3.0.1 contains an 
OS comman ...)
+       TODO: check
+CVE-2026-60092 (AVideo (Meet plugin) through commit 
e8d6119f3cb1b849149906efeb0a41fc02 ...)
+       TODO: check
+CVE-2026-5459 (The User Frontend: AI Powered Frontend Posting, User Directory, 
Profil ...)
+       TODO: check
+CVE-2026-5356 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
+       TODO: check
+CVE-2026-59938 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.14 ...)
+       TODO: check
+CVE-2026-59937 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.14 ...)
+       TODO: check
+CVE-2026-59930 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59929 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59928 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59927 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59926 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59925 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59924 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59923 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59922 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)
+       TODO: check
+CVE-2026-59897 (Hono is a Web application framework that provides support for 
any Java ...)
+       TODO: check
+CVE-2026-59896 (Hono is a Web application framework that provides support for 
any Java ...)
+       TODO: check
+CVE-2026-59895 (Hono is a Web application framework that provides support for 
any Java ...)
+       TODO: check
+CVE-2026-59892 (OpenTelemetry JavaScript is the OpenTelemetry JavaScript 
client. Prior ...)
+       TODO: check
+CVE-2026-59890 (setuptools is a package that allows users to download, build, 
install, ...)
+       TODO: check
+CVE-2026-59887 (linkify-it is a links recognition library with full Unicode 
support. P ...)
+       TODO: check
+CVE-2026-59883 (Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, 
CookieJar di ...)
+       TODO: check
+CVE-2026-59882 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation 
in PHP. ...)
+       TODO: check
+CVE-2026-59880 (Immutable.js provides many Persistent Immutable data 
structures. Prior ...)
+       TODO: check
+CVE-2026-59879 (Immutable.js provides many Persistent Immutable data 
structures. Prior ...)
+       TODO: check
+CVE-2026-59877 (protobufjs compiles protobuf definitions into JavaScript (JS) 
function ...)
+       TODO: check
+CVE-2026-59876 (protobufjs compiles protobuf definitions into JavaScript (JS) 
function ...)
+       TODO: check
+CVE-2026-59875 (node-tar is a tar archive manipulation library for Node.js. 
Prior to 7 ...)
+       TODO: check
+CVE-2026-59874 (node-tar is a tar archive manipulation library for Node.js. 
Prior to 7 ...)
+       TODO: check
+CVE-2026-59873 (node-tar is a tar archive manipulation library for Node.js. 
Prior to 7 ...)
+       TODO: check
+CVE-2026-59871 (node-tar is a tar archive manipulation library for Node.js. 
Prior to 7 ...)
+       TODO: check
+CVE-2026-59870 (js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 
before 5.2. ...)
+       TODO: check
+CVE-2026-59869 (js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 
before 3.15 ...)
+       TODO: check
+CVE-2026-59868 (js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 
before 5.2. ...)
+       TODO: check
+CVE-2026-59731 (Astro is a web framework for content-driven websites. Version 
6.4.7 pe ...)
+       TODO: check
+CVE-2026-59725 (Socket.IO enables bidirectional and low-latency communication 
for ever ...)
+       TODO: check
+CVE-2026-59724 (Socket.IO enables bidirectional and low-latency communication 
for ever ...)
+       TODO: check
+CVE-2026-59703 (repomix contains a local file inclusion vulnerability in the 
git clone ...)
+       TODO: check
+CVE-2026-59702 (repomix contains a server-side request forgery vulnerability 
in the PO ...)
+       TODO: check
+CVE-2026-59262 (AFFiNE's histories GraphQL field fails to validate Doc.Read 
permission ...)
+       TODO: check
+CVE-2026-59261 (OpenClaw before 2026.5.28 contains a credential exposure 
vulnerability ...)
+       TODO: check
+CVE-2026-59257 (n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 
2.28.1 conta ...)
+       TODO: check
+CVE-2026-59253 (n8n before 2.28.0 contains an improper authorization 
vulnerability all ...)
+       TODO: check
+CVE-2026-58657 (Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 
branch) con ...)
+       TODO: check
+CVE-2026-58656 (Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the 
?token= ...)
+       TODO: check
+CVE-2026-58654 (The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains 
an unrest ...)
+       TODO: check
+CVE-2026-58480 (Blocksy Companion Pro plugin for WordPress before 2.1.47 
contains an u ...)
+       TODO: check
+CVE-2026-57439 (CyberChef is a web app for encryption, encoding, compression, 
and data ...)
+       TODO: check
+CVE-2026-57260 (The application opened a PDF file containing an abnormal Unity 
3D obje ...)
+       TODO: check
+CVE-2026-57259 (The input file does not need to be strictly in a structurally 
valid PD ...)
+       TODO: check
+CVE-2026-57258 (The PRC file header parsing logic trusts the constructed file 
structur ...)
+       TODO: check
+CVE-2026-57257 (During the PRC parsing stage, there is a lack of boundary 
verification ...)
+       TODO: check
+CVE-2026-57256 (When the application opens a PDF and executes JavaScript, it 
performs  ...)
+       TODO: check
+CVE-2026-57255 (The application opens a PDF containing an abnormal color space 
whose a ...)
+       TODO: check
+CVE-2026-57254 (There is an abnormal annotation within the PDF that is 
referenced by o ...)
+       TODO: check
+CVE-2026-57253 (An abnormal image object causes the renderer to enter the 
wrong proces ...)
+       TODO: check
+CVE-2026-57252 (When the application opens a PDF file, during the process of 
JavaScrip ...)
+       TODO: check
+CVE-2026-57251 (The application opens a PDF, but the cloud-like appearance of 
the cons ...)
+       TODO: check
+CVE-2026-57250 (When the application opens a PDF and JavaScript resets the 
form fields ...)
+       TODO: check
+CVE-2026-57249 (After the application opened the PDF file, the script first 
reset the  ...)
+       TODO: check
+CVE-2026-57248 (When the application opens a PDF file and JavaScript writes 
annotation ...)
+       TODO: check
+CVE-2026-57247 (The application re-enters the document structure via field 
processing  ...)
+       TODO: check
+CVE-2026-57246 (When dealing with abnormally constructed objects, there is a 
lack of a ...)
+       TODO: check
+CVE-2026-57245 (When the application opens a PDF, traverses and builds the 
annotation  ...)
+       TODO: check
+CVE-2026-57244 (After JavaScript resetting the form, the synchronization 
process lacks ...)
+       TODO: check
+CVE-2026-57243 (During the process of page opening and form formatting, a 
JavaScript r ...)
+       TODO: check
+CVE-2026-57242 (The application opens the PDF, and JavaScript modifies the 
form. Howev ...)
+       TODO: check
+CVE-2026-57241 (The application opens the PDF, and JavaScript performs 
operations on t ...)
+       TODO: check
+CVE-2026-57240 (When the application opens a PDF file and JavaScript deletes 
the PDF f ...)
+       TODO: check
+CVE-2026-57239 (The user-controllable executable files will be directly 
executed by hi ...)
+       TODO: check
+CVE-2026-57238 (After the application opened the PDF, JavaScript deleted the 
form fiel ...)
+       TODO: check
+CVE-2026-57237 (When the application opens a PDF and JavaScript modifies the 
propertie ...)
+       TODO: check
+CVE-2026-56778 (n8n before 2.25.7 and 2.26.x before 2.26.2 contains an 
authorization b ...)
+       TODO: check
+CVE-2026-56776 (n8n before 1.123.55, 2.25.7, and 2.26.2 contains an 
authorization bypa ...)
+       TODO: check
+CVE-2026-56775 (n8n before 1.123.55, 2.25.7, and 2.26.2 contains an 
authorization vuln ...)
+       TODO: check
+CVE-2026-56401 (Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null 
pointer derefe ...)
+       TODO: check
+CVE-2026-56374 (ImageMagick before 7.1.2-19 contains a heap buffer overflow 
vulnerabil ...)
+       TODO: check
+CVE-2026-56362 (ImageMagick before 7.1.2-15 contains a heap-buffer-overflow 
read vulne ...)
+       TODO: check
+CVE-2026-56360 (n8n before versions 1.123.18 and 2.6.2 fails to verify 
HMAC-SHA256 sig ...)
+       TODO: check
+CVE-2026-56359 (n8n before 2.8.0 contains a cross-site scripting vulnerability 
in the  ...)
+       TODO: check
+CVE-2026-56298 (Capgo before 12.128.2 fails to strip EXIF metadata from images 
uploade ...)
+       TODO: check
+CVE-2026-56297 (FreeRDP before 3.22.0 contains a use-after-free vulnerability 
in dvcma ...)
+       TODO: check
+CVE-2026-56293 (Capgo before 12.128.2 contains an authorization flaw in 
transfer_app() ...)
+       TODO: check
+CVE-2026-56284 (Capgo (Cap-go/capgo) before 12.128.2 contains an information 
disclosur ...)
+       TODO: check
+CVE-2026-56283 (Capgo before 12.128.2 contains an html injection vulnerability 
in the  ...)
+       TODO: check
+CVE-2026-56273 (Flowise before 3.1.0 contains a path traversal vulnerability 
in Faiss  ...)
+       TODO: check
+CVE-2026-56250 (Capgo before 12.128.2 allows upload-scoped API keys to modify 
the muta ...)
+       TODO: check
+CVE-2026-56246 (Capgo before 12.128.2 contains a broken access control 
vulnerability i ...)
+       TODO: check
+CVE-2026-56226 (Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase 
PostgREST RP ...)
+       TODO: check
+CVE-2026-56220 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
+       TODO: check
+CVE-2026-56217 (Capgo before 12.128.2 contains a policy bypass vulnerability 
in app_ve ...)
+       TODO: check
+CVE-2026-56086 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, 
LTS2026 r ...)
+       TODO: check
+CVE-2026-55874 (SeaweedFS is a distributed storage system. Prior to 4.34, the 
S3 API g ...)
+       TODO: check
+CVE-2026-55873 (SeaweedFS is a distributed storage system. In versions 4.08 
through 4. ...)
+       TODO: check
+CVE-2026-55761 (Portainer Community Edition is a lightweight service delivery 
platform ...)
+       TODO: check
+CVE-2026-55668 (File Browser provides a web file managing interface. Prior to 
2.63.16, ...)
+       TODO: check
+CVE-2026-54652 (Frigate is an open source network video recorder. In version 
0.17.1, t ...)
+       TODO: check
+CVE-2026-54344 (ToolJet is an open-source low-code platform for building 
internal tool ...)
+       TODO: check
+CVE-2026-54061 (Dgraph is an open source distributed GraphQL database. Prior 
to versio ...)
+       TODO: check
+CVE-2026-53951 (Copier is a library and CLI app for rendering project 
templates. In ve ...)
+       TODO: check
+CVE-2026-53482 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
+       TODO: check
+CVE-2026-53480 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
+       TODO: check
+CVE-2026-50813 (An issue in SQLite before Fossil check-in 869a51ae84df allows 
a local  ...)
+       TODO: check
+CVE-2026-50812 (A NULL pointer dereference in the SQLite Session Extension in 
SQLite 3 ...)
+       TODO: check
+CVE-2026-49946
+       REJECTED
+CVE-2026-49945
+       REJECTED
+CVE-2026-49944
+       REJECTED
+CVE-2026-49147 (App::Ack versions through 3.10.0 for Perl print unsanitised 
terminal e ...)
+       TODO: check
+CVE-2026-49146 (App::Ack versions before 3.10.0 for Perl allow memory 
exhaustion via a ...)
+       TODO: check
+CVE-2026-49145 (App::Ack versions through 3.10.0 for Perl read arbitrary files 
via --f ...)
+       TODO: check
+CVE-2026-44840 (Dgraph is an open source distributed GraphQL database. Prior 
to versio ...)
+       TODO: check
+CVE-2026-41122 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
+       TODO: check
+CVE-2026-41042 (Unauthenticated callers can supply a malicious H2 JDBC URL 
through the ...)
+       TODO: check
+CVE-2026-3688 (The WCFM Membership \u2013 WooCommerce Memberships for 
Multivendor Mar ...)
+       TODO: check
+CVE-2026-3144 (IBM API Connect 12.1.0.0 through 12.1.0.3 uses default 
credentials whi ...)
+       TODO: check
+CVE-2026-29009 (U-Boot through 2026.04-rc3 contains a buffer overflow 
vulnerability in ...)
+       TODO: check
+CVE-2026-29008 (U-Boot through 2026.04-rc3 contains an integer underflow 
vulnerability ...)
+       TODO: check
+CVE-2026-29007 (U-Boot through 2026.04-rc3 contains an out-of-bounds read 
vulnerabilit ...)
+       TODO: check
+CVE-2026-24700 (An OS command injection vulnerability exists in the 
start_lltd() funct ...)
+       TODO: check
+CVE-2026-24699 (An OS command injection vulnerability exists in the 
sub_34984() functi ...)
+       TODO: check
+CVE-2026-24698 (An OS command injection vulnerability exists in the 
save_syslog_to_fil ...)
+       TODO: check
+CVE-2026-24697 (An OS command injection vulnerability exists in the 
start_bonjour() fu ...)
+       TODO: check
+CVE-2026-22927 (Omnissa Workspace ONE\xae Tunnel for Windows addresses a   
Local Privi ...)
+       TODO: check
+CVE-2026-15067 (Snowflake Terraform Provider versions prior to 2.18.0 contain 
several  ...)
+       TODO: check
+CVE-2026-15063 (A flaw was found in the gorch service template, which is part 
of the t ...)
+       TODO: check
+CVE-2026-15062 (SQL injection vulnerabilities in the Snowflake Snowpark Python 
SDK (sn ...)
+       TODO: check
+CVE-2026-15053 (Tanium addressed a denial of service vulnerability in Tanium 
Server.)
+       TODO: check
+CVE-2026-15044 (A flaw was found in the TrustyAI Service Operator. When 
deploying serv ...)
+       TODO: check
+CVE-2026-15041 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256 
password v ...)
+       TODO: check
+CVE-2026-15036 (A vulnerability was determined in Harness up to 2.28.2. This 
vulnerabi ...)
+       TODO: check
+CVE-2026-15035 (A vulnerability was found in bentoml OpenLLM 0.6.30. This 
affects the  ...)
+       TODO: check
+CVE-2026-15034 (A vulnerability has been found in flask-dashboard 
Flask-MonitoringDash ...)
+       TODO: check
+CVE-2026-15033 (A flaw has been found in christopherthielen 
check-peer-dependencies up ...)
+       TODO: check
+CVE-2026-14967 (BBOT's `github_workflows` module could be induced to write a 
downloade ...)
+       TODO: check
+CVE-2026-14966 (BBOT's unarchive module rejects archives containing symlink 
entries be ...)
+       TODO: check
+CVE-2026-14362 (HashiCorp memberlist before version 0.6.0 is vulnerable to a 
denial-of ...)
+       TODO: check
+CVE-2026-14250 (The Themehunk Login Registration plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2026-13129 (When the application opens a PDF file, JavaScript uses the 
damaged fie ...)
+       TODO: check
+CVE-2026-13128 (Embedding JavaScript within a PDF file will cause the page to 
be delet ...)
+       TODO: check
+CVE-2026-13127 (The application opens the PDF file. JavaScript then rewrites 
the docum ...)
+       TODO: check
+CVE-2026-13126 (The embedded JavaScript in the PDF deleted the pages, making 
the objec ...)
+       TODO: check
+CVE-2026-12936 (The Recurio \u2013 Ultimate Subscription for WooCommerce 
plugin for Wo ...)
+       TODO: check
+CVE-2026-12002 (The Smash Balloon Social Photo Feed \u2013 Easy Social Feeds 
Plugin pl ...)
+       TODO: check
+CVE-2026-11903 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-10708 (This vulnerability enables large\u2011scale data harvesting 
without re ...)
+       TODO: check
+CVE-2026-10706 (In Adalo\u2019s no-code app builder, (Versions 1 and 2) the 
attackers  ...)
+       TODO: check
+CVE-2026-10699 (Missing release of memory after effective lifetime 
vulnerability in Pr ...)
+       TODO: check
+CVE-2026-10698 (Improper Neutralization of Special Elements in Data Query 
Logic vulner ...)
+       TODO: check
+CVE-2025-3110 (OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare 
line-feed seque ...)
+       TODO: check
+CVE-2025-14785 (The Website Builder by SeedProd - Theme Builder, Landing Page 
Builder, ...)
+       TODO: check
 CVE-2026-58382
        - gimp <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2497384
@@ -28,7 +358,7 @@ CVE-2026-58388
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2497435
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/c1263f39
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/work_items/16231
-CVE-2026-14454
+CVE-2026-14454 (Imager versions before 1.033 for Perl treat unsigned EXIF IFD 
entry co ...)
        - libimager-perl <unfixed>
        [trixie] - libimager-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41637674/
@@ -367,26 +697,26 @@ CVE-2026-10570 (The Sympl Repeater for ACF and Elementor 
plugin for WordPress is
        NOT-FOR-US: WordPress plugin
 CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site 
Scripti ...)
        NOT-FOR-US: Jastow
-CVE-2026-56003 [computeProps Property Buffer Heap Buffer Overflow]
+CVE-2026-56003 (A heap buffer overflow due to missing size checking in the 
property bu ...)
        - libxfont <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939
 (libXfont2-2.0.8)
-CVE-2026-56002 [PCF Font Parsing Heap Buffer Overflow]
+CVE-2026-56002 (A heap bufferflow in pcfReadFont() due to missing glyph bounds 
checkin ...)
        - libxfont <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674
 (libXfont2-2.0.8)
-CVE-2026-56001 [BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow]
+CVE-2026-56001 (A heap buffer overflow in BitmapScaleBitmaps in libXfont2 
before 2.0.8 ...)
        - libxfont <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
 (libXfont2-2.0.8)
-CVE-2026-56000 [GLX contextTags Use-After-Free in CommonMakeCurrent()]
+CVE-2026-56000 (Local attackers with a X connection able to provide GLX commit 
to the  ...)
        - xorg-server <unfixed>
        - xwayland <unfixed>
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
        [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/2
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043
-CVE-2026-55999 [glamor Font Atlas Heap Buffer Overflow]
+CVE-2026-55999 (Local attackers with a X connection able to provide PCX fonts 
to the X ...)
        - xorg-server <unfixed>
        - xwayland <unfixed>
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -412,7 +742,7 @@ CVE-2026-14740 (DBI versions before 1.650 for Perl read one 
byte out-of-bounds i
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41625532/
        NOTE: 
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg
        NOTE: Fixed by: 
https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01
 (1.650)
-CVE-2026-39822
+CVE-2026-39822 (On Unix systems, opening a file in an os.Root improperly 
follows symli ...)
        - golang-1.27 1.27~rc2-1
        - golang-1.26 1.26.5-1
        - golang-1.25 1.25.12-1
@@ -424,7 +754,7 @@ CVE-2026-39822
        NOTE: https://github.com/golang/go/issues/79005
        NOTE: Fixed by: 
https://github.com/golang/go/commit/f9ef7f55988f03afeb3b8354367d0fa8d053683d 
(go1.26.5)
        NOTE: Fixed by: 
https://github.com/golang/go/commit/c94048f5638bbcaa22102bade5e9774e0d485315 
(go1.25.12)
-CVE-2026-42505
+CVE-2026-42505 (Handshakes which used Encrypted Client Hello could be 
de-anonymized by ...)
        - golang-1.27 1.27~rc2-1
        - golang-1.26 1.26.5-1
        - golang-1.25 1.25.12-1
@@ -888,9 +1218,9 @@ CVE-2026-33630
        NOTE: 
https://github.com/c-ares/c-ares/security/advisories/GHSA-6wfj-rwm7-3542
        NOTE: Fixed by: 
https://github.com/c-ares/c-ares/commit/1fa3b86a0b8d18fe7b60f3228a01d770feb026bc
 (main)
        NOTE: Fixed by: 
https://github.com/c-ares/c-ares/commit/d823199b688052dcdc1646f2ab4cb8c16b1c644a
 (v1.34.7)
-CVE-2026-9182 (ArcGIS Server contains an unrestricted file upload 
vulnerability. An u ...)
+CVE-2026-9182 (Esri ArcGIS Server contains an unrestricted file upload 
vulnerability. ...)
        NOT-FOR-US: Esri
-CVE-2026-9181 (ArcGIS Server contains a directory traversal vulnerability.  An 
unauth ...)
+CVE-2026-9181 (Esri ArcGIS Server contains a directory traversal 
vulnerability. ArcGI ...)
        NOT-FOR-US: Esri
 CVE-2026-9165 (A flaw was found in Red Hat Advanced Cluster Security for 
Kubernetes ( ...)
        NOT-FOR-US: Red Hat Advanced Cluster Security for Kubernetes (RHACS)
@@ -2015,7 +2345,7 @@ CVE-2026-58579 (RAGFlow before 0.26.3 stores an agent 
pipeline (DSL) node name w
        NOT-FOR-US: RAGFlow
 CVE-2026-58578 (LobeChat before version 2.2.10-canary.15 contains a regular 
expression ...)
        NOT-FOR-US: LobeChat
-CVE-2026-58467 (Cockpit CMS before release 364 contains a path traversal and 
local fil ...)
+CVE-2026-58467 (Cockpit CMS through 2.14.0 contains a path traversal and local 
file in ...)
        NOT-FOR-US: Cockpit CMS
 CVE-2026-58466 (AutoBangumi before 3.2.8 contains a hard-coded default 
credentials vul ...)
        NOT-FOR-US: AutoBangumi
@@ -3096,6 +3426,7 @@ CVE-2026-55597 (ImageMagick is free and open-source 
software used for editing an
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/277541927c2de8317d4167ee16d57375f24971d3
 (7.1.2-26)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/d241c85d93e4684f84201bd08f4aad80eac44f4a
 (6.9.13-51)
 CVE-2026-55595 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       {DSA-6383-1}
        - imagemagick 8:7.1.2.26+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/549fdf2195bbac1c93e736c04f416d4d9a5d05a8
 (7.1.2-26)
@@ -224719,7 +225050,7 @@ CVE-2024-50563 (A weak authentication in Fortinet 
FortiManager Cloud, FortiAnaly
        NOT-FOR-US: FortiGuard
 CVE-2024-48885 (A improper limitation of a pathname to a restricted directory 
('path t ...)
        NOT-FOR-US: FortiGuard
-CVE-2024-45331 (A incorrect privilege assignment in Fortinet FortiAnalyzer 
versions 7. ...)
+CVE-2024-45331 (A incorrect privilege assignment vulnerability in Fortinet 
FortiAnalyz ...)
        NOT-FOR-US: FortiGuard
 CVE-2024-41746 (IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is 
vulnerable to st ...)
        NOT-FOR-US: IBM
@@ -226054,7 +226385,7 @@ CVE-2024-35278 (A improper neutralization of special 
elements used in an sql com
        NOT-FOR-US: Wavlink
 CVE-2024-35277 (A missing authentication for critical function in Fortinet 
FortiPortal ...)
        NOT-FOR-US: Fortinet
-CVE-2024-35276 (A stack-based buffer overflow in Fortinet FortiAnalyzer 
versions 7.4.0 ...)
+CVE-2024-35276 (A stack-based buffer overflow vulnerability in Fortinet 
FortiAnalyzer  ...)
        NOT-FOR-US: Fortinet
 CVE-2024-35275 (A improper neutralization of special elements used in an sql 
command ( ...)
        NOT-FOR-US: Fortinet
@@ -226064,7 +226395,7 @@ CVE-2024-34544 (A command injection vulnerability 
exists in the wireless.cgi Add
        NOT-FOR-US: Wavlink
 CVE-2024-34166 (An os command injection vulnerability exists in the 
touchlist_sync.cgi ...)
        NOT-FOR-US: Wavlink
-CVE-2024-33503 (A improper privilege management in Fortinet FortiManager 
version 7.4.0 ...)
+CVE-2024-33503 (A improper privilege management vulnerability in Fortinet 
FortiManager ...)
        NOT-FOR-US: Fortinet
 CVE-2024-33502 (An improper limitation of a pathname to a restricted directory 
('path  ...)
        NOT-FOR-US: Fortinet
@@ -285712,7 +286043,7 @@ CVE-2024-28103 (Action Pack is a framework for 
handling and responding to web re
        NOTE: 
https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
        NOTE: 
https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523 
(main)
        NOTE: 
https://github.com/rails/rails/commit/b329b261dd32a61316f2831788d6078ca0563ab6 
(v6.1.7.8)
-CVE-2024-23669 (An improper authorization in Fortinet FortiWebManager version 
7.2.0 an ...)
+CVE-2024-23669 (An improper authorization in Fortinet FortiWebManager 7.2.0, 
FortiWebM ...)
        NOT-FOR-US: Fortinet
 CVE-2024-23326 (Envoy is a cloud-native, open source edge and service proxy. A 
theoret ...)
        - envoyproxy <itp> (bug #987544)
@@ -286161,11 +286492,11 @@ CVE-2024-31684 (Incorrect access control in the 
fingerprint authentication mecha
        NOT-FOR-US: Bitdefender Mobile Security
 CVE-2024-31682 (Incorrect access control in the fingerprint authentication 
mechanism o ...)
        NOT-FOR-US: phone-cleaner
-CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager version 
7.2.0 an ...)
+CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager 7.2.0, 
FortiWebM ...)
        NOT-FOR-US: FortiGuard
-CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager version 
7.2.0 an ...)
+CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager 7.2.0, 
FortiWebM ...)
        NOT-FOR-US: FortiGuard
-CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager version 
7.2.0 an ...)
+CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager 7.2.0, 
FortiWebM ...)
        NOT-FOR-US: FortiGuard
 CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in 
FortiWeb  ...)
        NOT-FOR-US: FortiGuard
@@ -315696,9 +316027,9 @@ CVE-2023-46717 (An improper authentication 
vulnerability [CWE-287] in FortiOS ve
        NOT-FOR-US: FortiGuard
 CVE-2023-45793 (A vulnerability has been identified in Siveillance Control 
(All versio ...)
        NOT-FOR-US: Siemens
-CVE-2023-42790 (A stack-based buffer overflow in Fortinet FortiOS 7.4.0 
through 7.4.1, ...)
+CVE-2023-42790 (A stack-based buffer overflow vulnerability in Fortinet 
FortiOS 7.4.0  ...)
        NOT-FOR-US: FortiGuard
-CVE-2023-42789 (A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 
7.2.0 t ...)
+CVE-2023-42789 (A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 
through  ...)
        NOT-FOR-US: FortiGuard
 CVE-2023-41842 (A use of externally-controlled format string vulnerability 
[CWE-134] v ...)
        NOT-FOR-US: FortiGuard



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c6fb84cd8ce5ba75c01fc7a7c68e230811e696

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c6fb84cd8ce5ba75c01fc7a7c68e230811e696
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to