Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1b1f2ee7 by security tracker role at 2026-07-09T07:13:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,82 +1,348 @@
-CVE-2026-15112
+CVE-2026-8801 (Path equivalence: vulnerability in Progress MOVEit Transfer 
(File Uplo ...)
+       TODO: check
+CVE-2026-8800 (Incorrect Authorization vulnerability in Progress MOVEit 
Transfer (Aud ...)
+       TODO: check
+CVE-2026-8651 (Limited authentication bypass by spoofing vulnerability in 
Progress MO ...)
+       TODO: check
+CVE-2026-8650 (Relative path traversal vulnerability in Progress MOVEit 
Transfer (Adm ...)
+       TODO: check
+CVE-2026-8649 (Improper Neutralization of Special Elements in Data Query Logic 
vulner ...)
+       TODO: check
+CVE-2026-8472 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-7492 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-6896 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-6352 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-60105 (Monsta FTP before 2.14.5 contains a server-side request 
forgery vulner ...)
+       TODO: check
+CVE-2026-60104 (Bitwarden Server before 2026.6.0 does not verify that the 
email in a P ...)
+       TODO: check
+CVE-2026-5923 (Malicious use of a stolen cookie might allow modifications to 
the cont ...)
+       TODO: check
+CVE-2026-5922 (The IP phone might use malicious input stored in configuration 
paramet ...)
+       TODO: check
+CVE-2026-5523 (The Divi Form Builder plugin for WordPress is vulnerable to 
Missing Au ...)
+       TODO: check
+CVE-2026-59948 (Composer is a dependency Manager for the PHP language. Prior 
to 2.2.29 ...)
+       TODO: check
+CVE-2026-59947 (Composer is a dependency Manager for the PHP language. Prior 
to 2.2.29 ...)
+       TODO: check
+CVE-2026-59946 (Composer is a dependency Manager for the PHP language. Prior 
to 2.2.29 ...)
+       TODO: check
+CVE-2026-59939 (httplib2 is a comprehensive HTTP client library for Python. 
Prior to 0 ...)
+       TODO: check
+CVE-2026-59936 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.14 ...)
+       TODO: check
+CVE-2026-59935 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.14 ...)
+       TODO: check
+CVE-2026-59822 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
+       TODO: check
+CVE-2026-59821 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
+       TODO: check
+CVE-2026-59820 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
+       TODO: check
+CVE-2026-59819 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
+       TODO: check
+CVE-2026-59818 (etcd is a distributed key-value store for the data of a 
distributed sy ...)
+       TODO: check
+CVE-2026-59807 (Composio SDK before 0.2.32-beta.283 contains a path validation 
bypass  ...)
+       TODO: check
+CVE-2026-59806 (Gradio before 6.20.0 contains an open redirect and server-side 
request ...)
+       TODO: check
+CVE-2026-59805 (Gumroad before 2026.07.06.2 contains a broken access control 
vulnerabi ...)
+       TODO: check
+CVE-2026-59804 (Midscene Bridge Server through 1.10.3, fixed in commit 
86f4118, contai ...)
+       TODO: check
+CVE-2026-59803 (rpcx through 1.9.3, fixed in commit 047aec1, contains a 
denial-of-serv ...)
+       TODO: check
+CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI schemes in URL 
push paylo ...)
+       TODO: check
+CVE-2026-59723 (Cline is an autonomous coding agent as an SDK, IDE extension, 
or CLI a ...)
+       TODO: check
+CVE-2026-58525 (Improper access control in Microsoft Edge (Chromium-based) 
allows an u ...)
+       TODO: check
+CVE-2026-58501 (Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, 
Settings.forbid ...)
+       TODO: check
+CVE-2026-58494 (Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 
36.0.12, 45.0 ...)
+       TODO: check
+CVE-2026-58192 (Appium is a cross-platform automation framework for all kinds 
of apps, ...)
+       TODO: check
+CVE-2026-58191 (Appium is a cross-platform automation framework for all kinds 
of apps, ...)
+       TODO: check
+CVE-2026-57481 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
+CVE-2026-57480 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
+CVE-2026-56669 (Elysia is a Typescript framework for request validation, type 
inferenc ...)
+       TODO: check
+CVE-2026-55878 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 
before 2 ...)
+       TODO: check
+CVE-2026-55877 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 
before 2 ...)
+       TODO: check
+CVE-2026-55849 (@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of 
Materials  ...)
+       TODO: check
+CVE-2026-55778 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
+CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache 
templates wi ...)
+       TODO: check
+CVE-2026-55596 (Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 
until 5 ...)
+       TODO: check
+CVE-2026-55575 (LiquidJS is a Shopify / GitHub Pages compatible template 
engine in pur ...)
+       TODO: check
+CVE-2026-55542 (Snipe-IT is an IT asset/license management system. Prior to 
version 8. ...)
+       TODO: check
+CVE-2026-55471 (HAPI FHIR is a complete implementation of the HL7 FHIR 
standard for he ...)
+       TODO: check
+CVE-2026-55470 (HAPI FHIR is a complete implementation of the HL7 FHIR 
standard for he ...)
+       TODO: check
+CVE-2026-55404 (yt-dlp and youtube-dl are command-line audio/video 
downloaders. Prior  ...)
+       TODO: check
+CVE-2026-55206 (py7zr is a Python-based library and utility to support 7zip 
archive co ...)
+       TODO: check
+CVE-2026-55195 (py7zr is a Python-based library and utility to support 7zip 
archive co ...)
+       TODO: check
+CVE-2026-54784 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54783 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54782 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54781 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54780 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54779 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54778 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54777 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54776 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54775 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54774 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54773 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54772 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
+       TODO: check
+CVE-2026-54591 (AsyncSSH is a Python package which provides an asynchronous 
client and ...)
+       TODO: check
+CVE-2026-54590 (AsyncSSH is a Python package which provides an asynchronous 
client and ...)
+       TODO: check
+CVE-2026-54528 (JupyterLab Git is a Git extension for JupyterLab. Prior to 
0.54.0, jup ...)
+       TODO: check
+CVE-2026-54527 (JupyterLab Git is a Git extension for JupyterLab. From 
0.30.0b3 before ...)
+       TODO: check
+CVE-2026-54499 (Stanza is a Stanford NLP Python library for tokenization, 
sentence seg ...)
+       TODO: check
+CVE-2026-53624 (Fiber is an Express inspired web framework written in Go. 
Prior to 3.4 ...)
+       TODO: check
+CVE-2026-52200 (An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows 
a remot ...)
+       TODO: check
+CVE-2026-51535 (In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion 
(Denial of Ser ...)
+       TODO: check
+CVE-2026-49866 (libp2p is a JavaScript Implementation of libp2p networking 
stack. Prio ...)
+       TODO: check
+CVE-2026-48492 (Snipe-IT is an IT asset/license management system. Prior to 
version 8. ...)
+       TODO: check
+CVE-2026-47840 (A network attacker positioned between UAA and its LDAP 
directory can i ...)
+       TODO: check
+CVE-2026-47831 (Use of a cryptographically weak random number generator in the 
Generat ...)
+       TODO: check
+CVE-2026-47830 (Incorrect Permission Assignment in BOSH.Utils.psm1 in 
BOSH-Ecosystem b ...)
+       TODO: check
+CVE-2026-47829 (Argument Injection in bosh-cli allows a compromised BOSH 
Director to i ...)
+       TODO: check
+CVE-2026-47828 (During bosh create-env and bosh delete-env, the CLI uploads 
compiled C ...)
+       TODO: check
+CVE-2026-47826 (The blobs.yml path key traversal vulnerability in the BOSH CLI 
tool al ...)
+       TODO: check
+CVE-2026-47646 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-45045 (Fiber is an Express inspired web framework written in Go. 
Prior to 3.3 ...)
+       TODO: check
+CVE-2026-44512 (Open Neural Network Exchange (ONNX) is an open standard for 
machine le ...)
+       TODO: check
+CVE-2026-44332 (Fiber is an Express inspired web framework written in Go. 
Prior to 3.3 ...)
+       TODO: check
+CVE-2026-44161 (Fluentd collects events from various data sources and writes 
them to f ...)
+       TODO: check
+CVE-2026-44160 (Fluentd collects events from various data sources and writes 
them to f ...)
+       TODO: check
+CVE-2026-44025 (Fluentd collects events from various data sources and writes 
them to f ...)
+       TODO: check
+CVE-2026-44024 (Fluentd collects events from various data sources and writes 
them to f ...)
+       TODO: check
+CVE-2026-41857 (A compromised or malicious BOSH Director can execute arbitrary 
shell c ...)
+       TODO: check
+CVE-2026-39179 (A SQL injection vulnerability in SOGo before 5.12.7 allows 
authenticat ...)
+       TODO: check
+CVE-2026-39178 (A SQL injection vulnerability in SOGo before 5.12.7 allows 
authenticat ...)
+       TODO: check
+CVE-2026-36028 (A protection mechanism failure in the Code 27 Companion Hub 
allows an  ...)
+       TODO: check
+CVE-2026-36027 (An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a 
physicall ...)
+       TODO: check
+CVE-2026-35552 (In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and 
UDiTH Portal ...)
+       TODO: check
+CVE-2026-35211 (OpenCTI is an open source platform for managing cyber threat 
intellige ...)
+       TODO: check
+CVE-2026-35210 (OpenCTI is an open source platform for managing cyber threat 
intellige ...)
+       TODO: check
+CVE-2026-31309 (Improper authorization in the /tequilapi/config/user endpoint 
of Myste ...)
+       TODO: check
+CVE-2026-15174 (Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 
to 4.6.6  ...)
+       TODO: check
+CVE-2026-15173 (pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows 
denial of  ...)
+       TODO: check
+CVE-2026-15172 (FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 
4.6.6 and 4. ...)
+       TODO: check
+CVE-2026-15171 (SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 
4.4.0 to  ...)
+       TODO: check
+CVE-2026-15170 (Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 
and 4.4.0  ...)
+       TODO: check
+CVE-2026-15169 (UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 
and 4.4.0 ...)
+       TODO: check
+CVE-2026-15168 (BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 
4.4.16 allows ...)
+       TODO: check
+CVE-2026-15167 (DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 
and 4.4.0 ...)
+       TODO: check
+CVE-2026-15166 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 
4.6.6 and 4 ...)
+       TODO: check
+CVE-2026-15165 (TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows 
denial of s ...)
+       TODO: check
+CVE-2026-15164 (Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows 
denial of ...)
+       TODO: check
+CVE-2026-15163 (Multiple protocol dissector infinite loops in Wireshark 4.6.0 
to 4.6.6 ...)
+       TODO: check
+CVE-2026-15154 (A flaw was found in `guardrails-detectors`, a component of Red 
Hat Ope ...)
+       TODO: check
+CVE-2026-15138 (A security vulnerability has been detected in tumf 
mcp-text-editor up  ...)
+       TODO: check
+CVE-2026-15137 (A weakness has been identified in code-projects Interview 
Management S ...)
+       TODO: check
+CVE-2026-15135 (A security flaw has been discovered in code-projects Online 
Food Order ...)
+       TODO: check
+CVE-2026-15134 (A vulnerability was determined in CodeAstro Simple Online 
Leave Manage ...)
+       TODO: check
+CVE-2026-15105 (A flaw has been found in davenardella snap7 up to 1.4.3. This 
affects  ...)
+       TODO: check
+CVE-2026-14896 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a 
cross-namespa ...)
+       TODO: check
+CVE-2026-14891 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a 
sandbox escap ...)
+       TODO: check
+CVE-2026-14373 (HashiCorp Nomad and Nomad Enterprise did not enforce the 
allow_privile ...)
+       TODO: check
+CVE-2026-14361 (The consul-template library before version 0.42.1 is 
vulnerable to a p ...)
+       TODO: check
+CVE-2026-13320 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-13151 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-12517 (The Fediverse Embeds WordPress plugin before 1.5.8 does not 
validate t ...)
+       TODO: check
+CVE-2026-12516 (The Fediverse Embeds WordPress plugin before 1.5.8 does not 
validate t ...)
+       TODO: check
+CVE-2026-12270 (The Everest Forms  WordPress plugin before 3.5.0 does not 
correctly re ...)
+       TODO: check
+CVE-2026-11875 (The WP Support Plus Responsive Ticket System WordPress plugin 
through  ...)
+       TODO: check
+CVE-2026-11869 (The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does 
not perf ...)
+       TODO: check
+CVE-2026-11827 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-11571 (The Everest Forms  WordPress plugin before 3.5.0 does not 
reliably del ...)
+       TODO: check
+CVE-2026-10037 (A sandbox escape vulnerability exists in the OpenJDK packages 
provided ...)
+       TODO: check
+CVE-2026-0288 (Multiple buffer overflow vulnerabilities in the User-ID 
Terminal Serve ...)
+       TODO: check
+CVE-2025-12506 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-15112 (Use after free in Ozone in Google Chrome prior to 
150.0.7871.115 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15129
+CVE-2026-15129 (Use after free in Views in Google Chrome prior to 
150.0.7871.115 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15132
+CVE-2026-15132 (Uninitialized Use in V8 in Google Chrome prior to 
150.0.7871.115 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15133
+CVE-2026-15133 (Use after free in InterestGroups in Google Chrome prior to 
150.0.7871. ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15108
+CVE-2026-15108 (Integer overflow in Extensions API in Google Chrome prior to 
150.0.787 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15109
+CVE-2026-15109 (Uninitialized Use in ANGLE in Google Chrome prior to 
150.0.7871.115 al ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15110
+CVE-2026-15110 (Use after free in Extensions in Google Chrome prior to 
150.0.7871.115  ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15111
+CVE-2026-15111 (Use after free in Views in Google Chrome prior to 
150.0.7871.115 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15113
+CVE-2026-15113 (Use after free in Autofill in Google Chrome on Android prior 
to 150.0. ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15114
+CVE-2026-15114 (Out of bounds read and write in Codecs in Google Chrome prior 
to 150.0 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15115
+CVE-2026-15115 (Insufficient validation of untrusted input in WebAppInstalls 
in Google ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15116
+CVE-2026-15116 (Use after free in Actor in Google Chrome prior to 
150.0.7871.115 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15117
+CVE-2026-15117 (Use after free in Payments in Google Chrome prior to 
150.0.7871.115 al ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15118
+CVE-2026-15118 (Use after free in Input in Google Chrome prior to 
150.0.7871.115 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15119
+CVE-2026-15119 (Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 
allowed  ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15120
+CVE-2026-15120 (Use after free in Core in Google Chrome on Windows prior to 
150.0.7871 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15121
+CVE-2026-15121 (Use after free in WebRTC in Google Chrome prior to 
150.0.7871.115 allo ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15122
+CVE-2026-15122 (Insufficient validation of untrusted input in Codecs in Google 
Chrome  ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15123
+CVE-2026-15123 (Inappropriate implementation in DOM in Google Chrome prior to 
150.0.78 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15124
+CVE-2026-15124 (Insufficient policy enforcement in Passwords in Google Chrome 
prior to ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15125
+CVE-2026-15125 (Inappropriate implementation in Forms in Google Chrome prior 
to 150.0. ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15126
+CVE-2026-15126 (Use after free in Forms in Google Chrome prior to 
150.0.7871.115 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15127
+CVE-2026-15127 (Inappropriate implementation in WebGL in Google Chrome prior 
to 150.0. ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15128
+CVE-2026-15128 (Inappropriate implementation in Forms in Google Chrome prior 
to 150.0. ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15130
+CVE-2026-15130 (Insufficient policy enforcement in Navigation in Google Chrome 
prior t ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15107
+CVE-2026-15107 (Use after free in IndexedDB in Google Chrome prior to 
150.0.7871.115 a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15131
+CVE-2026-15131 (Inappropriate implementation in Navigation in Google Chrome 
prior to 1 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-9074 (IBM API Connect 10.0.8.0 through 10.0.8.9 and12.1.0.0 through 
12.1.0.3 ...)
@@ -2309,48 +2575,49 @@ CVE-2026-12893 [gstreamer1-libav: gstreamer1-libav: 
NULL pointer dereference in
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f9a43351c18cef873e4d2d062d0d388ce0cf21a7
 (1.24 branch)
 CVE-2024-0234
        NOT-FOR-US: Podman Desktop
-CVE-2026-58207
+CVE-2026-58207 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.3-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-q59r-vq66-pxc2
-CVE-2026-58208
+CVE-2026-58208 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.3-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-p957-7v2w-g93g
-CVE-2026-58209
+CVE-2026-58209 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.3-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-7qmq-8cc4-hxwg
-CVE-2026-58210
+CVE-2026-58210 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.3-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-r72h-j7qq-v6qg
-CVE-2026-58211
+CVE-2026-58211 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.3-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-hmmp-q8cx-v964
 CVE-2026-58212
+       REJECTED
        - nats-server 2.14.3-1
        - golang-github-nats-io-nkeys <unfixed>
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-g33f-6538-grxh
-CVE-2026-58214
+CVE-2026-58214 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.3-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-4g68-3pwx-5vfj
        NOTE: CVE is for incomplete fixes of CVE-2026-33217.
-CVE-2026-58254
+CVE-2026-58254 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.3-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-p3j5-5hrq-p75h
        NOTE: CVE is for incomplete fixes of CVE-2026-33249.
-CVE-2026-58213
+CVE-2026-58213 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.1-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-qrcv-3558-gj4f
-CVE-2026-58250
+CVE-2026-58250 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.1-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67
        NOTE: CVE is for incomplete fixes of CVE-2026-29785 and CVE-2026-33218 
in 2.12.7 and
        NOTE: 2.11.16, mark the first version following (2.14.1-1) as the fixed 
one in Debian.
-CVE-2026-58251
+CVE-2026-58251 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.1-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-jx8g-9g95-6322
-CVE-2026-58252
+CVE-2026-58252 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.1-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-wh7g-5m82-pmhr
-CVE-2026-58253
+CVE-2026-58253 (NATS Server is a high-performance server for NATS.io, the 
cloud and ed ...)
        - nats-server 2.14.1-1
        NOTE: 
https://github.com/nats-io/nats-server/security/advisories/GHSA-38x3-76xf-cq45
 CVE-2026-9756 (The GenerateBlocks plugin for WordPress is vulnerable to Stored 
Cross- ...)
@@ -12124,7 +12391,7 @@ CVE-2026-48785
        NOTE: Fixed by: 
https://github.com/apptainer/apptainer/commit/4ce069ed6e56e1acd8cbfbfc0d57ccce3311bf92
 (v1.5.1)
 CVE-2026-54503
        NOT-FOR-US: Plone
-CVE-2026-55830
+CVE-2026-55830 (RestrictedPython is a tool that helps to define a subset of 
the Python ...)
        NOT-FOR-US: Plone
 CVE-2026-55099
        NOT-FOR-US: Plone
@@ -19717,13 +19984,13 @@ CVE-2026-50636 (The RemoteControl API methods 
invite_participants and remind_par
        - limesurvey <itp> (bug #472802)
 CVE-2026-50635 (LimeSurvey constructs account password-reset links from the 
client-sup ...)
        - limesurvey <itp> (bug #472802)
-CVE-2026-50512 (Improper link resolution before file access ('link following') 
in Micr ...)
+CVE-2026-50512 (Missing authentication for critical function in Microsoft PC 
Manager a ...)
        NOT-FOR-US: Microsoft
 CVE-2026-50511 (Improper link resolution before file access ('link following') 
in Micr ...)
        NOT-FOR-US: Microsoft
 CVE-2026-50508 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-50507 (Protection mechanism failure in Windows BitLocker allows an 
unauthoriz ...)
+CVE-2026-50507 (Missing authentication for critical function in Windows 
BitLocker allo ...)
        NOT-FOR-US: Microsoft
 CVE-2026-4058 (The User Frontend: AI Powered Frontend Posting, User Directory, 
Profil ...)
        NOT-FOR-US: WordPress plugin
@@ -19781,15 +20048,15 @@ CVE-2026-49160 (Uncontrolled resource consumption in 
HTTP/2 allows an unauthoriz
        NOT-FOR-US: Microsoft
 CVE-2026-48583 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
        NOT-FOR-US: Microsoft
-CVE-2026-48578 (Protection mechanism failure in Windows Secure Boot allows an 
authoriz ...)
+CVE-2026-48578 (Improper access control in Windows Secure Boot allows an 
authorized at ...)
        NOT-FOR-US: Microsoft
-CVE-2026-48576 (Protection mechanism failure in Windows Secure Boot allows an 
authoriz ...)
+CVE-2026-48576 (No cwe for this issue in Windows Secure Boot allows an 
authorized atta ...)
        NOT-FOR-US: Microsoft
 CVE-2026-48575 (Protection mechanism failure in Windows Secure Boot allows an 
authoriz ...)
        NOT-FOR-US: Microsoft
 CVE-2026-48574 (Heap-based buffer overflow in Windows Media allows an 
unauthorized att ...)
        NOT-FOR-US: Microsoft
-CVE-2026-48573 (Protection mechanism failure in Windows Secure Boot allows an 
authoriz ...)
+CVE-2026-48573 (No cwe for this issue in Windows Secure Boot allows an 
authorized atta ...)
        NOT-FOR-US: Microsoft
 CVE-2026-48570 (Protection mechanism failure in Windows Secure Boot allows an 
authoriz ...)
        NOT-FOR-US: Microsoft
@@ -19801,11 +20068,11 @@ CVE-2026-48566 (Out-of-bounds read in Windows DWM 
Core Library allows an authori
        NOT-FOR-US: Microsoft
 CVE-2026-48565 (Untrusted search path in Windows Narrator Braille allows an 
authorized ...)
        NOT-FOR-US: Microsoft
-CVE-2026-48563 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+CVE-2026-48563 (Use after free in Remote Desktop Client allows an unauthorized 
attacke ...)
        NOT-FOR-US: Microsoft
 CVE-2026-48562 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
-CVE-2026-48560 (Improper neutralization of input during web page generation 
('cross-si ...)
+CVE-2026-48560 (Deserialization of untrusted data in Microsoft Office 
SharePoint allow ...)
        NOT-FOR-US: Microsoft
 CVE-2026-48304 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and 
earlier ...)
        NOT-FOR-US: Adobe
@@ -19929,17 +20196,17 @@ CVE-2026-47899 (The Electron preload script in Logseq 
exposes an API method that
        NOT-FOR-US: Logseq
 CVE-2026-47656 (Protection mechanism failure in Windows Boot Manager allows an 
authori ...)
        NOT-FOR-US: Microsoft
-CVE-2026-47654 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+CVE-2026-47654 (Use after free in Remote Desktop Client allows an unauthorized 
attacke ...)
        NOT-FOR-US: Microsoft
-CVE-2026-47653 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+CVE-2026-47653 (Use after free in Remote Desktop Client allows an unauthorized 
attacke ...)
        NOT-FOR-US: Microsoft
-CVE-2026-47652 (Out-of-bounds read in Windows Hyper-V allows an unauthorized 
attacker  ...)
+CVE-2026-47652 (Heap-based buffer overflow in Windows Hyper-V allows an 
authorized att ...)
        NOT-FOR-US: Microsoft
 CVE-2026-47648 (Untrusted search path in Windows Storage allows an authorized 
attacker ...)
        NOT-FOR-US: Microsoft
 CVE-2026-47643 (External control of file name or path in Azure Stack Edge 
allows an un ...)
        NOT-FOR-US: Microsoft
-CVE-2026-47641 (Improper neutralization of input during web page generation 
('cross-si ...)
+CVE-2026-47641 (Improper input validation in Microsoft Office SharePoint 
allows an aut ...)
        NOT-FOR-US: Microsoft
 CVE-2026-47640 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
@@ -19951,9 +20218,9 @@ CVE-2026-47637 (Improper neutralization of input during 
web page generation ('cr
        NOT-FOR-US: Microsoft
 CVE-2026-47636 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
-CVE-2026-47635 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+CVE-2026-47635 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-47634 (Improper neutralization of input during web page generation 
('cross-si ...)
+CVE-2026-47634 (Improper neutralization of special elements in output used by 
a downst ...)
        NOT-FOR-US: Microsoft
 CVE-2026-47631 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
@@ -19989,7 +20256,7 @@ CVE-2026-47287 (Relative path traversal in Visual 
Studio Code allows an unauthor
        NOT-FOR-US: Microsoft
 CVE-2026-47284 (Exposure of sensitive information to an unauthorized actor in 
Visual S ...)
        NOT-FOR-US: Microsoft
-CVE-2026-47281 (Improper input validation in Visual Studio Code allows an 
unauthorized ...)
+CVE-2026-47281 (Missing authorization in Visual Studio Code allows an 
unauthorized att ...)
        NOT-FOR-US: Microsoft
 CVE-2026-46749 (A vulnerability has been identified in SINEC INS (All versions 
< V1.0  ...)
        NOT-FOR-US: Siemens
@@ -20003,7 +20270,7 @@ CVE-2026-46492 (md-fileserver allows for local viewing 
of markdown files in a br
        NOT-FOR-US: md-fileserver
 CVE-2026-45771 (FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital tr ...)
        - freeswitch <itp> (bug #389591)
-CVE-2026-45658 (Protection mechanism failure in Windows BitLocker allows an 
unauthoriz ...)
+CVE-2026-45658 (Improper access control in Windows BitLocker allows an 
authorized atta ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45657 (Use after free in Windows Kernel allows an unauthorized 
attacker to ex ...)
        NOT-FOR-US: Microsoft
@@ -20011,9 +20278,9 @@ CVE-2026-45656 (Protection mechanism failure in Windows 
UEFI allows an authorize
        NOT-FOR-US: Microsoft
 CVE-2026-45655 (Protection mechanism failure in Windows BitLocker allows an 
unauthoriz ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45654 (Protection mechanism failure in Windows Secure Boot allows an 
authoriz ...)
+CVE-2026-45654 (Improper access control in Windows Secure Boot allows an 
authorized at ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45653 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+CVE-2026-45653 (Heap-based buffer overflow in Windows Kernel allows an 
authorized atta ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45650 (User interface (ui) misrepresentation of critical information 
in Micro ...)
        NOT-FOR-US: Microsoft
@@ -20023,7 +20290,7 @@ CVE-2026-45648 (Stack-based buffer overflow in Active 
Directory Domain Services
        NOT-FOR-US: Microsoft
 CVE-2026-45647 (Time-of-check time-of-use (toctou) race condition in Microsoft 
Defende ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45645 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+CVE-2026-45645 (Untrusted pointer dereference in Microsoft Office allows an 
unauthoriz ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45644 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
@@ -20031,7 +20298,7 @@ CVE-2026-45643 (Untrusted pointer dereference in 
Microsoft Office Word allows an
        NOT-FOR-US: Microsoft
 CVE-2026-45642 (Improper input validation in Microsoft Azure Attestation 
service and D ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45641 (Out-of-bounds read in Windows Hyper-V allows an unauthorized 
attacker  ...)
+CVE-2026-45641 (Access of resource using incompatible type ('type confusion') 
in Windo ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45640 (Use after free in Windows Bluetooth Port Driver allows an 
authorized a ...)
        NOT-FOR-US: Microsoft
@@ -20043,11 +20310,11 @@ CVE-2026-45637 (Use after free in Windows DWM Core 
Library allows an authorized
        NOT-FOR-US: Microsoft
 CVE-2026-45636 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45635 (Use after free in Universal Plug and Play (upnp.dll) allows an 
unautho ...)
+CVE-2026-45635 (Access of resource using incompatible type ('type confusion') 
in Unive ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45634 (Out-of-bounds read in Windows DHCP Server allows an authorized 
attacke ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45608 (Out-of-bounds read in Windows DHCP Server allows an authorized 
attacke ...)
+CVE-2026-45608 (Out-of-bounds read in Windows DHCP Client allows an 
unauthorized attac ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45607 (Out-of-bounds read in Windows Hyper-V allows an unauthorized 
attacker  ...)
        NOT-FOR-US: Microsoft
@@ -20057,17 +20324,17 @@ CVE-2026-45605 (Use after free in Windows Bluetooth 
Service allows an authorized
        NOT-FOR-US: Microsoft
 CVE-2026-45604 (Out-of-bounds read in Windows Application Identity (AppID) 
Subsystem a ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45603 (Use after free in Windows Ancillary Function Driver for 
WinSock allows ...)
+CVE-2026-45603 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45602 (No cwe for this issue in Windows DHCP Server allows an 
unauthorized at ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45601 (Use after free in Windows Ancillary Function Driver for 
WinSock allows ...)
+CVE-2026-45601 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45600 (Access of resource using incompatible type ('type confusion') 
in Windo ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45599 (Use after free in Universal Plug and Play (upnp.dll) allows an 
unautho ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45598 (Use after free in Windows Ancillary Function Driver for 
WinSock allows ...)
+CVE-2026-45598 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45597 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
@@ -20091,11 +20358,11 @@ CVE-2026-45583 (Improper control of generation of 
code ('code injection') in Mic
        NOT-FOR-US: Microsoft
 CVE-2026-45504 (Server-side request forgery (ssrf) in Microsoft Exchange 
Server allows ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45503 (Server-side request forgery (ssrf) in Microsoft Exchange 
Server allows ...)
+CVE-2026-45503 (Improper authorization in Microsoft Exchange Server allows an 
authoriz ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45502 (Server-side request forgery (ssrf) in Microsoft Exchange 
Server allows ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45501 (Improper neutralization of input during web page generation 
('cross-si ...)
+CVE-2026-45501 (Server-side request forgery (ssrf) in Microsoft Exchange 
Server allows ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45500 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
@@ -20105,7 +20372,7 @@ CVE-2026-45490 (Improper authorization in .NET allows 
an authorized attacker to
        NOT-FOR-US: Microsoft
 CVE-2026-45487 (Time-of-check time-of-use (TOCTOU) race condition in Program 
Compatibi ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45486 (Untrusted pointer dereference in Microsoft Office Word allows 
an unaut ...)
+CVE-2026-45486 (Use after free in Microsoft Office Word allows an unauthorized 
attacke ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45485 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
        NOT-FOR-US: Microsoft
@@ -20113,7 +20380,7 @@ CVE-2026-45484 (Deserialization of untrusted data in 
Microsoft Office SharePoint
        NOT-FOR-US: Microsoft
 CVE-2026-45483 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45482 (Initialization of a resource with an insecure default in 
GitHub Copilo ...)
+CVE-2026-45482 (Improper limitation of a pathname to a restricted directory 
('path tra ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45481 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
@@ -20123,9 +20390,9 @@ CVE-2026-45476 (Use after free in Linux MANA Driver 
allows an authorized attacke
        NOT-FOR-US: Microsoft
 CVE-2026-45475 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45474 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+CVE-2026-45474 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45472 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+CVE-2026-45472 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45471 (Untrusted pointer dereference in Microsoft Office Word allows 
an unaut ...)
        NOT-FOR-US: Microsoft
@@ -20141,19 +20408,19 @@ CVE-2026-45465 (Improper neutralization of input 
during web page generation ('cr
        NOT-FOR-US: Microsoft
 CVE-2026-45464 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45463 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+CVE-2026-45463 (Integer underflow (wrap or wraparound) in Microsoft Office 
allows an u ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45462 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45461 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+CVE-2026-45461 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45460 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+CVE-2026-45460 (Buffer over-read in Microsoft Office allows an unauthorized 
attacker t ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45459 (Protection mechanism failure in Microsoft Office Excel allows 
an unaut ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45458 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+CVE-2026-45458 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45457 (Untrusted pointer dereference in Microsoft Office Word allows 
an unaut ...)
+CVE-2026-45457 (Out-of-bounds read in Microsoft Office Word allows an 
unauthorized att ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45456 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
        NOT-FOR-US: Microsoft
@@ -20165,19 +20432,19 @@ CVE-2026-45453 (Improper neutralization of input 
during web page generation ('cr
        NOT-FOR-US: Microsoft
 CVE-2026-44824 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-44823 (Integer underflow (wrap or wraparound) in Microsoft Office 
Excel allow ...)
+CVE-2026-44823 (Numeric truncation error in Microsoft Office Excel allows an 
unauthori ...)
        NOT-FOR-US: Microsoft
 CVE-2026-44822 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
        NOT-FOR-US: Microsoft
 CVE-2026-44821 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
        NOT-FOR-US: Microsoft
-CVE-2026-44820 (Integer underflow (wrap or wraparound) in Microsoft Office 
Excel allow ...)
+CVE-2026-44820 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
        NOT-FOR-US: Microsoft
 CVE-2026-44819 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-44818 (Integer underflow (wrap or wraparound) in Microsoft Office 
Excel allow ...)
+CVE-2026-44818 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
-CVE-2026-44817 (Integer underflow (wrap or wraparound) in Microsoft Office 
Excel allow ...)
+CVE-2026-44817 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
        NOT-FOR-US: Microsoft
 CVE-2026-44815 (Stack-based buffer overflow in Windows DHCP Client allows an 
unauthori ...)
        NOT-FOR-US: Microsoft
@@ -20187,13 +20454,13 @@ CVE-2026-44813 (Use after free in Windows DWM Core 
Library allows an authorized
        NOT-FOR-US: Microsoft
 CVE-2026-44812 (Integer overflow or wraparound in Windows Win32K - GRFX allows 
an unau ...)
        NOT-FOR-US: Microsoft
-CVE-2026-44811 (Use after free in Windows DWM Core Library allows an 
authorized attack ...)
+CVE-2026-44811 (Heap-based buffer overflow in Windows DWM Core Library allows 
an autho ...)
        NOT-FOR-US: Microsoft
 CVE-2026-44810 (Improper authentication in Windows Cryptographic Services 
allows an un ...)
        NOT-FOR-US: Microsoft
 CVE-2026-44809 (Use after free in Windows Common Log File System Driver allows 
an auth ...)
        NOT-FOR-US: Microsoft
-CVE-2026-44808 (Use after free in Windows DWM Core Library allows an 
authorized attack ...)
+CVE-2026-44808 (Heap-based buffer overflow in Windows DWM Core Library allows 
an autho ...)
        NOT-FOR-US: Microsoft
 CVE-2026-44807 (Use after free in Windows DWM Core Library allows an 
authorized attack ...)
        NOT-FOR-US: Microsoft
@@ -20205,7 +20472,7 @@ CVE-2026-44803 (Integer overflow or wraparound in 
Windows Win32K - GRFX allows a
        NOT-FOR-US: Microsoft
 CVE-2026-44802 (Use after free in Windows DWM Core Library allows an 
authorized attack ...)
        NOT-FOR-US: Microsoft
-CVE-2026-44801 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+CVE-2026-44801 (Use after free in Remote Desktop Client allows an unauthorized 
attacke ...)
        NOT-FOR-US: Microsoft
 CVE-2026-44799 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
        NOT-FOR-US: Microsoft
@@ -20225,7 +20492,7 @@ CVE-2026-42987 (Use after free in Windows Deployment 
Services allows an unauthor
        NOT-FOR-US: Microsoft
 CVE-2026-42986 (Use after free in Microsoft Graphics Component allows an 
authorized at ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42985 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+CVE-2026-42985 (Use after free in Remote Desktop Client allows an unauthorized 
attacke ...)
        NOT-FOR-US: Microsoft
 CVE-2026-42984 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
        NOT-FOR-US: Microsoft
@@ -20241,27 +20508,27 @@ CVE-2026-42978 (Concurrent execution using shared 
resource with improper synchro
        NOT-FOR-US: Microsoft
 CVE-2026-42977 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42974 (Integer underflow (wrap or wraparound) in Windows Performance 
Monitor  ...)
+CVE-2026-42974 (Integer overflow or wraparound in Windows Performance Monitor 
allows a ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42973 (Use of uninitialized resource in Windows Push Notifications 
allows an  ...)
+CVE-2026-42973 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
        NOT-FOR-US: Microsoft
 CVE-2026-42972 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42971 (Use of uninitialized resource in Windows Push Notifications 
allows an  ...)
+CVE-2026-42971 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42970 (Use of uninitialized resource in Windows Push Notifications 
allows an  ...)
+CVE-2026-42970 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
        NOT-FOR-US: Microsoft
 CVE-2026-42969 (Use of uninitialized resource in Windows Push Notifications 
allows an  ...)
        NOT-FOR-US: Microsoft
 CVE-2026-42968 (Out-of-bounds read in Windows Telephony Service allows an 
authorized a ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42916 (Integer underflow (wrap or wraparound) in Windows NT OS Kernel 
allows  ...)
+CVE-2026-42916 (Integer overflow or wraparound in Windows NT OS Kernel allows 
an autho ...)
        NOT-FOR-US: Microsoft
 CVE-2026-42915 (Incorrect calculation of buffer size in Windows VMSwitch 
allows an aut ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42914 (Windows Kerberos Denial of Service Vulnerability)
+CVE-2026-42914 (Out-of-bounds read in Windows Kerberos allows an authorized 
attacker t ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42913 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+CVE-2026-42913 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2026-42912 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
@@ -20269,7 +20536,7 @@ CVE-2026-42911 (Use after free in Windows Ancillary 
Function Driver for WinSock
        NOT-FOR-US: Microsoft
 CVE-2026-42910 (Out-of-bounds write in Windows Hotpatch Monitoring Service 
allows an a ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42909 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+CVE-2026-42909 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2026-42908 (Out-of-bounds read in Windows RDP allows an unauthorized 
attacker to d ...)
        NOT-FOR-US: Microsoft
@@ -20285,7 +20552,7 @@ CVE-2026-42903 (Null pointer dereference in Windows 
Kerberos allows an authorize
        NOT-FOR-US: Microsoft
 CVE-2026-42902 (Improper authorization in Microsoft PowerToys allows an 
authorized att ...)
        NOT-FOR-US: Microsoft
-CVE-2026-42837 (Buffer over-read in Windows Projected File System Filter 
Driver allows ...)
+CVE-2026-42837 (Out-of-bounds read in Windows Projected File System Filter 
Driver allo ...)
        NOT-FOR-US: Microsoft
 CVE-2026-42836 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
@@ -22461,7 +22728,7 @@ CVE-2026-45291 (Cloudburst Network provides network 
components used within Cloud
        NOT-FOR-US: Cloudburst Network
 CVE-2026-45290 (Cloudburst Network provides network components used within 
Cloudburst  ...)
        NOT-FOR-US: Cloudburst Network
-CVE-2026-42824 (Missing authentication for critical function in M365 Copilot 
allows an ...)
+CVE-2026-42824 (Improper neutralization of special elements used in a command 
('comman ...)
        NOT-FOR-US: Microsoft
 CVE-2026-41567 (Moby is an open source container framework. In versions prior 
to 29.5. ...)
        - docker.io 28.5.2+dfsg4-3 (bug #1139965)
@@ -101527,9 +101794,9 @@ CVE-2025-67147 (Multiple SQL Injection 
vulnerabilities exist in amansuryawanshi
        NOT-FOR-US: amansuryawanshi Gym-Management-System-PHP
 CVE-2025-67146 (Multiple SQL Injection vulnerabilities exist in AbhishekMali21 
GYM-MAN ...)
        NOT-FOR-US: AbhishekMali21 GYM-MANAGEMENT-SYSTEM
-CVE-2025-66177 (There is a Stack overflow Vulnerability in the device Search 
and Disco ...)
+CVE-2025-66177 (There is a Buffer overflow Vulnerability in the device Search 
and Disc ...)
        NOT-FOR-US: Hikvision
-CVE-2025-66176 (There is a Stack overflow Vulnerability in the device Search 
and Disco ...)
+CVE-2025-66176 (There is a Buffer overflow Vulnerability in the device Search 
and Disc ...)
        NOT-FOR-US: Hikvision
 CVE-2025-41717 (An unauthenticated remote attacker can trick a high privileged 
user in ...)
        NOT-FOR-US: Phoenix Contact
@@ -355974,7 +356241,7 @@ CVE-2023-39418 (A vulnerability was found in 
PostgreSQL with the use of the MERG
        NOTE: 
https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
        NOTE: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
 (REL_15_4)
 CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was 
found in Po ...)
-       {DSA-5554-1 DSA-5553-1 DLA-3600-1}
+       {DSA-6385-1 DSA-5554-1 DSA-5553-1 DLA-3600-1}
        - postgresql-15 15.4-1
        - postgresql-13 <removed>
        - postgresql-11 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b1f2ee79308f39d5fbd6313a82868cc1033c0ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b1f2ee79308f39d5fbd6313a82868cc1033c0ee
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to