Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef2ee18e by security tracker role at 2026-07-09T19:13:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,335 @@
+CVE-2026-9253 (The WP Cost Estimation & Payment Forms Builder (E&P Forms)
plugin for ...)
+ TODO: check
+CVE-2026-9240 (The Colissimo Officiel : M\xe9thodes de livraison pour
WooCommerce plu ...)
+ TODO: check
+CVE-2026-9237 (The Employee, Leave and Recruitment Management System \u2013
Crew HRM ...)
+ TODO: check
+CVE-2026-9235 (The DHL eCommerce (Benelux) for WooCommerce plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2026-9028 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-9027 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-9021 (The Easy Invoice plugin for WordPress is vulnerable to Missing
Authori ...)
+ TODO: check
+CVE-2026-8996 (The Backup and Staging by WP Time Capsule plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-8848 (The Popup Maker \u2013 Boost Sales, Conversions, Optins,
Subscribers w ...)
+ TODO: check
+CVE-2026-7558 (The Age Verification & Identity Verification by Token of Trust
plugin ...)
+ TODO: check
+CVE-2026-6910 (The Bookero.pl \u2013 system rezerwacji online plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-61474 (An improper authorization check in MISP\u2019s attribute
creation endp ...)
+ TODO: check
+CVE-2026-61344 (The Superior Court of California Hearing Reminder Service at
https://w ...)
+ TODO: check
+CVE-2026-61343 (LibreBooking's email template editor save action passes the
submitted ...)
+ TODO: check
+CVE-2026-60109 (Zeek before 8.0.9 contains a null pointer dereference
vulnerability in ...)
+ TODO: check
+CVE-2026-60108 (Zeek before 8.0.9 contains an uncontrolled memory consumption
vulnerab ...)
+ TODO: check
+CVE-2026-60095 (Vinchin Backup & Recovery through 9.0.0.86562 contains a stack
buffer ...)
+ TODO: check
+CVE-2026-60094 (Vinchin Backup & Recovery through 9.0.0.86562 contains a heap
buffer o ...)
+ TODO: check
+CVE-2026-5955 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-5793 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-5005 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-59827 (Metabase is an open-source business intelligence and embedded
analytic ...)
+ TODO: check
+CVE-2026-59826 (Metabase is an open-source business intelligence and embedded
analytic ...)
+ TODO: check
+CVE-2026-59817 (Ghost is a Node.js content management system. From 6.27.0
before 6.44. ...)
+ TODO: check
+CVE-2026-59734 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-59726 (Ruflo is an agent meta-harness for Claude Code and Codex.
Prior to 3.1 ...)
+ TODO: check
+CVE-2026-59721 (Hoppscotch is an open source API development ecosystem. Prior
to 2026. ...)
+ TODO: check
+CVE-2026-59720 (Hoppscotch is an open source API development ecosystem. Prior
to 2026. ...)
+ TODO: check
+CVE-2026-59715 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59692 (A stack buffer overflow vulnerability was found in GStreamer's
DTLS pl ...)
+ TODO: check
+CVE-2026-59691 (A heap buffer overflow vulnerability was found in GStreamer's
rfbsrc p ...)
+ TODO: check
+CVE-2026-59269 (A user authenticating to Kubernetes clusters via the Pinniped
Supervis ...)
+ TODO: check
+CVE-2026-59227 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59226 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59225 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59224 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59223 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59222 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59221 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59220 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59219 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59218 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59217 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59216 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59215 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59214 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59213 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59212 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
+ TODO: check
+CVE-2026-59209 (n8n is an open source workflow automation platform. Prior to
1.123.61, ...)
+ TODO: check
+CVE-2026-59208 (n8n is an open source workflow automation platform. Prior to
2.27.4 an ...)
+ TODO: check
+CVE-2026-59207 (n8n is an open source workflow automation platform. Prior to
2.27.4 an ...)
+ TODO: check
+CVE-2026-59206 (n8n is an open source workflow automation platform. Prior to
1.123.61, ...)
+ TODO: check
+CVE-2026-59149 (Mockoon provides way to design and run mock APIs. Prior to
9.7.0, a FI ...)
+ TODO: check
+CVE-2026-59148 (Mockoon provides way to design and run mock APIs. Prior to
9.7.0, Mock ...)
+ TODO: check
+CVE-2026-58459 (gpsd through release-3.27.5, fixed at commit 4c06658, contains
a comma ...)
+ TODO: check
+CVE-2026-58378 (Allwinner H616 TV Box TV98 has ADB enabled and exposed to the
network ...)
+ TODO: check
+CVE-2026-58307 (Out-of-bounds read, Reachable assertion vulnerability in
Samsung Open ...)
+ TODO: check
+CVE-2026-58306 (Heap-based buffer overflow vulnerability in Samsung Open
Source Escarg ...)
+ TODO: check
+CVE-2026-58305 (Access of resource using incompatible type ('type confusion')
vulnerab ...)
+ TODO: check
+CVE-2026-58304 (Out-of-bounds read, Out-of-bounds write vulnerability in
Samsung Open ...)
+ TODO: check
+CVE-2026-58303 (Stack-based buffer overflow vulnerability in Samsung Open
Source Escar ...)
+ TODO: check
+CVE-2026-58198 (ChatterBot is a machine learning, conversational dialog engine
for cre ...)
+ TODO: check
+CVE-2026-58125
+ REJECTED
+CVE-2026-57111 (Permissive Cross-Origin Resource Sharing (CORS) in the REST
API (helix ...)
+ TODO: check
+CVE-2026-56460 (HCL DevOps Deploy / HCL Launch could disclose sensitive
configurations ...)
+ TODO: check
+CVE-2026-56459 (HCL DevOps Deploy / HCL Launch is susceptible to sensitive
information ...)
+ TODO: check
+CVE-2026-56458 (HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS)
which coul ...)
+ TODO: check
+CVE-2026-56292 (A SQLi vulnerability in AcyMailing component < 10.11.1 for
Joomla was ...)
+ TODO: check
+CVE-2026-56291 (The Joomla extension Balbooa Forms is vulnerable to an
unauthenticated ...)
+ TODO: check
+CVE-2026-56289 (GNU patch is vulnerable to a denial of service (DoS) due to
improper v ...)
+ TODO: check
+CVE-2026-56288 (GNU patch is vulnerable to a NULL pointer dereference when
processing ...)
+ TODO: check
+CVE-2026-55590 (CakePHP Authentication is an authentication plugin for CakePHP
that ca ...)
+ TODO: check
+CVE-2026-55420 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-54801 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
+ TODO: check
+CVE-2026-54800 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
+ TODO: check
+CVE-2026-54799 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
+ TODO: check
+CVE-2026-54798 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
+ TODO: check
+CVE-2026-54695 (Pipecat is an open-source Python framework for building
real-time voic ...)
+ TODO: check
+CVE-2026-54005 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
+ TODO: check
+CVE-2026-54004 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
+ TODO: check
+CVE-2026-54003 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
+ TODO: check
+CVE-2026-54002 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
+ TODO: check
+CVE-2026-53987 (The Tag plugin for GLPI 11 before 2.14.4 stores the tag name
without H ...)
+ TODO: check
+CVE-2026-51606 (An improper input handling vulnerability in the RTSP service
of Tenda ...)
+ TODO: check
+CVE-2026-51605 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
+ TODO: check
+CVE-2026-51604 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
+ TODO: check
+CVE-2026-51603 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
+ TODO: check
+CVE-2026-51602 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
+ TODO: check
+CVE-2026-51601 (Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based
buffer overf ...)
+ TODO: check
+CVE-2026-51600 (Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the
Content-Lengt ...)
+ TODO: check
+CVE-2026-51599 (An insufficient input validation vulnerability in the RTSP
service of ...)
+ TODO: check
+CVE-2026-51598 (An input validation vulnerability in the RTSP service of
MERCURY MIPC2 ...)
+ TODO: check
+CVE-2026-51597 (MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does
not imp ...)
+ TODO: check
+CVE-2026-50644 (SOPlanning is vulnerable to SQL injection in the audit
retention confi ...)
+ TODO: check
+CVE-2026-50188 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
+ TODO: check
+CVE-2026-4653 (The Block, Suspend, Report for BuddyPress plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-4298 (The DSGVO All in one for WP plugin for WordPress is vulnerable
to Miss ...)
+ TODO: check
+CVE-2026-4275 (The Divi Torque Lite \u2013 Divi Theme, Divi Builder & Extra
Theme plu ...)
+ TODO: check
+CVE-2026-4256 (Improper neutralization of special elements used in an LDAP
query ('LD ...)
+ TODO: check
+CVE-2026-49276 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
+ TODO: check
+CVE-2026-49274 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
+ TODO: check
+CVE-2026-43752 (An authenticated administrator may be able to achieve
arbitrary code e ...)
+ TODO: check
+CVE-2026-33390 (An Incorrect Privilege Assignment vulnerability was discovered
in the ...)
+ TODO: check
+CVE-2026-31985 (When the upstream Guardian or CMC was configured in the Remote
Collect ...)
+ TODO: check
+CVE-2026-31984 (A denial-of-service vulnerability caused by unbounded resource
allocat ...)
+ TODO: check
+CVE-2026-31983 (A Missing Authentication vulnerability was discovered in the
SSH keys ...)
+ TODO: check
+CVE-2026-31982 (An Open Redirect vulnerability was discovered in the SAML
Single Sign- ...)
+ TODO: check
+CVE-2026-31981 (A Stored HTML Injection vulnerability was discovered in the
Diagram ta ...)
+ TODO: check
+CVE-2026-2342 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-1989 (Authorization bypass through User-Controlled key vulnerability
in PAVO ...)
+ TODO: check
+CVE-2026-1365 (Insertion of sensitive information into sent data vulnerability
in Say ...)
+ TODO: check
+CVE-2026-15308 (The incremental HTML parser (html.parser.HTMLParser) allows
for CPU de ...)
+ TODO: check
+CVE-2026-15204 (A vulnerability was detected in TOTOLINK X5000R
9.1.0cu.2415_B20250515 ...)
+ TODO: check
+CVE-2026-15202 (A security vulnerability has been detected in YzmCMS up to
7.5. Affect ...)
+ TODO: check
+CVE-2026-15195 (A weakness has been identified in apidevtools
json-schema-ref-parser u ...)
+ TODO: check
+CVE-2026-15194 (A security flaw has been discovered in Open5GS 2.7.7. This
affects the ...)
+ TODO: check
+CVE-2026-15193 (A vulnerability was determined in AidanPark openclaw-android
up to 0.4 ...)
+ TODO: check
+CVE-2026-15192 (A vulnerability has been found in mettle sendportal up to
3.0.1. This ...)
+ TODO: check
+CVE-2026-15191 (A flaw has been found in mettle sendportal up to 3.0.1. This
vulnerabi ...)
+ TODO: check
+CVE-2026-15190 (A vulnerability was detected in SourceCodester Simple and Nice
Shoppin ...)
+ TODO: check
+CVE-2026-15189 (A security vulnerability has been detected in aerostackdev
aerostack-m ...)
+ TODO: check
+CVE-2026-15188 (A weakness has been identified in manjurulhoque
django-job-portal up t ...)
+ TODO: check
+CVE-2026-15187 (A security flaw has been discovered in enquirer up to 2.4.1.
Affected ...)
+ TODO: check
+CVE-2026-15186 (A vulnerability was identified in macrozheng mall up to 1.0.3.
This im ...)
+ TODO: check
+CVE-2026-15185 (A vulnerability was determined in GPAC 26.03-DEV. This affects
the fun ...)
+ TODO: check
+CVE-2026-15184 (A vulnerability was found in GNU LibreDWG up to 0.13.4. The
impacted e ...)
+ TODO: check
+CVE-2026-15182 (A vulnerability has been found in GNU LibreDWG up to 0.13.4.
The affec ...)
+ TODO: check
+CVE-2026-15158 (The Blocksy Companion plugin for WordPress is vulnerable to
Arbitrary ...)
+ TODO: check
+CVE-2026-15000 (The Connect Contact Form 7 and Mailchimp plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2026-14372 (The Bit Form \u2013 Contact Form, Payment Forms, Multi Step
Forms, Cal ...)
+ TODO: check
+CVE-2026-14343 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-14342 (The Mail Mint \u2013 Email Marketing, Newsletter, Email
Automation & W ...)
+ TODO: check
+CVE-2026-14278
+ REJECTED
+CVE-2026-14261 (A vulnerability in the Xerte Online Tools allows for
authentication by ...)
+ TODO: check
+CVE-2026-14245 (The miniOrange OTP Login, Verification and SMS Notifications
plugin fo ...)
+ TODO: check
+CVE-2026-13771 (The Customer Reviews for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2026-13492 (The UsersWP plugin for WordPress is vulnerable to Arbitrary
File Delet ...)
+ TODO: check
+CVE-2026-13462 (PayRange Android app, version 7.0.7 and below, contains an SSL
bypass ...)
+ TODO: check
+CVE-2026-13461 (When coupled with the SSL bypass vulnerability, JavaScript can
be inje ...)
+ TODO: check
+CVE-2026-13450 (The GamiPress \u2013 Gamification plugin to reward points,
achievement ...)
+ TODO: check
+CVE-2026-13441 (The EventPrime \u2013 Events Calendar, Bookings and Tickets
plugin for ...)
+ TODO: check
+CVE-2026-13334 (The Mang Board WP plugin for WordPress is vulnerable to
Reflected Cros ...)
+ TODO: check
+CVE-2026-13253 (The Ultimate Post plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2026-13080 (The WPFunnels \u2013 Funnel Builder for WooCommerce with
Checkout & On ...)
+ TODO: check
+CVE-2026-13011 (The ERP: Complete HR, Accounting & CRM Suite with Recruitment
and WooC ...)
+ TODO: check
+CVE-2026-12879 (An Improper Input Validation vulnerability in BigQuery DAO in
Google C ...)
+ TODO: check
+CVE-2026-12593 (The implementation of an internalandundocumentedDashboardAPI
endpoint( ...)
+ TODO: check
+CVE-2026-12590 (Impact: In body-parser versions prior to 1.20.6 (1.x line) and
2.3.0 ( ...)
+ TODO: check
+CVE-2026-12433 (The Hydra Booking \u2013 Appointment Scheduling & Booking
Calendar plu ...)
+ TODO: check
+CVE-2026-12428 (The Blocks for ACF Fields plugin for WordPress is vulnerable
to unauth ...)
+ TODO: check
+CVE-2026-12418 (The User Frontend: AI Powered Frontend Posting, User
Directory, Profil ...)
+ TODO: check
+CVE-2026-12406 (The User Frontend: AI Powered Frontend Posting, User
Directory, Profil ...)
+ TODO: check
+CVE-2026-12170 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and
Marketing Auto ...)
+ TODO: check
+CVE-2026-12116 (A vulnerability in the Xerte Online Tools allows for RCE
through the a ...)
+ TODO: check
+CVE-2026-11404 (Cesanta Mongoose before 7.22 contains an out-of-bounds read in
the bui ...)
+ TODO: check
+CVE-2026-11359 (The Memberships and User Profiles for WooCommerce \u2013
ProfileGrid W ...)
+ TODO: check
+CVE-2026-0287 (Multiple denial of service vulnerabilities in Palo Alto
Networks PAN-O ...)
+ TODO: check
+CVE-2026-0286 (A command injection vulnerability in the management plane of
Palo Alto ...)
+ TODO: check
+CVE-2026-0285 (A server-side request forgery (SSRF) vulnerability in Palo Alto
Networ ...)
+ TODO: check
+CVE-2026-0284 (An XML injection vulnerability in the Large Scale VPN (LSVPN)
function ...)
+ TODO: check
+CVE-2026-0283 (An authentication bypass vulnerability in Large Scale VPN (
LSVPN) fun ...)
+ TODO: check
+CVE-2026-0282 (A file deletion vulnerability in Palo Alto Networks PAN-OS\xae
softwar ...)
+ TODO: check
+CVE-2026-0281 (An information disclosure vulnerability in Palo Alto Networks
PAN-OS\x ...)
+ TODO: check
+CVE-2026-0280 (An IPv6 packet processing vulnerability in the dataplane of
Palo Alto ...)
+ TODO: check
+CVE-2026-0279 (Multiple cross site scripting vulnerabilities in the
User-ID\u2122 Aut ...)
+ TODO: check
+CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information
stored in ...)
+ TODO: check
CVE-2026-57825
- opam 2.5.2-1
NOTE: https://github.com/ocaml/opam/releases/tag/2.5.2
@@ -24754,6 +25086,7 @@ CVE-2026-49837
[bullseye] - gobgp <postponed> (Limited support)
NOTE:
https://github.com/osrg/gobgp/security/advisories/GHSA-gjrg-jjr3-56cm
CVE-2026-8916 (Out-of-bounds write vulnerability in Samsung Open Source
rlottie allow ...)
+ {DLA-4675-1}
- rlottie 0.1+dfsg-3 (bug #1138916)
NOTE: https://github.com/Samsung/rlottie/pull/589
NOTE:
https://github.com/Samsung/rlottie/commit/ffe60942892c3d68b14560761ea920d360ef51bb
@@ -24867,23 +25200,27 @@ CVE-2026-47707 (Strawberry GraphQL is a library for
creating GraphQL APIs. In ve
CVE-2026-47706 (Strawberry GraphQL is a library for creating GraphQL APIs. In
versions ...)
NOT-FOR-US: Strawberry GraphQL
CVE-2026-47320 (Access of uninitialized pointer, Uncontrolled Recursion
vulnerability ...)
+ {DLA-4675-1}
- rlottie 0.1+dfsg-5 (bug #1138920)
[trixie] - rlottie <no-dsa> (Minor issue)
[bookworm] - rlottie <no-dsa> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/593
NOTE:
https://github.com/Samsung/rlottie/commit/bf689b72b8482c5ea674235854bd11b6d1b42588
CVE-2026-47319 (Memory allocation with excessive size value vulnerability in
Samsung O ...)
+ {DLA-4675-1}
- rlottie 0.1+dfsg-5 (bug #1138919)
[trixie] - rlottie <no-dsa> (Minor issue)
[bookworm] - rlottie <no-dsa> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/588
NOTE:
https://github.com/Samsung/rlottie/commit/5def9f402b1cb5b09f52655e414f0afba4ffd959
CVE-2026-47318 (Stack-based buffer overflow vulnerability in Samsung Open
Source rlott ...)
+ {DLA-4675-1}
- rlottie 0.1+dfsg-3 (bug #1138918)
NOTE: https://github.com/Samsung/rlottie/pull/582
NOTE:
https://github.com/Samsung/rlottie/commit/9e4f354f6ebdf294738ef7abf1728f40889c2c51
NOTE: Addressed by earlier Debian-specific patch
Fortify-FreeType-raster.patch (see #1138916)
CVE-2026-47306 (Uncontrolled Recursion vulnerability in Samsung Open Source
rlottie al ...)
+ {DLA-4675-1}
- rlottie 0.1+dfsg-3 (bug #1138917)
NOTE: https://github.com/Samsung/rlottie/pull/585
NOTE:
https://github.com/Samsung/rlottie/commit/1cda06022e53206c230fb0c6e38b2adaea729a5d
@@ -25081,6 +25418,7 @@ CVE-2026-10737 (The SP Project & Document Manager
plugin for WordPress is vulner
CVE-2026-10597 (OMICARD EDM developed by ITPison has a Insecure Direct Object
Referenc ...)
NOT-FOR-US: ITPison
CVE-2026-10305 (Out-of-bounds read vulnerability in Samsung Open Source
rlottie allows ...)
+ {DLA-4675-1}
- rlottie 0.1+dfsg-5 (bug #1139179)
[trixie] - rlottie <no-dsa> (Minor issue)
[bookworm] - rlottie <no-dsa> (Minor issue)
@@ -50200,19 +50538,19 @@ CVE-2026-40560 (Starman versions before 0.4018 for
Perl allows HTTP Request Smug
[bullseye] - starman <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39426182/
NOTE: Fixed by:
https://github.com/miyagawa/Starman/commit/ced205f0805027e9d9c0731f8c40b104220604ed
(0.4018)
-CVE-2026-42486
+CVE-2026-42486 ([This CNA information record relates to multiple CVEs; the
text explai ...)
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-23562
+CVE-2026-23562 ([This CNA information record relates to multiple CVEs; the
text explai ...)
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-23561
+CVE-2026-23561 ([This CNA information record relates to multiple CVEs; the
text explai ...)
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-23560
+CVE-2026-23560 ([This CNA information record relates to multiple CVEs; the
text explai ...)
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-23559
+CVE-2026-23559 ([This CNA information record relates to multiple CVEs; the
text explai ...)
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-489.html
CVE-2026-7324 (Memory safety bugs present in Thunderbird 150.0.0. Some of
these bugs ...)
@@ -50437,7 +50775,7 @@ CVE-2026-6691 (The MongoDB C Driver's Cyrus SASL
integration performs unsafe str
NOTE: https://jira.mongodb.org/browse/CDRIVER-6134
NOTE:
https://github.com/mongodb/mongo-c-driver/commit/b4984965877d559862e225beba09cb4e9d4a56a6
(2.2.0)
NOTE:
https://github.com/mongodb/mongo-c-driver/commit/d9c26f49e75d3de746a690db9c81ff5b4f6e21b0
(2.2.0)
-CVE-2026-23556
+CVE-2026-23556 (When oxenstored is tearing a domain down, the node data is
cleaned up ...)
- xen <unfixed>
[trixie] - xen <no-dsa> (Minor issue)
[bookworm] - xen <no-dsa> (Minor issue)
@@ -74384,7 +74722,7 @@ CVE-2026-3888 (Local privilege escalation in snapd on
Linux allows local attacke
NOTE: https://www.openwall.com/lists/oss-security/2026/03/17/8
NOTE:
https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt
NOTE: Fixed by:
https://github.com/canonical/snapd/commit/5400bfdf1e4c3f861826a215417234420470cb25
(2.76)
-CVE-2026-3564 (A condition in ScreenConnect may allow an actor with access to
server- ...)
+CVE-2026-3564 (A condition in the ScreenConnect server component may allow an
actor w ...)
NOT-FOR-US: ScreenConnect
CVE-2026-3563 (Improper input validation in the apps and endpoints
configuration in P ...)
NOT-FOR-US: Devolutions
@@ -170368,7 +170706,7 @@ CVE-2026-23553 (In the context switch logic Xen
attempts to skip an IBPB in the
[bookworm] - xen <postponed> (Minor issue, fix along with next Xen
update)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-479.html
-CVE-2025-58151 [varstored: TOCTOU issues with mapped guest memory]
+CVE-2025-58151 (varstored is a component of the Xapi toolstack handling UEFI
Variables ...)
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-478.html
CVE-2025-58150 (Shadow mode tracing code uses a set of per-CPU variables to
avoid cumb ...)
@@ -170392,7 +170730,7 @@ CVE-2025-58147 ([This CNA information record relates
to multiple CVEs; the text
- xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-475.html
-CVE-2025-58146
+CVE-2025-58146 (There are multiple issues. 1. Updates to the XAPI database
sanitise ...)
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-474.html
CVE-2025-58144 ([This CNA information record relates to multiple CVEs; the
text explai ...)
@@ -174192,7 +174530,7 @@ CVE-2025-45331 (brplot v420.69.1 contains a Null
Pointer Dereference (NPD) vulne
NOT-FOR-US: brplot
CVE-2025-44635 (There are multiple unauthorized remote command execution
vulnerabiliti ...)
NOT-FOR-US: H3C
-CVE-2025-44203 (In HotelDruid 3.0.7, an unauthenticated attacker can exploit
verbose S ...)
+CVE-2025-44203 (In HotelDruid 3.0.0 and 3.0.7, the unauthenticated
database-setup endp ...)
- hoteldruid 3.0.8-1 (bug #1108154)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <no-dsa> (Minor issue)
@@ -181403,13 +181741,13 @@ CVE-2025-4598 (A vulnerability was found in
systemd-coredump. This flaw allows a
NOTE: which was introduced as part of the fix for CVE-2022-4415.
CVE-2025-5054 (Race condition in Canonical apport up to and including 2.32.0
allows a ...)
NOT-FOR-US: Apport
-CVE-2025-27464
+CVE-2025-27464 ([This CNA information record relates to multiple CVEs; the
text explai ...)
NOT-FOR-US: Windows XenBus WinPVDriver
NOTE: https://xenbits.xen.org/xsa/advisory-468.html
-CVE-2025-27463
+CVE-2025-27463 ([This CNA information record relates to multiple CVEs; the
text explai ...)
NOT-FOR-US: Windows XenIface WinPVDriver
NOTE: https://xenbits.xen.org/xsa/advisory-468.html
-CVE-2025-27462
+CVE-2025-27462 ([This CNA information record relates to multiple CVEs; the
text explai ...)
NOT-FOR-US: Windows XenCons WinPVDriver
NOTE: https://xenbits.xen.org/xsa/advisory-468.html
CVE-2025-5276 (Versions of the package mcp-markdownify-server before 1.0.0 are
vulner ...)
@@ -367946,17 +368284,17 @@ CVE-2023-2380 (A vulnerability, which was
classified as problematic, was found i
NOT-FOR-US: Netgear
CVE-2023-2379 (A vulnerability classified as critical has been found in
Ubiquiti Edge ...)
NOT-FOR-US: Ubiquiti
-CVE-2023-2378 (A vulnerability was found in Ubiquiti EdgeRouter X up to
2.0.9-hotfix. ...)
+CVE-2023-2378 (A flaw has been found in Ubiquiti EdgeRouter X up to
2.0.9-hotfix.6. T ...)
NOT-FOR-US: Ubiquiti
-CVE-2023-2377 (A vulnerability was found in Ubiquiti EdgeRouter X up to
2.0.9-hotfix. ...)
+CVE-2023-2377 (A vulnerability was detected in Ubiquiti EdgeRouter X up to
2.0.9-hotf ...)
NOT-FOR-US: Ubiquiti
-CVE-2023-2376 (A vulnerability was found in Ubiquiti EdgeRouter X up to
2.0.9-hotfix. ...)
+CVE-2023-2376 (A security vulnerability has been detected in Ubiquiti
EdgeRouter X up ...)
NOT-FOR-US: Ubiquiti
-CVE-2023-2375 (A vulnerability was found in Ubiquiti EdgeRouter X up to
2.0.9-hotfix. ...)
+CVE-2023-2375 (A weakness has been identified in Ubiquiti EdgeRouter X up to
2.0.9-ho ...)
NOT-FOR-US: Ubiquiti
-CVE-2023-2374 (A vulnerability has been found in Ubiquiti EdgeRouter X up to
2.0.9-ho ...)
+CVE-2023-2374 (A security flaw has been discovered in Ubiquiti EdgeRouter X up
to 2.0 ...)
NOT-FOR-US: Ubiquiti
-CVE-2023-2373 (A vulnerability, which was classified as critical, was found in
Ubiqui ...)
+CVE-2023-2373 (A vulnerability was identified in Ubiquiti EdgeRouter X up to
2.0.9-ho ...)
NOT-FOR-US: Ubiquiti
CVE-2023-2372 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: SourceCodester Online DJ Management System
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef2ee18e6b66c086cd674ee19472afc8d09961ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef2ee18e6b66c086cd674ee19472afc8d09961ea
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits