Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ef2ee18e by security tracker role at 2026-07-09T19:13:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,335 @@
+CVE-2026-9253 (The WP Cost Estimation & Payment Forms Builder (E&P Forms) 
plugin for  ...)
+       TODO: check
+CVE-2026-9240 (The Colissimo Officiel : M\xe9thodes de livraison pour 
WooCommerce plu ...)
+       TODO: check
+CVE-2026-9237 (The Employee, Leave and Recruitment Management System \u2013 
Crew HRM  ...)
+       TODO: check
+CVE-2026-9235 (The DHL eCommerce (Benelux) for WooCommerce plugin for 
WordPress is vu ...)
+       TODO: check
+CVE-2026-9028 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-9027 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-9021 (The Easy Invoice plugin for WordPress is vulnerable to Missing 
Authori ...)
+       TODO: check
+CVE-2026-8996 (The Backup and Staging by WP Time Capsule plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-8848 (The Popup Maker \u2013 Boost Sales, Conversions, Optins, 
Subscribers w ...)
+       TODO: check
+CVE-2026-7558 (The Age Verification & Identity Verification by Token of Trust 
plugin  ...)
+       TODO: check
+CVE-2026-6910 (The Bookero.pl \u2013 system rezerwacji online plugin for 
WordPress is ...)
+       TODO: check
+CVE-2026-61474 (An improper authorization check in MISP\u2019s attribute 
creation endp ...)
+       TODO: check
+CVE-2026-61344 (The Superior Court of California Hearing Reminder Service at 
https://w ...)
+       TODO: check
+CVE-2026-61343 (LibreBooking's email template editor save action passes the 
submitted  ...)
+       TODO: check
+CVE-2026-60109 (Zeek before 8.0.9 contains a null pointer dereference 
vulnerability in ...)
+       TODO: check
+CVE-2026-60108 (Zeek before 8.0.9 contains an uncontrolled memory consumption 
vulnerab ...)
+       TODO: check
+CVE-2026-60095 (Vinchin Backup & Recovery through 9.0.0.86562 contains a stack 
buffer  ...)
+       TODO: check
+CVE-2026-60094 (Vinchin Backup & Recovery through 9.0.0.86562 contains a heap 
buffer o ...)
+       TODO: check
+CVE-2026-5955 (Improper neutralization of special elements used in an SQL 
command ('S ...)
+       TODO: check
+CVE-2026-5793 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-5005 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-59827 (Metabase is an open-source business intelligence and embedded 
analytic ...)
+       TODO: check
+CVE-2026-59826 (Metabase is an open-source business intelligence and embedded 
analytic ...)
+       TODO: check
+CVE-2026-59817 (Ghost is a Node.js content management system. From 6.27.0 
before 6.44. ...)
+       TODO: check
+CVE-2026-59734 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-59726 (Ruflo is an agent meta-harness for Claude Code and Codex. 
Prior to 3.1 ...)
+       TODO: check
+CVE-2026-59721 (Hoppscotch is an open source API development ecosystem. Prior 
to 2026. ...)
+       TODO: check
+CVE-2026-59720 (Hoppscotch is an open source API development ecosystem. Prior 
to 2026. ...)
+       TODO: check
+CVE-2026-59715 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59692 (A stack buffer overflow vulnerability was found in GStreamer's 
DTLS pl ...)
+       TODO: check
+CVE-2026-59691 (A heap buffer overflow vulnerability was found in GStreamer's 
rfbsrc p ...)
+       TODO: check
+CVE-2026-59269 (A user authenticating to Kubernetes clusters via the Pinniped 
Supervis ...)
+       TODO: check
+CVE-2026-59227 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59226 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59225 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59224 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59223 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59222 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59221 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59220 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59219 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59218 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59217 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59216 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59215 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59214 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59213 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59212 (Open WebUI is an extensible, feature-rich, and user-friendly 
self-host ...)
+       TODO: check
+CVE-2026-59209 (n8n is an open source workflow automation platform. Prior to 
1.123.61, ...)
+       TODO: check
+CVE-2026-59208 (n8n is an open source workflow automation platform. Prior to 
2.27.4 an ...)
+       TODO: check
+CVE-2026-59207 (n8n is an open source workflow automation platform. Prior to 
2.27.4 an ...)
+       TODO: check
+CVE-2026-59206 (n8n is an open source workflow automation platform. Prior to 
1.123.61, ...)
+       TODO: check
+CVE-2026-59149 (Mockoon provides way to design and run mock APIs. Prior to 
9.7.0, a FI ...)
+       TODO: check
+CVE-2026-59148 (Mockoon provides way to design and run mock APIs. Prior to 
9.7.0, Mock ...)
+       TODO: check
+CVE-2026-58459 (gpsd through release-3.27.5, fixed at commit 4c06658, contains 
a comma ...)
+       TODO: check
+CVE-2026-58378 (Allwinner H616 TV Box TV98 has ADB enabled and exposed to the 
network  ...)
+       TODO: check
+CVE-2026-58307 (Out-of-bounds read, Reachable assertion vulnerability in 
Samsung Open  ...)
+       TODO: check
+CVE-2026-58306 (Heap-based buffer overflow vulnerability in Samsung Open 
Source Escarg ...)
+       TODO: check
+CVE-2026-58305 (Access of resource using incompatible type ('type confusion') 
vulnerab ...)
+       TODO: check
+CVE-2026-58304 (Out-of-bounds read, Out-of-bounds write vulnerability in 
Samsung Open  ...)
+       TODO: check
+CVE-2026-58303 (Stack-based buffer overflow vulnerability in Samsung Open 
Source Escar ...)
+       TODO: check
+CVE-2026-58198 (ChatterBot is a machine learning, conversational dialog engine 
for cre ...)
+       TODO: check
+CVE-2026-58125
+       REJECTED
+CVE-2026-57111 (Permissive Cross-Origin Resource Sharing (CORS) in the REST 
API (helix ...)
+       TODO: check
+CVE-2026-56460 (HCL DevOps Deploy / HCL Launch could disclose sensitive 
configurations ...)
+       TODO: check
+CVE-2026-56459 (HCL DevOps Deploy / HCL Launch is susceptible to sensitive 
information ...)
+       TODO: check
+CVE-2026-56458 (HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) 
which coul ...)
+       TODO: check
+CVE-2026-56292 (A SQLi vulnerability in AcyMailing component < 10.11.1 for 
Joomla was  ...)
+       TODO: check
+CVE-2026-56291 (The Joomla extension Balbooa Forms is vulnerable to an 
unauthenticated ...)
+       TODO: check
+CVE-2026-56289 (GNU patch is vulnerable to a denial of service (DoS) due to 
improper v ...)
+       TODO: check
+CVE-2026-56288 (GNU patch is vulnerable to a NULL pointer dereference when 
processing  ...)
+       TODO: check
+CVE-2026-55590 (CakePHP Authentication is an authentication plugin for CakePHP 
that ca ...)
+       TODO: check
+CVE-2026-55420 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-54801 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
+       TODO: check
+CVE-2026-54800 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
+       TODO: check
+CVE-2026-54799 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
+       TODO: check
+CVE-2026-54798 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
+       TODO: check
+CVE-2026-54695 (Pipecat is an open-source Python framework for building 
real-time voic ...)
+       TODO: check
+CVE-2026-54005 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
+       TODO: check
+CVE-2026-54004 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
+       TODO: check
+CVE-2026-54003 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
+       TODO: check
+CVE-2026-54002 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
+       TODO: check
+CVE-2026-53987 (The Tag plugin for GLPI 11 before 2.14.4 stores the tag name 
without H ...)
+       TODO: check
+CVE-2026-51606 (An improper input handling vulnerability in the RTSP service 
of Tenda  ...)
+       TODO: check
+CVE-2026-51605 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
+       TODO: check
+CVE-2026-51604 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
+       TODO: check
+CVE-2026-51603 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
+       TODO: check
+CVE-2026-51602 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
+       TODO: check
+CVE-2026-51601 (Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based 
buffer overf ...)
+       TODO: check
+CVE-2026-51600 (Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the 
Content-Lengt ...)
+       TODO: check
+CVE-2026-51599 (An insufficient input validation vulnerability in the RTSP 
service of  ...)
+       TODO: check
+CVE-2026-51598 (An input validation vulnerability in the RTSP service of 
MERCURY MIPC2 ...)
+       TODO: check
+CVE-2026-51597 (MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does 
not imp ...)
+       TODO: check
+CVE-2026-50644 (SOPlanning is vulnerable to SQL injection in the audit 
retention confi ...)
+       TODO: check
+CVE-2026-50188 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
+       TODO: check
+CVE-2026-4653 (The Block, Suspend, Report for BuddyPress plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-4298 (The DSGVO All in one for WP plugin for WordPress is vulnerable 
to Miss ...)
+       TODO: check
+CVE-2026-4275 (The Divi Torque Lite \u2013 Divi Theme, Divi Builder & Extra 
Theme plu ...)
+       TODO: check
+CVE-2026-4256 (Improper neutralization of special elements used in an LDAP 
query ('LD ...)
+       TODO: check
+CVE-2026-49276 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
+       TODO: check
+CVE-2026-49274 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
+       TODO: check
+CVE-2026-43752 (An authenticated administrator may be able to achieve 
arbitrary code e ...)
+       TODO: check
+CVE-2026-33390 (An Incorrect Privilege Assignment vulnerability was discovered 
in the  ...)
+       TODO: check
+CVE-2026-31985 (When the upstream Guardian or CMC was configured in the Remote 
Collect ...)
+       TODO: check
+CVE-2026-31984 (A denial-of-service vulnerability caused by unbounded resource 
allocat ...)
+       TODO: check
+CVE-2026-31983 (A Missing Authentication vulnerability was discovered in the 
SSH keys  ...)
+       TODO: check
+CVE-2026-31982 (An Open Redirect vulnerability was discovered in the SAML 
Single Sign- ...)
+       TODO: check
+CVE-2026-31981 (A Stored HTML Injection vulnerability was discovered in the 
Diagram ta ...)
+       TODO: check
+CVE-2026-2342 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-1989 (Authorization bypass through User-Controlled key vulnerability 
in PAVO ...)
+       TODO: check
+CVE-2026-1365 (Insertion of sensitive information into sent data vulnerability 
in Say ...)
+       TODO: check
+CVE-2026-15308 (The incremental HTML parser (html.parser.HTMLParser) allows 
for CPU de ...)
+       TODO: check
+CVE-2026-15204 (A vulnerability was detected in TOTOLINK X5000R 
9.1.0cu.2415_B20250515 ...)
+       TODO: check
+CVE-2026-15202 (A security vulnerability has been detected in YzmCMS up to 
7.5. Affect ...)
+       TODO: check
+CVE-2026-15195 (A weakness has been identified in apidevtools 
json-schema-ref-parser u ...)
+       TODO: check
+CVE-2026-15194 (A security flaw has been discovered in Open5GS 2.7.7. This 
affects the ...)
+       TODO: check
+CVE-2026-15193 (A vulnerability was determined in AidanPark openclaw-android 
up to 0.4 ...)
+       TODO: check
+CVE-2026-15192 (A vulnerability has been found in mettle sendportal up to 
3.0.1. This  ...)
+       TODO: check
+CVE-2026-15191 (A flaw has been found in mettle sendportal up to 3.0.1. This 
vulnerabi ...)
+       TODO: check
+CVE-2026-15190 (A vulnerability was detected in SourceCodester Simple and Nice 
Shoppin ...)
+       TODO: check
+CVE-2026-15189 (A security vulnerability has been detected in aerostackdev 
aerostack-m ...)
+       TODO: check
+CVE-2026-15188 (A weakness has been identified in manjurulhoque 
django-job-portal up t ...)
+       TODO: check
+CVE-2026-15187 (A security flaw has been discovered in enquirer up to 2.4.1. 
Affected  ...)
+       TODO: check
+CVE-2026-15186 (A vulnerability was identified in macrozheng mall up to 1.0.3. 
This im ...)
+       TODO: check
+CVE-2026-15185 (A vulnerability was determined in GPAC 26.03-DEV. This affects 
the fun ...)
+       TODO: check
+CVE-2026-15184 (A vulnerability was found in GNU LibreDWG up to 0.13.4. The 
impacted e ...)
+       TODO: check
+CVE-2026-15182 (A vulnerability has been found in GNU LibreDWG up to 0.13.4. 
The affec ...)
+       TODO: check
+CVE-2026-15158 (The Blocksy Companion plugin for WordPress is vulnerable to 
Arbitrary  ...)
+       TODO: check
+CVE-2026-15000 (The Connect Contact Form 7 and Mailchimp plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2026-14372 (The Bit Form \u2013 Contact Form, Payment Forms, Multi Step 
Forms, Cal ...)
+       TODO: check
+CVE-2026-14343 (The Download Manager plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2026-14342 (The Mail Mint \u2013 Email Marketing, Newsletter, Email 
Automation & W ...)
+       TODO: check
+CVE-2026-14278
+       REJECTED
+CVE-2026-14261 (A vulnerability in the Xerte Online Tools allows for 
authentication by ...)
+       TODO: check
+CVE-2026-14245 (The miniOrange OTP Login, Verification and SMS Notifications 
plugin fo ...)
+       TODO: check
+CVE-2026-13771 (The Customer Reviews for WooCommerce plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2026-13492 (The UsersWP plugin for WordPress is vulnerable to Arbitrary 
File Delet ...)
+       TODO: check
+CVE-2026-13462 (PayRange Android app, version 7.0.7 and below, contains an SSL 
bypass  ...)
+       TODO: check
+CVE-2026-13461 (When coupled with the SSL bypass vulnerability, JavaScript can 
be inje ...)
+       TODO: check
+CVE-2026-13450 (The GamiPress \u2013 Gamification plugin to reward points, 
achievement ...)
+       TODO: check
+CVE-2026-13441 (The EventPrime \u2013 Events Calendar, Bookings and Tickets 
plugin for ...)
+       TODO: check
+CVE-2026-13334 (The Mang Board WP plugin for WordPress is vulnerable to 
Reflected Cros ...)
+       TODO: check
+CVE-2026-13253 (The Ultimate Post plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2026-13080 (The WPFunnels \u2013 Funnel Builder for WooCommerce with 
Checkout & On ...)
+       TODO: check
+CVE-2026-13011 (The ERP: Complete HR, Accounting & CRM Suite with Recruitment 
and WooC ...)
+       TODO: check
+CVE-2026-12879 (An Improper Input Validation vulnerability in BigQuery DAO in 
Google C ...)
+       TODO: check
+CVE-2026-12593 (The implementation of an internalandundocumentedDashboardAPI 
endpoint( ...)
+       TODO: check
+CVE-2026-12590 (Impact: In body-parser versions prior to 1.20.6 (1.x line) and 
2.3.0 ( ...)
+       TODO: check
+CVE-2026-12433 (The Hydra Booking \u2013 Appointment Scheduling & Booking 
Calendar plu ...)
+       TODO: check
+CVE-2026-12428 (The Blocks for ACF Fields plugin for WordPress is vulnerable 
to unauth ...)
+       TODO: check
+CVE-2026-12418 (The User Frontend: AI Powered Frontend Posting, User 
Directory, Profil ...)
+       TODO: check
+CVE-2026-12406 (The User Frontend: AI Powered Frontend Posting, User 
Directory, Profil ...)
+       TODO: check
+CVE-2026-12170 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and 
Marketing Auto ...)
+       TODO: check
+CVE-2026-12116 (A vulnerability in the Xerte Online Tools allows for RCE 
through the a ...)
+       TODO: check
+CVE-2026-11404 (Cesanta Mongoose before 7.22 contains an out-of-bounds read in 
the bui ...)
+       TODO: check
+CVE-2026-11359 (The Memberships and User Profiles for WooCommerce \u2013 
ProfileGrid W ...)
+       TODO: check
+CVE-2026-0287 (Multiple denial of service vulnerabilities in Palo Alto 
Networks PAN-O ...)
+       TODO: check
+CVE-2026-0286 (A command injection vulnerability in the management plane of 
Palo Alto ...)
+       TODO: check
+CVE-2026-0285 (A server-side request forgery (SSRF) vulnerability in Palo Alto 
Networ ...)
+       TODO: check
+CVE-2026-0284 (An XML injection vulnerability in the Large Scale VPN (LSVPN) 
function ...)
+       TODO: check
+CVE-2026-0283 (An authentication bypass vulnerability in Large Scale VPN ( 
LSVPN) fun ...)
+       TODO: check
+CVE-2026-0282 (A file deletion vulnerability in Palo Alto Networks PAN-OS\xae 
softwar ...)
+       TODO: check
+CVE-2026-0281 (An information disclosure vulnerability in Palo Alto Networks 
PAN-OS\x ...)
+       TODO: check
+CVE-2026-0280 (An IPv6 packet processing vulnerability in the dataplane of 
Palo Alto  ...)
+       TODO: check
+CVE-2026-0279 (Multiple cross site scripting vulnerabilities in the 
User-ID\u2122 Aut ...)
+       TODO: check
+CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information 
stored in ...)
+       TODO: check
 CVE-2026-57825
        - opam 2.5.2-1
        NOTE: https://github.com/ocaml/opam/releases/tag/2.5.2
@@ -24754,6 +25086,7 @@ CVE-2026-49837
        [bullseye] - gobgp <postponed> (Limited support)
        NOTE: 
https://github.com/osrg/gobgp/security/advisories/GHSA-gjrg-jjr3-56cm
 CVE-2026-8916 (Out-of-bounds write vulnerability in Samsung Open Source 
rlottie allow ...)
+       {DLA-4675-1}
        - rlottie 0.1+dfsg-3 (bug #1138916)
        NOTE: https://github.com/Samsung/rlottie/pull/589
        NOTE: 
https://github.com/Samsung/rlottie/commit/ffe60942892c3d68b14560761ea920d360ef51bb
@@ -24867,23 +25200,27 @@ CVE-2026-47707 (Strawberry GraphQL is a library for 
creating GraphQL APIs. In ve
 CVE-2026-47706 (Strawberry GraphQL is a library for creating GraphQL APIs. In 
versions ...)
        NOT-FOR-US: Strawberry GraphQL
 CVE-2026-47320 (Access of uninitialized pointer, Uncontrolled Recursion 
vulnerability  ...)
+       {DLA-4675-1}
        - rlottie 0.1+dfsg-5 (bug #1138920)
        [trixie] - rlottie <no-dsa> (Minor issue)
        [bookworm] - rlottie <no-dsa> (Minor issue)
        NOTE: https://github.com/Samsung/rlottie/pull/593
        NOTE: 
https://github.com/Samsung/rlottie/commit/bf689b72b8482c5ea674235854bd11b6d1b42588
 CVE-2026-47319 (Memory allocation with excessive size value vulnerability in 
Samsung O ...)
+       {DLA-4675-1}
        - rlottie 0.1+dfsg-5 (bug #1138919)
        [trixie] - rlottie <no-dsa> (Minor issue)
        [bookworm] - rlottie <no-dsa> (Minor issue)
        NOTE: https://github.com/Samsung/rlottie/pull/588
        NOTE: 
https://github.com/Samsung/rlottie/commit/5def9f402b1cb5b09f52655e414f0afba4ffd959
 CVE-2026-47318 (Stack-based buffer overflow vulnerability in Samsung Open 
Source rlott ...)
+       {DLA-4675-1}
        - rlottie 0.1+dfsg-3 (bug #1138918)
        NOTE: https://github.com/Samsung/rlottie/pull/582
        NOTE: 
https://github.com/Samsung/rlottie/commit/9e4f354f6ebdf294738ef7abf1728f40889c2c51
        NOTE: Addressed by earlier Debian-specific patch 
Fortify-FreeType-raster.patch (see #1138916)
 CVE-2026-47306 (Uncontrolled Recursion vulnerability in Samsung Open Source 
rlottie al ...)
+       {DLA-4675-1}
        - rlottie 0.1+dfsg-3 (bug #1138917)
        NOTE: https://github.com/Samsung/rlottie/pull/585
        NOTE: 
https://github.com/Samsung/rlottie/commit/1cda06022e53206c230fb0c6e38b2adaea729a5d
@@ -25081,6 +25418,7 @@ CVE-2026-10737 (The SP Project & Document Manager 
plugin for WordPress is vulner
 CVE-2026-10597 (OMICARD EDM developed by ITPison has a Insecure Direct Object 
Referenc ...)
        NOT-FOR-US: ITPison
 CVE-2026-10305 (Out-of-bounds read vulnerability in Samsung Open Source 
rlottie allows ...)
+       {DLA-4675-1}
        - rlottie 0.1+dfsg-5 (bug #1139179)
        [trixie] - rlottie <no-dsa> (Minor issue)
        [bookworm] - rlottie <no-dsa> (Minor issue)
@@ -50200,19 +50538,19 @@ CVE-2026-40560 (Starman versions before 0.4018 for 
Perl allows HTTP Request Smug
        [bullseye] - starman <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/39426182/
        NOTE: Fixed by: 
https://github.com/miyagawa/Starman/commit/ced205f0805027e9d9c0731f8c40b104220604ed
 (0.4018)
-CVE-2026-42486
+CVE-2026-42486 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-23562
+CVE-2026-23562 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-23561
+CVE-2026-23561 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-23560
+CVE-2026-23560 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-23559
+CVE-2026-23559 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-489.html
 CVE-2026-7324 (Memory safety bugs present in Thunderbird 150.0.0. Some of 
these bugs  ...)
@@ -50437,7 +50775,7 @@ CVE-2026-6691 (The MongoDB C Driver's Cyrus SASL 
integration performs unsafe str
        NOTE: https://jira.mongodb.org/browse/CDRIVER-6134
        NOTE: 
https://github.com/mongodb/mongo-c-driver/commit/b4984965877d559862e225beba09cb4e9d4a56a6
 (2.2.0)
        NOTE: 
https://github.com/mongodb/mongo-c-driver/commit/d9c26f49e75d3de746a690db9c81ff5b4f6e21b0
 (2.2.0)
-CVE-2026-23556
+CVE-2026-23556 (When oxenstored is tearing a domain down, the node data is 
cleaned up  ...)
        - xen <unfixed>
        [trixie] - xen <no-dsa> (Minor issue)
        [bookworm] - xen <no-dsa> (Minor issue)
@@ -74384,7 +74722,7 @@ CVE-2026-3888 (Local privilege escalation in snapd on 
Linux allows local attacke
        NOTE: https://www.openwall.com/lists/oss-security/2026/03/17/8
        NOTE: 
https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt
        NOTE: Fixed by: 
https://github.com/canonical/snapd/commit/5400bfdf1e4c3f861826a215417234420470cb25
 (2.76)
-CVE-2026-3564 (A condition in ScreenConnect may allow an actor with access to 
server- ...)
+CVE-2026-3564 (A condition in the ScreenConnect server component may allow an 
actor w ...)
        NOT-FOR-US: ScreenConnect
 CVE-2026-3563 (Improper input validation in the apps and endpoints 
configuration in P ...)
        NOT-FOR-US: Devolutions
@@ -170368,7 +170706,7 @@ CVE-2026-23553 (In the context switch logic Xen 
attempts to skip an IBPB in the
        [bookworm] - xen <postponed> (Minor issue, fix along with next Xen 
update)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        NOTE: https://xenbits.xen.org/xsa/advisory-479.html
-CVE-2025-58151 [varstored: TOCTOU issues with mapped guest memory]
+CVE-2025-58151 (varstored is a component of the Xapi toolstack handling UEFI 
Variables ...)
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-478.html
 CVE-2025-58150 (Shadow mode tracing code uses a set of per-CPU variables to 
avoid cumb ...)
@@ -170392,7 +170730,7 @@ CVE-2025-58147 ([This CNA information record relates 
to multiple CVEs; the text
        - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        NOTE: https://xenbits.xen.org/xsa/advisory-475.html
-CVE-2025-58146
+CVE-2025-58146 (There are multiple issues.   1. Updates to the XAPI database 
sanitise  ...)
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-474.html
 CVE-2025-58144 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
@@ -174192,7 +174530,7 @@ CVE-2025-45331 (brplot v420.69.1 contains a Null 
Pointer Dereference (NPD) vulne
        NOT-FOR-US: brplot
 CVE-2025-44635 (There are multiple unauthorized remote command execution 
vulnerabiliti ...)
        NOT-FOR-US: H3C
-CVE-2025-44203 (In HotelDruid 3.0.7, an unauthenticated attacker can exploit 
verbose S ...)
+CVE-2025-44203 (In HotelDruid 3.0.0 and 3.0.7, the unauthenticated 
database-setup endp ...)
        - hoteldruid 3.0.8-1 (bug #1108154)
        [bookworm] - hoteldruid <no-dsa> (Minor issue)
        [bullseye] - hoteldruid <no-dsa> (Minor issue)
@@ -181403,13 +181741,13 @@ CVE-2025-4598 (A vulnerability was found in 
systemd-coredump. This flaw allows a
        NOTE: which was introduced as part of the fix for CVE-2022-4415.
 CVE-2025-5054 (Race condition in Canonical apport up to and including 2.32.0 
allows a ...)
        NOT-FOR-US: Apport
-CVE-2025-27464
+CVE-2025-27464 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
        NOT-FOR-US: Windows XenBus WinPVDriver
        NOTE: https://xenbits.xen.org/xsa/advisory-468.html
-CVE-2025-27463
+CVE-2025-27463 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
        NOT-FOR-US: Windows XenIface WinPVDriver
        NOTE: https://xenbits.xen.org/xsa/advisory-468.html
-CVE-2025-27462
+CVE-2025-27462 ([This CNA information record relates to multiple CVEs; the 
text explai ...)
        NOT-FOR-US: Windows XenCons WinPVDriver
        NOTE: https://xenbits.xen.org/xsa/advisory-468.html
 CVE-2025-5276 (Versions of the package mcp-markdownify-server before 1.0.0 are 
vulner ...)
@@ -367946,17 +368284,17 @@ CVE-2023-2380 (A vulnerability, which was 
classified as problematic, was found i
        NOT-FOR-US: Netgear
 CVE-2023-2379 (A vulnerability classified as critical has been found in 
Ubiquiti Edge ...)
        NOT-FOR-US: Ubiquiti
-CVE-2023-2378 (A vulnerability was found in Ubiquiti EdgeRouter X up to 
2.0.9-hotfix. ...)
+CVE-2023-2378 (A flaw has been found in Ubiquiti EdgeRouter X up to 
2.0.9-hotfix.6. T ...)
        NOT-FOR-US: Ubiquiti
-CVE-2023-2377 (A vulnerability was found in Ubiquiti EdgeRouter X up to 
2.0.9-hotfix. ...)
+CVE-2023-2377 (A vulnerability was detected in Ubiquiti EdgeRouter X up to 
2.0.9-hotf ...)
        NOT-FOR-US: Ubiquiti
-CVE-2023-2376 (A vulnerability was found in Ubiquiti EdgeRouter X up to 
2.0.9-hotfix. ...)
+CVE-2023-2376 (A security vulnerability has been detected in Ubiquiti 
EdgeRouter X up ...)
        NOT-FOR-US: Ubiquiti
-CVE-2023-2375 (A vulnerability was found in Ubiquiti EdgeRouter X up to 
2.0.9-hotfix. ...)
+CVE-2023-2375 (A weakness has been identified in Ubiquiti EdgeRouter X up to 
2.0.9-ho ...)
        NOT-FOR-US: Ubiquiti
-CVE-2023-2374 (A vulnerability has been found in Ubiquiti EdgeRouter X up to 
2.0.9-ho ...)
+CVE-2023-2374 (A security flaw has been discovered in Ubiquiti EdgeRouter X up 
to 2.0 ...)
        NOT-FOR-US: Ubiquiti
-CVE-2023-2373 (A vulnerability, which was classified as critical, was found in 
Ubiqui ...)
+CVE-2023-2373 (A vulnerability was identified in Ubiquiti EdgeRouter X up to 
2.0.9-ho ...)
        NOT-FOR-US: Ubiquiti
 CVE-2023-2372 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: SourceCodester Online DJ Management System



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef2ee18e6b66c086cd674ee19472afc8d09961ea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef2ee18e6b66c086cd674ee19472afc8d09961ea
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to